You've already forked AstralRinth
forked from didirus/AstralRinth
Fix users not being able to see their own unapproved mods
This commit is contained in:
@@ -213,6 +213,31 @@ impl User {
|
||||
Ok(mods)
|
||||
}
|
||||
|
||||
pub async fn get_mods_private<'a, E>(
|
||||
user_id: UserId,
|
||||
exec: E,
|
||||
) -> Result<Vec<ModId>, sqlx::Error>
|
||||
where
|
||||
E: sqlx::Executor<'a, Database = sqlx::Postgres> + Copy,
|
||||
{
|
||||
use futures::stream::TryStreamExt;
|
||||
|
||||
let mods = sqlx::query!(
|
||||
"
|
||||
SELECT m.id FROM mods m
|
||||
INNER JOIN team_members tm ON tm.team_id = m.team_id
|
||||
WHERE tm.user_id = $1
|
||||
",
|
||||
user_id as UserId,
|
||||
)
|
||||
.fetch_many(exec)
|
||||
.try_filter_map(|e| async { Ok(e.right().map(|m| ModId(m.id))) })
|
||||
.try_collect::<Vec<ModId>>()
|
||||
.await?;
|
||||
|
||||
Ok(mods)
|
||||
}
|
||||
|
||||
pub async fn remove<'a, 'b, E>(id: UserId, exec: E) -> Result<Option<()>, sqlx::error::Error>
|
||||
where
|
||||
E: sqlx::Executor<'a, Database = sqlx::Postgres> + Copy,
|
||||
|
||||
@@ -122,10 +122,13 @@ fn convert_user(data: crate::database::models::user_item::User) -> crate::models
|
||||
|
||||
#[get("{user_id}/mods")]
|
||||
pub async fn mods_list(
|
||||
req: HttpRequest,
|
||||
info: web::Path<(UserId,)>,
|
||||
pool: web::Data<PgPool>,
|
||||
) -> Result<HttpResponse, ApiError> {
|
||||
let id = info.into_inner().0.into();
|
||||
let user = get_user_from_headers(req.headers(), &**pool).await.ok();
|
||||
|
||||
let id: crate::database::models::UserId = info.into_inner().0.into();
|
||||
|
||||
let user_exists = sqlx::query!(
|
||||
"SELECT EXISTS(SELECT 1 FROM users WHERE id = $1)",
|
||||
@@ -137,9 +140,23 @@ pub async fn mods_list(
|
||||
.exists;
|
||||
|
||||
if user_exists.unwrap_or(false) {
|
||||
let mod_data = User::get_mods(id, ModStatus::Approved.as_str(), &**pool)
|
||||
.await
|
||||
.map_err(|e| ApiError::DatabaseError(e.into()))?;
|
||||
let user_id: UserId = id.into();
|
||||
|
||||
let mod_data = if let Some(current_user) = user {
|
||||
if current_user.role.is_mod() || current_user.id == user_id {
|
||||
User::get_mods_private(id, &**pool)
|
||||
.await
|
||||
.map_err(|e| ApiError::DatabaseError(e.into()))?
|
||||
} else {
|
||||
User::get_mods(id, ModStatus::Approved.as_str(), &**pool)
|
||||
.await
|
||||
.map_err(|e| ApiError::DatabaseError(e.into()))?
|
||||
}
|
||||
} else {
|
||||
User::get_mods(id, ModStatus::Approved.as_str(), &**pool)
|
||||
.await
|
||||
.map_err(|e| ApiError::DatabaseError(e.into()))?
|
||||
};
|
||||
|
||||
let response = mod_data
|
||||
.into_iter()
|
||||
|
||||
Reference in New Issue
Block a user