You've already forked AstralRinth
forked from didirus/AstralRinth
Organizations (#712)
* untested, unformatted, un-refactored * minor simplification * simplification fix * refactoring, changes * some fixes * fixes, refactoring * missed cache * revs * revs - more! * removed donation links; added all org members to route * renamed slug to title --------- Co-authored-by: Geometrically <18202329+Geometrically@users.noreply.github.com>
This commit is contained in:
Wyatt Verchere
@@ -1,3 +1,4 @@
|
||||
use super::ApiError;
|
||||
use actix_web::{get, web, HttpRequest, HttpResponse};
|
||||
use chrono::{Duration, NaiveDate, Utc};
|
||||
use serde::{Deserialize, Serialize};
|
||||
@@ -17,8 +18,6 @@ use crate::{
|
||||
queue::session::AuthQueue,
|
||||
};
|
||||
|
||||
use super::ApiError;
|
||||
|
||||
pub fn config(cfg: &mut web::ServiceConfig) {
|
||||
cfg.service(
|
||||
web::scope("analytics")
|
||||
|
||||
@@ -4,6 +4,7 @@ mod collections;
|
||||
mod images;
|
||||
mod moderation;
|
||||
mod notifications;
|
||||
mod organizations;
|
||||
pub(crate) mod project_creation;
|
||||
mod projects;
|
||||
mod reports;
|
||||
@@ -30,6 +31,7 @@ pub fn config(cfg: &mut actix_web::web::ServiceConfig) {
|
||||
.configure(crate::auth::pats::config)
|
||||
.configure(moderation::config)
|
||||
.configure(notifications::config)
|
||||
.configure(organizations::config)
|
||||
//.configure(pats::config)
|
||||
.configure(project_creation::config)
|
||||
.configure(collections::config)
|
||||
|
||||
924
src/routes/v2/organizations.rs
Normal file
924
src/routes/v2/organizations.rs
Normal file
@@ -0,0 +1,924 @@
|
||||
use std::collections::HashMap;
|
||||
use std::sync::Arc;
|
||||
|
||||
use crate::auth::{filter_authorized_projects, get_user_from_headers};
|
||||
use crate::database::models::team_item::TeamMember;
|
||||
use crate::database::models::{generate_organization_id, team_item, Organization};
|
||||
use crate::file_hosting::FileHost;
|
||||
use crate::models::ids::base62_impl::parse_base62;
|
||||
use crate::models::organizations::OrganizationId;
|
||||
use crate::models::pats::Scopes;
|
||||
use crate::models::teams::{OrganizationPermissions, ProjectPermissions};
|
||||
use crate::queue::session::AuthQueue;
|
||||
use crate::routes::v2::project_creation::CreateError;
|
||||
use crate::routes::ApiError;
|
||||
use crate::util::routes::read_from_payload;
|
||||
use crate::util::validate::validation_errors_to_string;
|
||||
use crate::{database, models};
|
||||
use actix_web::{delete, get, patch, post, web, HttpRequest, HttpResponse};
|
||||
use rust_decimal::Decimal;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use sqlx::PgPool;
|
||||
use validator::Validate;
|
||||
|
||||
pub fn config(cfg: &mut web::ServiceConfig) {
|
||||
cfg.service(organizations_get).service(organization_create);
|
||||
cfg.service(
|
||||
web::scope("organization")
|
||||
.service(organization_get)
|
||||
.service(organizations_edit)
|
||||
.service(organization_delete)
|
||||
.service(organization_projects_get)
|
||||
.service(organization_projects_add)
|
||||
.service(organization_projects_remove)
|
||||
.service(organization_icon_edit)
|
||||
.service(delete_organization_icon)
|
||||
.service(super::teams::team_members_get_organization),
|
||||
);
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Validate)]
|
||||
pub struct NewOrganization {
|
||||
#[validate(length(min = 3, max = 256))]
|
||||
pub description: String,
|
||||
#[validate(
|
||||
length(min = 3, max = 64),
|
||||
regex = "crate::util::validate::RE_URL_SAFE"
|
||||
)]
|
||||
// Title of the organization, also used as slug
|
||||
pub title: String,
|
||||
#[serde(default = "crate::models::teams::ProjectPermissions::default")]
|
||||
pub default_project_permissions: ProjectPermissions,
|
||||
}
|
||||
|
||||
#[post("organization")]
|
||||
pub async fn organization_create(
|
||||
req: HttpRequest,
|
||||
new_organization: web::Json<NewOrganization>,
|
||||
pool: web::Data<PgPool>,
|
||||
redis: web::Data<deadpool_redis::Pool>,
|
||||
session_queue: web::Data<AuthQueue>,
|
||||
) -> Result<HttpResponse, CreateError> {
|
||||
let current_user = get_user_from_headers(
|
||||
&req,
|
||||
&**pool,
|
||||
&redis,
|
||||
&session_queue,
|
||||
Some(&[Scopes::ORGANIZATION_CREATE]),
|
||||
)
|
||||
.await?
|
||||
.1;
|
||||
|
||||
new_organization
|
||||
.validate()
|
||||
.map_err(|err| CreateError::ValidationError(validation_errors_to_string(err, None)))?;
|
||||
|
||||
let mut transaction = pool.begin().await?;
|
||||
|
||||
// Try title
|
||||
let title_organization_id_option: Option<OrganizationId> =
|
||||
serde_json::from_str(&format!("\"{}\"", new_organization.title)).ok();
|
||||
let mut organization_strings = vec![];
|
||||
if let Some(title_organization_id) = title_organization_id_option {
|
||||
organization_strings.push(title_organization_id.to_string());
|
||||
}
|
||||
organization_strings.push(new_organization.title.clone());
|
||||
let results = Organization::get_many(&organization_strings, &mut *transaction, &redis).await?;
|
||||
if !results.is_empty() {
|
||||
return Err(CreateError::SlugCollision);
|
||||
}
|
||||
|
||||
let organization_id = generate_organization_id(&mut transaction).await?;
|
||||
|
||||
// Create organization managerial team
|
||||
let team = team_item::TeamBuilder {
|
||||
members: vec![team_item::TeamMemberBuilder {
|
||||
user_id: current_user.id.into(),
|
||||
role: crate::models::teams::OWNER_ROLE.to_owned(),
|
||||
permissions: ProjectPermissions::ALL,
|
||||
organization_permissions: Some(OrganizationPermissions::ALL),
|
||||
accepted: true,
|
||||
payouts_split: Decimal::ONE_HUNDRED,
|
||||
ordering: 0,
|
||||
}],
|
||||
};
|
||||
let team_id = team.insert(&mut transaction).await?;
|
||||
|
||||
// Create organization
|
||||
let organization = Organization {
|
||||
id: organization_id,
|
||||
title: new_organization.title.clone(),
|
||||
description: new_organization.description.clone(),
|
||||
team_id,
|
||||
icon_url: None,
|
||||
color: None,
|
||||
};
|
||||
organization.clone().insert(&mut transaction).await?;
|
||||
transaction.commit().await?;
|
||||
|
||||
// Only member is the owner, the logged in one
|
||||
let member_data = TeamMember::get_from_team_full(team_id, &**pool, &redis)
|
||||
.await?
|
||||
.into_iter()
|
||||
.next();
|
||||
let members_data = if let Some(member_data) = member_data {
|
||||
vec![crate::models::teams::TeamMember::from_model(
|
||||
member_data,
|
||||
current_user.clone(),
|
||||
false,
|
||||
)]
|
||||
} else {
|
||||
return Err(CreateError::InvalidInput(
|
||||
"Failed to get created team.".to_owned(), // should never happen
|
||||
));
|
||||
};
|
||||
|
||||
let organization = models::organizations::Organization::from(organization, members_data);
|
||||
|
||||
Ok(HttpResponse::Ok().json(organization))
|
||||
}
|
||||
|
||||
#[get("{id}")]
|
||||
pub async fn organization_get(
|
||||
req: HttpRequest,
|
||||
info: web::Path<(String,)>,
|
||||
pool: web::Data<PgPool>,
|
||||
redis: web::Data<deadpool_redis::Pool>,
|
||||
session_queue: web::Data<AuthQueue>,
|
||||
) -> Result<HttpResponse, ApiError> {
|
||||
let id = info.into_inner().0;
|
||||
let current_user = get_user_from_headers(
|
||||
&req,
|
||||
&**pool,
|
||||
&redis,
|
||||
&session_queue,
|
||||
Some(&[Scopes::ORGANIZATION_READ]),
|
||||
)
|
||||
.await
|
||||
.map(|x| x.1)
|
||||
.ok();
|
||||
let user_id = current_user.as_ref().map(|x| x.id.into());
|
||||
|
||||
let organization_data = Organization::get(&id, &**pool, &redis).await?;
|
||||
if let Some(data) = organization_data {
|
||||
let members_data = TeamMember::get_from_team_full(data.team_id, &**pool, &redis).await?;
|
||||
|
||||
let users = crate::database::models::User::get_many_ids(
|
||||
&members_data.iter().map(|x| x.user_id).collect::<Vec<_>>(),
|
||||
&**pool,
|
||||
&redis,
|
||||
)
|
||||
.await?;
|
||||
let logged_in = current_user
|
||||
.as_ref()
|
||||
.and_then(|user| {
|
||||
members_data
|
||||
.iter()
|
||||
.find(|x| x.user_id == user.id.into() && x.accepted)
|
||||
})
|
||||
.is_some();
|
||||
let team_members: Vec<_> = members_data
|
||||
.into_iter()
|
||||
.filter(|x| {
|
||||
logged_in
|
||||
|| x.accepted
|
||||
|| user_id
|
||||
.map(|y: crate::database::models::UserId| y == x.user_id)
|
||||
.unwrap_or(false)
|
||||
})
|
||||
.flat_map(|data| {
|
||||
users.iter().find(|x| x.id == data.user_id).map(|user| {
|
||||
crate::models::teams::TeamMember::from(data, user.clone(), !logged_in)
|
||||
})
|
||||
})
|
||||
.collect();
|
||||
|
||||
let organization = models::organizations::Organization::from(data, team_members);
|
||||
return Ok(HttpResponse::Ok().json(organization));
|
||||
}
|
||||
Ok(HttpResponse::NotFound().body(""))
|
||||
}
|
||||
|
||||
#[derive(Deserialize)]
|
||||
pub struct OrganizationIds {
|
||||
pub ids: String,
|
||||
}
|
||||
#[get("organizations")]
|
||||
pub async fn organizations_get(
|
||||
req: HttpRequest,
|
||||
web::Query(ids): web::Query<OrganizationIds>,
|
||||
pool: web::Data<PgPool>,
|
||||
redis: web::Data<deadpool_redis::Pool>,
|
||||
session_queue: web::Data<AuthQueue>,
|
||||
) -> Result<HttpResponse, ApiError> {
|
||||
let ids = serde_json::from_str::<Vec<&str>>(&ids.ids)?;
|
||||
let organizations_data = Organization::get_many(&ids, &**pool, &redis).await?;
|
||||
let team_ids = organizations_data
|
||||
.iter()
|
||||
.map(|x| x.team_id)
|
||||
.collect::<Vec<_>>();
|
||||
|
||||
let teams_data = TeamMember::get_from_team_full_many(&team_ids, &**pool, &redis).await?;
|
||||
let users = crate::database::models::User::get_many_ids(
|
||||
&teams_data.iter().map(|x| x.user_id).collect::<Vec<_>>(),
|
||||
&**pool,
|
||||
&redis,
|
||||
)
|
||||
.await?;
|
||||
|
||||
let current_user = get_user_from_headers(
|
||||
&req,
|
||||
&**pool,
|
||||
&redis,
|
||||
&session_queue,
|
||||
Some(&[Scopes::ORGANIZATION_READ]),
|
||||
)
|
||||
.await
|
||||
.map(|x| x.1)
|
||||
.ok();
|
||||
let user_id = current_user.as_ref().map(|x| x.id.into());
|
||||
|
||||
let mut organizations = vec![];
|
||||
|
||||
let mut team_groups = HashMap::new();
|
||||
for item in teams_data {
|
||||
team_groups.entry(item.team_id).or_insert(vec![]).push(item);
|
||||
}
|
||||
|
||||
for data in organizations_data {
|
||||
let members_data = team_groups.remove(&data.team_id).unwrap_or(vec![]);
|
||||
let logged_in = current_user
|
||||
.as_ref()
|
||||
.and_then(|user| {
|
||||
members_data
|
||||
.iter()
|
||||
.find(|x| x.user_id == user.id.into() && x.accepted)
|
||||
})
|
||||
.is_some();
|
||||
|
||||
let team_members: Vec<_> = members_data
|
||||
.into_iter()
|
||||
.filter(|x| {
|
||||
logged_in
|
||||
|| x.accepted
|
||||
|| user_id
|
||||
.map(|y: crate::database::models::UserId| y == x.user_id)
|
||||
.unwrap_or(false)
|
||||
})
|
||||
.flat_map(|data| {
|
||||
users.iter().find(|x| x.id == data.user_id).map(|user| {
|
||||
crate::models::teams::TeamMember::from(data, user.clone(), !logged_in)
|
||||
})
|
||||
})
|
||||
.collect();
|
||||
|
||||
let organization = models::organizations::Organization::from(data, team_members);
|
||||
organizations.push(organization);
|
||||
}
|
||||
|
||||
Ok(HttpResponse::Ok().json(organizations))
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, Validate)]
|
||||
pub struct OrganizationEdit {
|
||||
#[validate(length(min = 3, max = 256))]
|
||||
pub description: Option<String>,
|
||||
#[validate(
|
||||
length(min = 3, max = 64),
|
||||
regex = "crate::util::validate::RE_URL_SAFE"
|
||||
)]
|
||||
// Title of the organization, also used as slug
|
||||
pub title: Option<String>,
|
||||
pub default_project_permissions: Option<ProjectPermissions>,
|
||||
}
|
||||
|
||||
#[patch("{id}")]
|
||||
pub async fn organizations_edit(
|
||||
req: HttpRequest,
|
||||
info: web::Path<(String,)>,
|
||||
new_organization: web::Json<OrganizationEdit>,
|
||||
pool: web::Data<PgPool>,
|
||||
redis: web::Data<deadpool_redis::Pool>,
|
||||
session_queue: web::Data<AuthQueue>,
|
||||
) -> Result<HttpResponse, ApiError> {
|
||||
let user = get_user_from_headers(
|
||||
&req,
|
||||
&**pool,
|
||||
&redis,
|
||||
&session_queue,
|
||||
Some(&[Scopes::ORGANIZATION_WRITE]),
|
||||
)
|
||||
.await?
|
||||
.1;
|
||||
|
||||
new_organization
|
||||
.validate()
|
||||
.map_err(|err| ApiError::Validation(validation_errors_to_string(err, None)))?;
|
||||
|
||||
let string = info.into_inner().0;
|
||||
let result = database::models::Organization::get(&string, &**pool, &redis).await?;
|
||||
if let Some(organization_item) = result {
|
||||
let id = organization_item.id;
|
||||
|
||||
let team_member = database::models::TeamMember::get_from_user_id(
|
||||
organization_item.team_id,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await?;
|
||||
|
||||
let permissions =
|
||||
OrganizationPermissions::get_permissions_by_role(&user.role, &team_member);
|
||||
|
||||
if let Some(perms) = permissions {
|
||||
let mut transaction = pool.begin().await?;
|
||||
if let Some(description) = &new_organization.description {
|
||||
if !perms.contains(OrganizationPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the description of this organization!"
|
||||
.to_string(),
|
||||
));
|
||||
}
|
||||
sqlx::query!(
|
||||
"
|
||||
UPDATE organizations
|
||||
SET description = $1
|
||||
WHERE (id = $2)
|
||||
",
|
||||
description,
|
||||
id as database::models::ids::OrganizationId,
|
||||
)
|
||||
.execute(&mut *transaction)
|
||||
.await?;
|
||||
}
|
||||
|
||||
if let Some(title) = &new_organization.title {
|
||||
if !perms.contains(OrganizationPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the title of this organization!"
|
||||
.to_string(),
|
||||
));
|
||||
}
|
||||
|
||||
let title_organization_id_option: Option<u64> = parse_base62(title).ok();
|
||||
if let Some(title_organization_id) = title_organization_id_option {
|
||||
let results = sqlx::query!(
|
||||
"
|
||||
SELECT EXISTS(SELECT 1 FROM organizations WHERE id=$1)
|
||||
",
|
||||
title_organization_id as i64
|
||||
)
|
||||
.fetch_one(&mut *transaction)
|
||||
.await?;
|
||||
|
||||
if results.exists.unwrap_or(true) {
|
||||
return Err(ApiError::InvalidInput(
|
||||
"Title collides with other organization's id!".to_string(),
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
// Make sure the new title is different from the old one
|
||||
// We are able to unwrap here because the title is always set
|
||||
if !title.eq(&organization_item.title.clone()) {
|
||||
let results = sqlx::query!(
|
||||
"
|
||||
SELECT EXISTS(SELECT 1 FROM organizations WHERE title = LOWER($1))
|
||||
",
|
||||
title
|
||||
)
|
||||
.fetch_one(&mut *transaction)
|
||||
.await?;
|
||||
|
||||
if results.exists.unwrap_or(true) {
|
||||
return Err(ApiError::InvalidInput(
|
||||
"Title collides with other organization's id!".to_string(),
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
sqlx::query!(
|
||||
"
|
||||
UPDATE organizations
|
||||
SET title = LOWER($1)
|
||||
WHERE (id = $2)
|
||||
",
|
||||
Some(title),
|
||||
id as database::models::ids::OrganizationId,
|
||||
)
|
||||
.execute(&mut *transaction)
|
||||
.await?;
|
||||
}
|
||||
|
||||
database::models::Organization::clear_cache(
|
||||
organization_item.id,
|
||||
Some(organization_item.title),
|
||||
&redis,
|
||||
)
|
||||
.await?;
|
||||
|
||||
transaction.commit().await?;
|
||||
Ok(HttpResponse::NoContent().body(""))
|
||||
} else {
|
||||
Err(ApiError::CustomAuthentication(
|
||||
"You do not have permission to edit this organization!".to_string(),
|
||||
))
|
||||
}
|
||||
} else {
|
||||
Ok(HttpResponse::NotFound().body(""))
|
||||
}
|
||||
}
|
||||
|
||||
#[delete("{id}")]
|
||||
pub async fn organization_delete(
|
||||
req: HttpRequest,
|
||||
info: web::Path<(String,)>,
|
||||
pool: web::Data<PgPool>,
|
||||
redis: web::Data<deadpool_redis::Pool>,
|
||||
session_queue: web::Data<AuthQueue>,
|
||||
) -> Result<HttpResponse, ApiError> {
|
||||
let user = get_user_from_headers(
|
||||
&req,
|
||||
&**pool,
|
||||
&redis,
|
||||
&session_queue,
|
||||
Some(&[Scopes::ORGANIZATION_DELETE]),
|
||||
)
|
||||
.await?
|
||||
.1;
|
||||
let string = info.into_inner().0;
|
||||
|
||||
let organization = database::models::Organization::get(&string, &**pool, &redis)
|
||||
.await?
|
||||
.ok_or_else(|| {
|
||||
ApiError::InvalidInput("The specified organization does not exist!".to_string())
|
||||
})?;
|
||||
|
||||
if !user.role.is_admin() {
|
||||
let team_member = database::models::TeamMember::get_from_user_id_organization(
|
||||
organization.id,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await
|
||||
.map_err(ApiError::Database)?
|
||||
.ok_or_else(|| {
|
||||
ApiError::InvalidInput("The specified organization does not exist!".to_string())
|
||||
})?;
|
||||
|
||||
let permissions =
|
||||
OrganizationPermissions::get_permissions_by_role(&user.role, &Some(team_member))
|
||||
.unwrap_or_default();
|
||||
|
||||
if !permissions.contains(OrganizationPermissions::DELETE_ORGANIZATION) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You don't have permission to delete this organization!".to_string(),
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
let mut transaction = pool.begin().await?;
|
||||
let result =
|
||||
database::models::Organization::remove(organization.id, &mut transaction, &redis).await?;
|
||||
|
||||
transaction.commit().await?;
|
||||
|
||||
database::models::Organization::clear_cache(organization.id, Some(organization.title), &redis)
|
||||
.await?;
|
||||
|
||||
if result.is_some() {
|
||||
Ok(HttpResponse::NoContent().body(""))
|
||||
} else {
|
||||
Ok(HttpResponse::NotFound().body(""))
|
||||
}
|
||||
}
|
||||
|
||||
#[get("{id}/projects")]
|
||||
pub async fn organization_projects_get(
|
||||
req: HttpRequest,
|
||||
info: web::Path<(String,)>,
|
||||
pool: web::Data<PgPool>,
|
||||
redis: web::Data<deadpool_redis::Pool>,
|
||||
session_queue: web::Data<AuthQueue>,
|
||||
) -> Result<HttpResponse, ApiError> {
|
||||
let info = info.into_inner().0;
|
||||
let current_user = get_user_from_headers(
|
||||
&req,
|
||||
&**pool,
|
||||
&redis,
|
||||
&session_queue,
|
||||
Some(&[Scopes::ORGANIZATION_READ]),
|
||||
)
|
||||
.await
|
||||
.map(|x| x.1)
|
||||
.ok();
|
||||
|
||||
let possible_organization_id: Option<u64> = parse_base62(&info).ok();
|
||||
use futures::TryStreamExt;
|
||||
|
||||
let project_ids = sqlx::query!(
|
||||
"
|
||||
SELECT m.id FROM organizations o
|
||||
LEFT JOIN mods m ON m.id = o.id
|
||||
WHERE (o.id = $1 AND $1 IS NOT NULL) OR (o.title = $2 AND $2 IS NOT NULL)
|
||||
",
|
||||
possible_organization_id.map(|x| x as i64),
|
||||
info
|
||||
)
|
||||
.fetch_many(&**pool)
|
||||
.try_filter_map(|e| async { Ok(e.right().map(|m| crate::database::models::ProjectId(m.id))) })
|
||||
.try_collect::<Vec<crate::database::models::ProjectId>>()
|
||||
.await?;
|
||||
|
||||
let projects_data =
|
||||
crate::database::models::Project::get_many_ids(&project_ids, &**pool, &redis).await?;
|
||||
|
||||
let projects = filter_authorized_projects(projects_data, ¤t_user, &pool).await?;
|
||||
Ok(HttpResponse::Ok().json(projects))
|
||||
}
|
||||
|
||||
#[derive(Deserialize)]
|
||||
pub struct OrganizationProjectAdd {
|
||||
pub project_id: String, // Also allow title/slug
|
||||
}
|
||||
#[post("{id}/projects")]
|
||||
pub async fn organization_projects_add(
|
||||
req: HttpRequest,
|
||||
info: web::Path<(String,)>,
|
||||
project_info: web::Json<OrganizationProjectAdd>,
|
||||
pool: web::Data<PgPool>,
|
||||
redis: web::Data<deadpool_redis::Pool>,
|
||||
session_queue: web::Data<AuthQueue>,
|
||||
) -> Result<HttpResponse, ApiError> {
|
||||
let info = info.into_inner().0;
|
||||
let current_user = get_user_from_headers(
|
||||
&req,
|
||||
&**pool,
|
||||
&redis,
|
||||
&session_queue,
|
||||
Some(&[Scopes::PROJECT_WRITE, Scopes::ORGANIZATION_WRITE]),
|
||||
)
|
||||
.await?
|
||||
.1;
|
||||
|
||||
let organization = database::models::Organization::get(&info, &**pool, &redis)
|
||||
.await?
|
||||
.ok_or_else(|| {
|
||||
ApiError::InvalidInput("The specified organization does not exist!".to_string())
|
||||
})?;
|
||||
|
||||
let project_item = database::models::Project::get(&project_info.project_id, &**pool, &redis)
|
||||
.await?
|
||||
.ok_or_else(|| {
|
||||
ApiError::InvalidInput("The specified project does not exist!".to_string())
|
||||
})?;
|
||||
if project_item.inner.organization_id.is_some() {
|
||||
return Err(ApiError::InvalidInput(
|
||||
"The specified project is already owned by an organization!".to_string(),
|
||||
));
|
||||
}
|
||||
|
||||
let project_team_member = database::models::TeamMember::get_from_user_id_project(
|
||||
project_item.inner.id,
|
||||
current_user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await?
|
||||
.ok_or_else(|| ApiError::InvalidInput("You are not a member of this project!".to_string()))?;
|
||||
|
||||
let organization_team_member = database::models::TeamMember::get_from_user_id_organization(
|
||||
organization.id,
|
||||
current_user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await?
|
||||
.ok_or_else(|| {
|
||||
ApiError::InvalidInput("You are not a member of this organization!".to_string())
|
||||
})?;
|
||||
|
||||
// Require ownership of a project to add it to an organization
|
||||
if !current_user.role.is_admin()
|
||||
&& !project_team_member
|
||||
.role
|
||||
.eq(crate::models::teams::OWNER_ROLE)
|
||||
{
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You need to be an owner of a project to add it to an organization!".to_string(),
|
||||
));
|
||||
}
|
||||
|
||||
let permissions = OrganizationPermissions::get_permissions_by_role(
|
||||
¤t_user.role,
|
||||
&Some(organization_team_member),
|
||||
)
|
||||
.unwrap_or_default();
|
||||
if permissions.contains(OrganizationPermissions::ADD_PROJECT) {
|
||||
let mut transaction = pool.begin().await?;
|
||||
sqlx::query!(
|
||||
"
|
||||
UPDATE mods
|
||||
SET organization_id = $1
|
||||
WHERE (id = $2)
|
||||
",
|
||||
organization.id as database::models::OrganizationId,
|
||||
project_item.inner.id as database::models::ids::ProjectId
|
||||
)
|
||||
.execute(&mut *transaction)
|
||||
.await?;
|
||||
|
||||
transaction.commit().await?;
|
||||
|
||||
database::models::TeamMember::clear_cache(project_item.inner.team_id, &redis).await?;
|
||||
database::models::Project::clear_cache(
|
||||
project_item.inner.id,
|
||||
project_item.inner.slug,
|
||||
None,
|
||||
&redis,
|
||||
)
|
||||
.await?;
|
||||
} else {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have permission to add projects to this organization!".to_string(),
|
||||
));
|
||||
}
|
||||
Ok(HttpResponse::Ok().finish())
|
||||
}
|
||||
|
||||
#[delete("{organization_id}/projects/{project_id}")]
|
||||
pub async fn organization_projects_remove(
|
||||
req: HttpRequest,
|
||||
info: web::Path<(String, String)>,
|
||||
pool: web::Data<PgPool>,
|
||||
redis: web::Data<deadpool_redis::Pool>,
|
||||
session_queue: web::Data<AuthQueue>,
|
||||
) -> Result<HttpResponse, ApiError> {
|
||||
let (organization_id, project_id) = info.into_inner();
|
||||
let current_user = get_user_from_headers(
|
||||
&req,
|
||||
&**pool,
|
||||
&redis,
|
||||
&session_queue,
|
||||
Some(&[Scopes::PROJECT_WRITE, Scopes::ORGANIZATION_WRITE]),
|
||||
)
|
||||
.await?
|
||||
.1;
|
||||
|
||||
let organization = database::models::Organization::get(&organization_id, &**pool, &redis)
|
||||
.await?
|
||||
.ok_or_else(|| {
|
||||
ApiError::InvalidInput("The specified organization does not exist!".to_string())
|
||||
})?;
|
||||
|
||||
let project_item = database::models::Project::get(&project_id, &**pool, &redis)
|
||||
.await?
|
||||
.ok_or_else(|| {
|
||||
ApiError::InvalidInput("The specified project does not exist!".to_string())
|
||||
})?;
|
||||
|
||||
if !project_item
|
||||
.inner
|
||||
.organization_id
|
||||
.eq(&Some(organization.id))
|
||||
{
|
||||
return Err(ApiError::InvalidInput(
|
||||
"The specified project is not owned by this organization!".to_string(),
|
||||
));
|
||||
}
|
||||
|
||||
let organization_team_member = database::models::TeamMember::get_from_user_id_organization(
|
||||
organization.id,
|
||||
current_user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await?
|
||||
.ok_or_else(|| {
|
||||
ApiError::InvalidInput("You are not a member of this organization!".to_string())
|
||||
})?;
|
||||
|
||||
let permissions = OrganizationPermissions::get_permissions_by_role(
|
||||
¤t_user.role,
|
||||
&Some(organization_team_member),
|
||||
)
|
||||
.unwrap_or_default();
|
||||
if permissions.contains(OrganizationPermissions::REMOVE_PROJECT) {
|
||||
let mut transaction = pool.begin().await?;
|
||||
sqlx::query!(
|
||||
"
|
||||
UPDATE mods
|
||||
SET organization_id = NULL
|
||||
WHERE (id = $1)
|
||||
",
|
||||
project_item.inner.id as database::models::ids::ProjectId
|
||||
)
|
||||
.execute(&mut *transaction)
|
||||
.await?;
|
||||
|
||||
transaction.commit().await?;
|
||||
|
||||
database::models::TeamMember::clear_cache(project_item.inner.team_id, &redis).await?;
|
||||
database::models::Project::clear_cache(
|
||||
project_item.inner.id,
|
||||
project_item.inner.slug,
|
||||
None,
|
||||
&redis,
|
||||
)
|
||||
.await?;
|
||||
} else {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have permission to add projects to this organization!".to_string(),
|
||||
));
|
||||
}
|
||||
Ok(HttpResponse::Ok().finish())
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize)]
|
||||
pub struct Extension {
|
||||
pub ext: String,
|
||||
}
|
||||
|
||||
#[patch("{id}/icon")]
|
||||
#[allow(clippy::too_many_arguments)]
|
||||
pub async fn organization_icon_edit(
|
||||
web::Query(ext): web::Query<Extension>,
|
||||
req: HttpRequest,
|
||||
info: web::Path<(String,)>,
|
||||
pool: web::Data<PgPool>,
|
||||
redis: web::Data<deadpool_redis::Pool>,
|
||||
file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
|
||||
mut payload: web::Payload,
|
||||
session_queue: web::Data<AuthQueue>,
|
||||
) -> Result<HttpResponse, ApiError> {
|
||||
if let Some(content_type) = crate::util::ext::get_image_content_type(&ext.ext) {
|
||||
let cdn_url = dotenvy::var("CDN_URL")?;
|
||||
let user = get_user_from_headers(
|
||||
&req,
|
||||
&**pool,
|
||||
&redis,
|
||||
&session_queue,
|
||||
Some(&[Scopes::ORGANIZATION_WRITE]),
|
||||
)
|
||||
.await?
|
||||
.1;
|
||||
let string = info.into_inner().0;
|
||||
|
||||
let organization_item = database::models::Organization::get(&string, &**pool, &redis)
|
||||
.await?
|
||||
.ok_or_else(|| {
|
||||
ApiError::InvalidInput("The specified organization does not exist!".to_string())
|
||||
})?;
|
||||
|
||||
if !user.role.is_mod() {
|
||||
let team_member = database::models::TeamMember::get_from_user_id(
|
||||
organization_item.team_id,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await
|
||||
.map_err(ApiError::Database)?;
|
||||
|
||||
let permissions =
|
||||
OrganizationPermissions::get_permissions_by_role(&user.role, &team_member)
|
||||
.unwrap_or_default();
|
||||
|
||||
if !permissions.contains(OrganizationPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You don't have permission to edit this organization's icon.".to_string(),
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
if let Some(icon) = organization_item.icon_url {
|
||||
let name = icon.split(&format!("{cdn_url}/")).nth(1);
|
||||
|
||||
if let Some(icon_path) = name {
|
||||
file_host.delete_file_version("", icon_path).await?;
|
||||
}
|
||||
}
|
||||
|
||||
let bytes =
|
||||
read_from_payload(&mut payload, 262144, "Icons must be smaller than 256KiB").await?;
|
||||
|
||||
let color = crate::util::img::get_color_from_img(&bytes)?;
|
||||
|
||||
let hash = sha1::Sha1::from(&bytes).hexdigest();
|
||||
let organization_id: OrganizationId = organization_item.id.into();
|
||||
let upload_data = file_host
|
||||
.upload_file(
|
||||
content_type,
|
||||
&format!("data/{}/{}.{}", organization_id, hash, ext.ext),
|
||||
bytes.freeze(),
|
||||
)
|
||||
.await?;
|
||||
|
||||
let mut transaction = pool.begin().await?;
|
||||
|
||||
sqlx::query!(
|
||||
"
|
||||
UPDATE organizations
|
||||
SET icon_url = $1, color = $2
|
||||
WHERE (id = $3)
|
||||
",
|
||||
format!("{}/{}", cdn_url, upload_data.file_name),
|
||||
color.map(|x| x as i32),
|
||||
organization_item.id as database::models::ids::OrganizationId,
|
||||
)
|
||||
.execute(&mut *transaction)
|
||||
.await?;
|
||||
|
||||
database::models::Organization::clear_cache(
|
||||
organization_item.id,
|
||||
Some(organization_item.title),
|
||||
&redis,
|
||||
)
|
||||
.await?;
|
||||
|
||||
transaction.commit().await?;
|
||||
|
||||
Ok(HttpResponse::NoContent().body(""))
|
||||
} else {
|
||||
Err(ApiError::InvalidInput(format!(
|
||||
"Invalid format for project icon: {}",
|
||||
ext.ext
|
||||
)))
|
||||
}
|
||||
}
|
||||
|
||||
#[delete("{id}/icon")]
|
||||
pub async fn delete_organization_icon(
|
||||
req: HttpRequest,
|
||||
info: web::Path<(String,)>,
|
||||
pool: web::Data<PgPool>,
|
||||
redis: web::Data<deadpool_redis::Pool>,
|
||||
file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
|
||||
session_queue: web::Data<AuthQueue>,
|
||||
) -> Result<HttpResponse, ApiError> {
|
||||
let user = get_user_from_headers(
|
||||
&req,
|
||||
&**pool,
|
||||
&redis,
|
||||
&session_queue,
|
||||
Some(&[Scopes::ORGANIZATION_WRITE]),
|
||||
)
|
||||
.await?
|
||||
.1;
|
||||
let string = info.into_inner().0;
|
||||
|
||||
let organization_item = database::models::Organization::get(&string, &**pool, &redis)
|
||||
.await?
|
||||
.ok_or_else(|| {
|
||||
ApiError::InvalidInput("The specified organization does not exist!".to_string())
|
||||
})?;
|
||||
|
||||
if !user.role.is_mod() {
|
||||
let team_member = database::models::TeamMember::get_from_user_id(
|
||||
organization_item.team_id,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await
|
||||
.map_err(ApiError::Database)?;
|
||||
|
||||
let permissions =
|
||||
OrganizationPermissions::get_permissions_by_role(&user.role, &team_member)
|
||||
.unwrap_or_default();
|
||||
|
||||
if !permissions.contains(OrganizationPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You don't have permission to edit this organization's icon.".to_string(),
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
let cdn_url = dotenvy::var("CDN_URL")?;
|
||||
if let Some(icon) = organization_item.icon_url {
|
||||
let name = icon.split(&format!("{cdn_url}/")).nth(1);
|
||||
|
||||
if let Some(icon_path) = name {
|
||||
file_host.delete_file_version("", icon_path).await?;
|
||||
}
|
||||
}
|
||||
|
||||
let mut transaction = pool.begin().await?;
|
||||
|
||||
sqlx::query!(
|
||||
"
|
||||
UPDATE organizations
|
||||
SET icon_url = NULL, color = NULL
|
||||
WHERE (id = $1)
|
||||
",
|
||||
organization_item.id as database::models::ids::OrganizationId,
|
||||
)
|
||||
.execute(&mut *transaction)
|
||||
.await?;
|
||||
|
||||
database::models::Organization::clear_cache(
|
||||
organization_item.id,
|
||||
Some(organization_item.title),
|
||||
&redis,
|
||||
)
|
||||
.await?;
|
||||
|
||||
transaction.commit().await?;
|
||||
|
||||
Ok(HttpResponse::NoContent().body(""))
|
||||
}
|
||||
@@ -11,6 +11,7 @@ use crate::models::projects::{
|
||||
DonationLink, License, MonetizationStatus, ProjectId, ProjectStatus, SideType, VersionId,
|
||||
VersionStatus,
|
||||
};
|
||||
use crate::models::teams::ProjectPermissions;
|
||||
use crate::models::threads::ThreadType;
|
||||
use crate::models::users::UserId;
|
||||
use crate::queue::session::AuthQueue;
|
||||
@@ -240,6 +241,9 @@ struct ProjectCreateData {
|
||||
#[validate(length(max = 10))]
|
||||
#[serde(default)]
|
||||
pub uploaded_images: Vec<ImageId>,
|
||||
|
||||
/// The id of the organization to create the project in
|
||||
pub organization_id: Option<models::ids::OrganizationId>,
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, Validate, Clone)]
|
||||
@@ -667,7 +671,9 @@ async fn project_create_inner(
|
||||
members: vec![models::team_item::TeamMemberBuilder {
|
||||
user_id: current_user.id.into(),
|
||||
role: crate::models::teams::OWNER_ROLE.to_owned(),
|
||||
permissions: crate::models::teams::Permissions::ALL,
|
||||
// Allow all permissions for project creator, even if attached to a project
|
||||
permissions: ProjectPermissions::all(),
|
||||
organization_permissions: None,
|
||||
accepted: true,
|
||||
payouts_split: Decimal::ONE_HUNDRED,
|
||||
ordering: 0,
|
||||
@@ -745,6 +751,7 @@ async fn project_create_inner(
|
||||
project_id: project_id.into(),
|
||||
project_type_id,
|
||||
team_id,
|
||||
organization_id: project_create_data.organization_id,
|
||||
title: project_create_data.title,
|
||||
description: project_create_data.description,
|
||||
body: project_create_data.body,
|
||||
@@ -834,6 +841,7 @@ async fn project_create_inner(
|
||||
slug: project_builder.slug.clone(),
|
||||
project_type: project_create_data.project_type.clone(),
|
||||
team: team_id.into(),
|
||||
organization: project_create_data.organization_id.map(|x| x.into()),
|
||||
title: project_builder.title.clone(),
|
||||
description: project_builder.description.clone(),
|
||||
body: project_builder.body.clone(),
|
||||
|
||||
@@ -12,7 +12,7 @@ use crate::models::pats::Scopes;
|
||||
use crate::models::projects::{
|
||||
DonationLink, MonetizationStatus, Project, ProjectId, ProjectStatus, SearchRequest, SideType,
|
||||
};
|
||||
use crate::models::teams::Permissions;
|
||||
use crate::models::teams::ProjectPermissions;
|
||||
use crate::models::threads::MessageBody;
|
||||
use crate::queue::session::AuthQueue;
|
||||
use crate::routes::ApiError;
|
||||
@@ -404,20 +404,25 @@ pub async fn project_edit(
|
||||
if let Some(project_item) = result {
|
||||
let id = project_item.inner.id;
|
||||
|
||||
let team_member = database::models::TeamMember::get_from_user_id(
|
||||
project_item.inner.team_id,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await?;
|
||||
let (team_member, organization_team_member) =
|
||||
database::models::TeamMember::get_for_project_permissions(
|
||||
&project_item.inner,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await?;
|
||||
|
||||
let permissions = Permissions::get_permissions_by_role(&user.role, &team_member);
|
||||
let permissions = ProjectPermissions::get_permissions_by_role(
|
||||
&user.role,
|
||||
&team_member,
|
||||
&organization_team_member,
|
||||
);
|
||||
|
||||
if let Some(perms) = permissions {
|
||||
let mut transaction = pool.begin().await?;
|
||||
|
||||
if let Some(title) = &new_project.title {
|
||||
if !perms.contains(Permissions::EDIT_DETAILS) {
|
||||
if !perms.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the title of this project!"
|
||||
.to_string(),
|
||||
@@ -438,7 +443,7 @@ pub async fn project_edit(
|
||||
}
|
||||
|
||||
if let Some(description) = &new_project.description {
|
||||
if !perms.contains(Permissions::EDIT_DETAILS) {
|
||||
if !perms.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the description of this project!"
|
||||
.to_string(),
|
||||
@@ -459,7 +464,7 @@ pub async fn project_edit(
|
||||
}
|
||||
|
||||
if let Some(status) = &new_project.status {
|
||||
if !perms.contains(Permissions::EDIT_DETAILS) {
|
||||
if !perms.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the status of this project!"
|
||||
.to_string(),
|
||||
@@ -624,7 +629,7 @@ pub async fn project_edit(
|
||||
}
|
||||
|
||||
if let Some(requested_status) = &new_project.requested_status {
|
||||
if !perms.contains(Permissions::EDIT_DETAILS) {
|
||||
if !perms.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the requested status of this project!"
|
||||
.to_string(),
|
||||
@@ -653,7 +658,7 @@ pub async fn project_edit(
|
||||
.await?;
|
||||
}
|
||||
|
||||
if perms.contains(Permissions::EDIT_DETAILS) {
|
||||
if perms.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
if new_project.categories.is_some() {
|
||||
sqlx::query!(
|
||||
"
|
||||
@@ -680,7 +685,7 @@ pub async fn project_edit(
|
||||
}
|
||||
|
||||
if let Some(categories) = &new_project.categories {
|
||||
if !perms.contains(Permissions::EDIT_DETAILS) {
|
||||
if !perms.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the categories of this project!"
|
||||
.to_string(),
|
||||
@@ -712,7 +717,7 @@ pub async fn project_edit(
|
||||
}
|
||||
|
||||
if let Some(categories) = &new_project.additional_categories {
|
||||
if !perms.contains(Permissions::EDIT_DETAILS) {
|
||||
if !perms.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the additional categories of this project!"
|
||||
.to_string(),
|
||||
@@ -744,7 +749,7 @@ pub async fn project_edit(
|
||||
}
|
||||
|
||||
if let Some(issues_url) = &new_project.issues_url {
|
||||
if !perms.contains(Permissions::EDIT_DETAILS) {
|
||||
if !perms.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the issues URL of this project!"
|
||||
.to_string(),
|
||||
@@ -765,7 +770,7 @@ pub async fn project_edit(
|
||||
}
|
||||
|
||||
if let Some(source_url) = &new_project.source_url {
|
||||
if !perms.contains(Permissions::EDIT_DETAILS) {
|
||||
if !perms.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the source URL of this project!"
|
||||
.to_string(),
|
||||
@@ -786,7 +791,7 @@ pub async fn project_edit(
|
||||
}
|
||||
|
||||
if let Some(wiki_url) = &new_project.wiki_url {
|
||||
if !perms.contains(Permissions::EDIT_DETAILS) {
|
||||
if !perms.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the wiki URL of this project!"
|
||||
.to_string(),
|
||||
@@ -807,7 +812,7 @@ pub async fn project_edit(
|
||||
}
|
||||
|
||||
if let Some(license_url) = &new_project.license_url {
|
||||
if !perms.contains(Permissions::EDIT_DETAILS) {
|
||||
if !perms.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the license URL of this project!"
|
||||
.to_string(),
|
||||
@@ -828,7 +833,7 @@ pub async fn project_edit(
|
||||
}
|
||||
|
||||
if let Some(discord_url) = &new_project.discord_url {
|
||||
if !perms.contains(Permissions::EDIT_DETAILS) {
|
||||
if !perms.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the discord URL of this project!"
|
||||
.to_string(),
|
||||
@@ -849,7 +854,7 @@ pub async fn project_edit(
|
||||
}
|
||||
|
||||
if let Some(slug) = &new_project.slug {
|
||||
if !perms.contains(Permissions::EDIT_DETAILS) {
|
||||
if !perms.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the slug of this project!"
|
||||
.to_string(),
|
||||
@@ -907,7 +912,7 @@ pub async fn project_edit(
|
||||
}
|
||||
|
||||
if let Some(new_side) = &new_project.client_side {
|
||||
if !perms.contains(Permissions::EDIT_DETAILS) {
|
||||
if !perms.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the side type of this mod!"
|
||||
.to_string(),
|
||||
@@ -935,7 +940,7 @@ pub async fn project_edit(
|
||||
}
|
||||
|
||||
if let Some(new_side) = &new_project.server_side {
|
||||
if !perms.contains(Permissions::EDIT_DETAILS) {
|
||||
if !perms.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the side type of this project!"
|
||||
.to_string(),
|
||||
@@ -963,7 +968,7 @@ pub async fn project_edit(
|
||||
}
|
||||
|
||||
if let Some(license) = &new_project.license_id {
|
||||
if !perms.contains(Permissions::EDIT_DETAILS) {
|
||||
if !perms.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the license of this project!"
|
||||
.to_string(),
|
||||
@@ -994,7 +999,7 @@ pub async fn project_edit(
|
||||
}
|
||||
|
||||
if let Some(donations) = &new_project.donation_urls {
|
||||
if !perms.contains(Permissions::EDIT_DETAILS) {
|
||||
if !perms.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the donation links of this project!"
|
||||
.to_string(),
|
||||
@@ -1086,7 +1091,7 @@ pub async fn project_edit(
|
||||
}
|
||||
|
||||
if let Some(body) = &new_project.body {
|
||||
if !perms.contains(Permissions::EDIT_BODY) {
|
||||
if !perms.contains(ProjectPermissions::EDIT_BODY) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the body of this project!"
|
||||
.to_string(),
|
||||
@@ -1107,7 +1112,7 @@ pub async fn project_edit(
|
||||
}
|
||||
|
||||
if let Some(monetization_status) = &new_project.monetization_status {
|
||||
if !perms.contains(Permissions::EDIT_DETAILS) {
|
||||
if !perms.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit the monetization status of this project!"
|
||||
.to_string(),
|
||||
@@ -1282,6 +1287,24 @@ pub async fn projects_edit(
|
||||
let team_members =
|
||||
database::models::TeamMember::get_from_team_full_many(&team_ids, &**pool, &redis).await?;
|
||||
|
||||
let organization_ids = projects_data
|
||||
.iter()
|
||||
.filter_map(|x| x.inner.organization_id)
|
||||
.collect::<Vec<database::models::OrganizationId>>();
|
||||
let organizations =
|
||||
database::models::Organization::get_many_ids(&organization_ids, &**pool, &redis).await?;
|
||||
|
||||
let organization_team_ids = organizations
|
||||
.iter()
|
||||
.map(|x| x.team_id)
|
||||
.collect::<Vec<database::models::TeamId>>();
|
||||
let organization_team_members = database::models::TeamMember::get_from_team_full_many(
|
||||
&organization_team_ids,
|
||||
&**pool,
|
||||
&redis,
|
||||
)
|
||||
.await?;
|
||||
|
||||
let categories = database::models::categories::Category::list(&**pool, &redis).await?;
|
||||
let donation_platforms =
|
||||
database::models::categories::DonationPlatform::list(&**pool, &redis).await?;
|
||||
@@ -1290,11 +1313,32 @@ pub async fn projects_edit(
|
||||
|
||||
for project in projects_data {
|
||||
if !user.role.is_mod() {
|
||||
if let Some(member) = team_members
|
||||
let team_member = team_members
|
||||
.iter()
|
||||
.find(|x| x.team_id == project.inner.team_id && x.user_id == user.id.into())
|
||||
{
|
||||
if !member.permissions.contains(Permissions::EDIT_DETAILS) {
|
||||
.find(|x| x.team_id == project.inner.team_id && x.user_id == user.id.into());
|
||||
|
||||
let organization = project
|
||||
.inner
|
||||
.organization_id
|
||||
.and_then(|oid| organizations.iter().find(|x| x.id == oid));
|
||||
|
||||
let organization_team_member = if let Some(organization) = organization {
|
||||
organization_team_members
|
||||
.iter()
|
||||
.find(|x| x.team_id == organization.team_id && x.user_id == user.id.into())
|
||||
} else {
|
||||
None
|
||||
};
|
||||
|
||||
let permissions = ProjectPermissions::get_permissions_by_role(
|
||||
&user.role,
|
||||
&team_member.cloned(),
|
||||
&organization_team_member.cloned(),
|
||||
)
|
||||
.unwrap_or_default();
|
||||
|
||||
if team_member.is_some() {
|
||||
if !permissions.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(format!(
|
||||
"You do not have the permissions to bulk edit project {}!",
|
||||
project.inner.title
|
||||
@@ -1608,18 +1652,22 @@ pub async fn project_schedule(
|
||||
let result = database::models::Project::get(&string, &**pool, &redis).await?;
|
||||
|
||||
if let Some(project_item) = result {
|
||||
let team_member = database::models::TeamMember::get_from_user_id(
|
||||
project_item.inner.team_id,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await?;
|
||||
let (team_member, organization_team_member) =
|
||||
database::models::TeamMember::get_for_project_permissions(
|
||||
&project_item.inner,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await?;
|
||||
|
||||
if !user.role.is_mod()
|
||||
&& !team_member
|
||||
.map(|x| x.permissions.contains(Permissions::EDIT_DETAILS))
|
||||
.unwrap_or(false)
|
||||
{
|
||||
let permissions = ProjectPermissions::get_permissions_by_role(
|
||||
&user.role,
|
||||
&team_member.clone(),
|
||||
&organization_team_member.clone(),
|
||||
)
|
||||
.unwrap_or_default();
|
||||
|
||||
if !user.role.is_mod() && !permissions.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have permission to edit this project's scheduling data!".to_string(),
|
||||
));
|
||||
@@ -1701,18 +1749,29 @@ pub async fn project_icon_edit(
|
||||
})?;
|
||||
|
||||
if !user.role.is_mod() {
|
||||
let team_member = database::models::TeamMember::get_from_user_id(
|
||||
project_item.inner.team_id,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await
|
||||
.map_err(ApiError::Database)?
|
||||
.ok_or_else(|| {
|
||||
ApiError::InvalidInput("The specified project does not exist!".to_string())
|
||||
})?;
|
||||
let (team_member, organization_team_member) =
|
||||
database::models::TeamMember::get_for_project_permissions(
|
||||
&project_item.inner,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await?;
|
||||
|
||||
if !team_member.permissions.contains(Permissions::EDIT_DETAILS) {
|
||||
// Hide the project
|
||||
if team_member.is_none() && organization_team_member.is_none() {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"The specified project does not exist!".to_string(),
|
||||
));
|
||||
}
|
||||
|
||||
let permissions = ProjectPermissions::get_permissions_by_role(
|
||||
&user.role,
|
||||
&team_member,
|
||||
&organization_team_member,
|
||||
)
|
||||
.unwrap_or_default();
|
||||
|
||||
if !permissions.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You don't have permission to edit this project's icon.".to_string(),
|
||||
));
|
||||
@@ -1803,18 +1862,28 @@ pub async fn delete_project_icon(
|
||||
})?;
|
||||
|
||||
if !user.role.is_mod() {
|
||||
let team_member = database::models::TeamMember::get_from_user_id(
|
||||
project_item.inner.team_id,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await
|
||||
.map_err(ApiError::Database)?
|
||||
.ok_or_else(|| {
|
||||
ApiError::InvalidInput("The specified project does not exist!".to_string())
|
||||
})?;
|
||||
let (team_member, organization_team_member) =
|
||||
database::models::TeamMember::get_for_project_permissions(
|
||||
&project_item.inner,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await?;
|
||||
|
||||
if !team_member.permissions.contains(Permissions::EDIT_DETAILS) {
|
||||
// Hide the project
|
||||
if team_member.is_none() && organization_team_member.is_none() {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"The specified project does not exist!".to_string(),
|
||||
));
|
||||
}
|
||||
let permissions = ProjectPermissions::get_permissions_by_role(
|
||||
&user.role,
|
||||
&team_member,
|
||||
&organization_team_member,
|
||||
)
|
||||
.unwrap_or_default();
|
||||
|
||||
if !permissions.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You don't have permission to edit this project's icon.".to_string(),
|
||||
));
|
||||
@@ -1908,18 +1977,29 @@ pub async fn add_gallery_item(
|
||||
}
|
||||
|
||||
if !user.role.is_admin() {
|
||||
let team_member = database::models::TeamMember::get_from_user_id(
|
||||
project_item.inner.team_id,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await
|
||||
.map_err(ApiError::Database)?
|
||||
.ok_or_else(|| {
|
||||
ApiError::InvalidInput("The specified project does not exist!".to_string())
|
||||
})?;
|
||||
let (team_member, organization_team_member) =
|
||||
database::models::TeamMember::get_for_project_permissions(
|
||||
&project_item.inner,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await?;
|
||||
|
||||
if !team_member.permissions.contains(Permissions::EDIT_DETAILS) {
|
||||
// Hide the project
|
||||
if team_member.is_none() && organization_team_member.is_none() {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"The specified project does not exist!".to_string(),
|
||||
));
|
||||
}
|
||||
|
||||
let permissions = ProjectPermissions::get_permissions_by_role(
|
||||
&user.role,
|
||||
&team_member,
|
||||
&organization_team_member,
|
||||
)
|
||||
.unwrap_or_default();
|
||||
|
||||
if !permissions.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You don't have permission to edit this project's gallery.".to_string(),
|
||||
));
|
||||
@@ -2050,18 +2130,28 @@ pub async fn edit_gallery_item(
|
||||
})?;
|
||||
|
||||
if !user.role.is_mod() {
|
||||
let team_member = database::models::TeamMember::get_from_user_id(
|
||||
project_item.inner.team_id,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await
|
||||
.map_err(ApiError::Database)?
|
||||
.ok_or_else(|| {
|
||||
ApiError::InvalidInput("The specified project does not exist!".to_string())
|
||||
})?;
|
||||
let (team_member, organization_team_member) =
|
||||
database::models::TeamMember::get_for_project_permissions(
|
||||
&project_item.inner,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await?;
|
||||
|
||||
if !team_member.permissions.contains(Permissions::EDIT_DETAILS) {
|
||||
// Hide the project
|
||||
if team_member.is_none() && organization_team_member.is_none() {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"The specified project does not exist!".to_string(),
|
||||
));
|
||||
}
|
||||
let permissions = ProjectPermissions::get_permissions_by_role(
|
||||
&user.role,
|
||||
&team_member,
|
||||
&organization_team_member,
|
||||
)
|
||||
.unwrap_or_default();
|
||||
|
||||
if !permissions.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You don't have permission to edit this project's gallery.".to_string(),
|
||||
));
|
||||
@@ -2201,18 +2291,29 @@ pub async fn delete_gallery_item(
|
||||
})?;
|
||||
|
||||
if !user.role.is_mod() {
|
||||
let team_member = database::models::TeamMember::get_from_user_id(
|
||||
project_item.inner.team_id,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await
|
||||
.map_err(ApiError::Database)?
|
||||
.ok_or_else(|| {
|
||||
ApiError::InvalidInput("The specified project does not exist!".to_string())
|
||||
})?;
|
||||
let (team_member, organization_team_member) =
|
||||
database::models::TeamMember::get_for_project_permissions(
|
||||
&project_item.inner,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await?;
|
||||
|
||||
if !team_member.permissions.contains(Permissions::EDIT_DETAILS) {
|
||||
// Hide the project
|
||||
if team_member.is_none() && organization_team_member.is_none() {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"The specified project does not exist!".to_string(),
|
||||
));
|
||||
}
|
||||
|
||||
let permissions = ProjectPermissions::get_permissions_by_role(
|
||||
&user.role,
|
||||
&team_member,
|
||||
&organization_team_member,
|
||||
)
|
||||
.unwrap_or_default();
|
||||
|
||||
if !permissions.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You don't have permission to edit this project's gallery.".to_string(),
|
||||
));
|
||||
@@ -2296,21 +2397,29 @@ pub async fn project_delete(
|
||||
})?;
|
||||
|
||||
if !user.role.is_admin() {
|
||||
let team_member = database::models::TeamMember::get_from_user_id_project(
|
||||
project.inner.id,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await
|
||||
.map_err(ApiError::Database)?
|
||||
.ok_or_else(|| {
|
||||
ApiError::InvalidInput("The specified project does not exist!".to_string())
|
||||
})?;
|
||||
let (team_member, organization_team_member) =
|
||||
database::models::TeamMember::get_for_project_permissions(
|
||||
&project.inner,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await?;
|
||||
|
||||
if !team_member
|
||||
.permissions
|
||||
.contains(Permissions::DELETE_PROJECT)
|
||||
{
|
||||
// Hide the project
|
||||
if team_member.is_none() && organization_team_member.is_none() {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"The specified project does not exist!".to_string(),
|
||||
));
|
||||
}
|
||||
|
||||
let permissions = ProjectPermissions::get_permissions_by_role(
|
||||
&user.role,
|
||||
&team_member,
|
||||
&organization_team_member,
|
||||
)
|
||||
.unwrap_or_default();
|
||||
|
||||
if !permissions.contains(ProjectPermissions::DELETE_PROJECT) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You don't have permission to delete this project!".to_string(),
|
||||
));
|
||||
|
||||
@@ -1,10 +1,11 @@
|
||||
use crate::auth::{get_user_from_headers, is_authorized};
|
||||
use crate::database::models::notification_item::NotificationBuilder;
|
||||
use crate::database::models::TeamMember;
|
||||
use crate::models::ids::ProjectId;
|
||||
use crate::database::models::team_item::TeamAssociationId;
|
||||
use crate::database::models::{Organization, Team, TeamMember};
|
||||
use crate::database::Project;
|
||||
use crate::models::notifications::NotificationBody;
|
||||
use crate::models::pats::Scopes;
|
||||
use crate::models::teams::{Permissions, TeamId};
|
||||
use crate::models::teams::{OrganizationPermissions, ProjectPermissions, TeamId};
|
||||
use crate::models::users::UserId;
|
||||
use crate::queue::session::AuthQueue;
|
||||
use crate::routes::ApiError;
|
||||
@@ -27,6 +28,10 @@ pub fn config(cfg: &mut web::ServiceConfig) {
|
||||
);
|
||||
}
|
||||
|
||||
// Returns all members of a project,
|
||||
// including the team members of the project's team, but
|
||||
// also the members of the organization's team if the project is associated with an organization
|
||||
// (Unlike team_members_get_project, which only returns the members of the project's team)
|
||||
#[get("{id}/members")]
|
||||
pub async fn team_members_get_project(
|
||||
req: HttpRequest,
|
||||
@@ -53,9 +58,85 @@ pub async fn team_members_get_project(
|
||||
if !is_authorized(&project.inner, ¤t_user, &pool).await? {
|
||||
return Ok(HttpResponse::NotFound().body(""));
|
||||
}
|
||||
let mut members_data =
|
||||
TeamMember::get_from_team_full(project.inner.team_id, &**pool, &redis).await?;
|
||||
let mut member_user_ids = members_data.iter().map(|x| x.user_id).collect::<Vec<_>>();
|
||||
|
||||
// Adds the organization's team members to the list of members, if the project is associated with an organization
|
||||
if let Some(oid) = project.inner.organization_id {
|
||||
let organization_data = Organization::get_id(oid, &**pool, &redis).await?;
|
||||
if let Some(organization_data) = organization_data {
|
||||
let org_team =
|
||||
TeamMember::get_from_team_full(organization_data.team_id, &**pool, &redis)
|
||||
.await?;
|
||||
for member in org_team {
|
||||
if !member_user_ids.contains(&member.user_id) {
|
||||
member_user_ids.push(member.user_id);
|
||||
members_data.push(member);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
let users =
|
||||
crate::database::models::User::get_many_ids(&member_user_ids, &**pool, &redis).await?;
|
||||
|
||||
let user_id = current_user.as_ref().map(|x| x.id.into());
|
||||
|
||||
let logged_in = current_user
|
||||
.and_then(|user| {
|
||||
members_data
|
||||
.iter()
|
||||
.find(|x| x.user_id == user.id.into() && x.accepted)
|
||||
})
|
||||
.is_some();
|
||||
let team_members: Vec<_> = members_data
|
||||
.into_iter()
|
||||
.filter(|x| {
|
||||
logged_in
|
||||
|| x.accepted
|
||||
|| user_id
|
||||
.map(|y: crate::database::models::UserId| y == x.user_id)
|
||||
.unwrap_or(false)
|
||||
})
|
||||
.flat_map(|data| {
|
||||
users.iter().find(|x| x.id == data.user_id).map(|user| {
|
||||
crate::models::teams::TeamMember::from(data, user.clone(), !logged_in)
|
||||
})
|
||||
})
|
||||
.collect();
|
||||
Ok(HttpResponse::Ok().json(team_members))
|
||||
} else {
|
||||
Ok(HttpResponse::NotFound().body(""))
|
||||
}
|
||||
}
|
||||
|
||||
#[get("{id}/members")]
|
||||
pub async fn team_members_get_organization(
|
||||
req: HttpRequest,
|
||||
info: web::Path<(String,)>,
|
||||
pool: web::Data<PgPool>,
|
||||
redis: web::Data<deadpool_redis::Pool>,
|
||||
session_queue: web::Data<AuthQueue>,
|
||||
) -> Result<HttpResponse, ApiError> {
|
||||
let string = info.into_inner().0;
|
||||
let organization_data =
|
||||
crate::database::models::Organization::get(&string, &**pool, &redis).await?;
|
||||
|
||||
if let Some(organization) = organization_data {
|
||||
let current_user = get_user_from_headers(
|
||||
&req,
|
||||
&**pool,
|
||||
&redis,
|
||||
&session_queue,
|
||||
Some(&[Scopes::ORGANIZATION_READ]),
|
||||
)
|
||||
.await
|
||||
.map(|x| x.1)
|
||||
.ok();
|
||||
|
||||
let members_data =
|
||||
TeamMember::get_from_team_full(project.inner.team_id, &**pool, &redis).await?;
|
||||
TeamMember::get_from_team_full(organization.team_id, &**pool, &redis).await?;
|
||||
let users = crate::database::models::User::get_many_ids(
|
||||
&members_data.iter().map(|x| x.user_id).collect::<Vec<_>>(),
|
||||
&**pool,
|
||||
@@ -95,6 +176,7 @@ pub async fn team_members_get_project(
|
||||
}
|
||||
}
|
||||
|
||||
// Returns all members of a team, but not necessarily those of a project-team's organization (unlike team_members_get_project)
|
||||
#[get("{id}/members")]
|
||||
pub async fn team_members_get(
|
||||
req: HttpRequest,
|
||||
@@ -258,6 +340,7 @@ pub async fn join_team(
|
||||
current_user.id.into(),
|
||||
None,
|
||||
None,
|
||||
None,
|
||||
Some(true),
|
||||
None,
|
||||
None,
|
||||
@@ -290,8 +373,10 @@ pub struct NewTeamMember {
|
||||
pub user_id: UserId,
|
||||
#[serde(default = "default_role")]
|
||||
pub role: String,
|
||||
#[serde(default = "Permissions::default")]
|
||||
pub permissions: Permissions,
|
||||
#[serde(default)]
|
||||
pub permissions: ProjectPermissions,
|
||||
#[serde(default)]
|
||||
pub organization_permissions: Option<OrganizationPermissions>,
|
||||
#[serde(default)]
|
||||
pub payouts_split: Decimal,
|
||||
#[serde(default = "default_ordering")]
|
||||
@@ -320,23 +405,76 @@ pub async fn add_team_member(
|
||||
)
|
||||
.await?
|
||||
.1;
|
||||
let member = TeamMember::get_from_user_id(team_id, current_user.id.into(), &**pool)
|
||||
.await?
|
||||
.ok_or_else(|| {
|
||||
ApiError::CustomAuthentication(
|
||||
"You don't have permission to edit members of this team".to_string(),
|
||||
)
|
||||
})?;
|
||||
|
||||
if !member.permissions.contains(Permissions::MANAGE_INVITES) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You don't have permission to invite users to this team".to_string(),
|
||||
));
|
||||
}
|
||||
if !member.permissions.contains(new_member.permissions) {
|
||||
return Err(ApiError::InvalidInput(
|
||||
"The new member has permissions that you don't have".to_string(),
|
||||
));
|
||||
let team_association = Team::get_association(team_id, &**pool)
|
||||
.await?
|
||||
.ok_or_else(|| ApiError::InvalidInput("The team specified does not exist".to_string()))?;
|
||||
let member = TeamMember::get_from_user_id(team_id, current_user.id.into(), &**pool).await?;
|
||||
|
||||
match team_association {
|
||||
// If team is associated with a project, check if they have permissions to invite users to that project
|
||||
TeamAssociationId::Project(pid) => {
|
||||
let organization =
|
||||
Organization::get_associated_organization_project_id(pid, &**pool).await?;
|
||||
let organization_team_member = if let Some(organization) = &organization {
|
||||
TeamMember::get_from_user_id(organization.team_id, current_user.id.into(), &**pool)
|
||||
.await?
|
||||
} else {
|
||||
None
|
||||
};
|
||||
let permissions = ProjectPermissions::get_permissions_by_role(
|
||||
¤t_user.role,
|
||||
&member,
|
||||
&organization_team_member,
|
||||
)
|
||||
.unwrap_or_default();
|
||||
|
||||
if !permissions.contains(ProjectPermissions::MANAGE_INVITES) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You don't have permission to invite users to this team".to_string(),
|
||||
));
|
||||
}
|
||||
if !permissions.contains(new_member.permissions) {
|
||||
return Err(ApiError::InvalidInput(
|
||||
"The new member has permissions that you don't have".to_string(),
|
||||
));
|
||||
}
|
||||
|
||||
if new_member.organization_permissions.is_some() {
|
||||
return Err(ApiError::InvalidInput(
|
||||
"The organization permissions of a project team member cannot be set"
|
||||
.to_string(),
|
||||
));
|
||||
}
|
||||
}
|
||||
// If team is associated with an organization, check if they have permissions to invite users to that organization
|
||||
TeamAssociationId::Organization(_) => {
|
||||
let organization_permissions =
|
||||
OrganizationPermissions::get_permissions_by_role(¤t_user.role, &member)
|
||||
.unwrap_or_default();
|
||||
println!("{:?}", organization_permissions);
|
||||
if !organization_permissions.contains(OrganizationPermissions::MANAGE_INVITES) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You don't have permission to invite users to this organization".to_string(),
|
||||
));
|
||||
}
|
||||
if !organization_permissions
|
||||
.contains(new_member.organization_permissions.unwrap_or_default())
|
||||
{
|
||||
return Err(ApiError::InvalidInput(
|
||||
"The new member has organization permissions that you don't have".to_string(),
|
||||
));
|
||||
}
|
||||
if !organization_permissions
|
||||
.contains(OrganizationPermissions::EDIT_MEMBER_DEFAULT_PERMISSIONS)
|
||||
&& !new_member.permissions.is_empty()
|
||||
{
|
||||
return Err(ApiError::InvalidInput(
|
||||
"You do not have permission to give this user default project permissions."
|
||||
.to_string(),
|
||||
));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if new_member.role == crate::models::teams::OWNER_ROLE {
|
||||
@@ -365,8 +503,7 @@ pub async fn add_team_member(
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
crate::database::models::User::get_id(member.user_id, &**pool, &redis)
|
||||
crate::database::models::User::get_id(new_member.user_id.into(), &**pool, &redis)
|
||||
.await?
|
||||
.ok_or_else(|| ApiError::InvalidInput("An invalid User ID specified".to_string()))?;
|
||||
|
||||
@@ -377,6 +514,7 @@ pub async fn add_team_member(
|
||||
user_id: new_member.user_id.into(),
|
||||
role: new_member.role.clone(),
|
||||
permissions: new_member.permissions,
|
||||
organization_permissions: new_member.organization_permissions,
|
||||
accepted: false,
|
||||
payouts_split: new_member.payouts_split,
|
||||
ordering: new_member.ordering,
|
||||
@@ -384,27 +522,32 @@ pub async fn add_team_member(
|
||||
.insert(&mut transaction)
|
||||
.await?;
|
||||
|
||||
let result = sqlx::query!(
|
||||
"
|
||||
SELECT m.id
|
||||
FROM mods m
|
||||
WHERE m.team_id = $1
|
||||
",
|
||||
team_id as crate::database::models::ids::TeamId
|
||||
)
|
||||
.fetch_one(&**pool)
|
||||
.await?;
|
||||
|
||||
NotificationBuilder {
|
||||
body: NotificationBody::TeamInvite {
|
||||
project_id: ProjectId(result.id as u64),
|
||||
team_id: team_id.into(),
|
||||
invited_by: current_user.id,
|
||||
role: new_member.role.clone(),
|
||||
},
|
||||
match team_association {
|
||||
TeamAssociationId::Project(pid) => {
|
||||
NotificationBuilder {
|
||||
body: NotificationBody::TeamInvite {
|
||||
project_id: pid.into(),
|
||||
team_id: team_id.into(),
|
||||
invited_by: current_user.id,
|
||||
role: new_member.role.clone(),
|
||||
},
|
||||
}
|
||||
.insert(new_member.user_id.into(), &mut transaction)
|
||||
.await?;
|
||||
}
|
||||
TeamAssociationId::Organization(oid) => {
|
||||
NotificationBuilder {
|
||||
body: NotificationBody::OrganizationInvite {
|
||||
organization_id: oid.into(),
|
||||
team_id: team_id.into(),
|
||||
invited_by: current_user.id,
|
||||
role: new_member.role.clone(),
|
||||
},
|
||||
}
|
||||
.insert(new_member.user_id.into(), &mut transaction)
|
||||
.await?;
|
||||
}
|
||||
}
|
||||
.insert(new_member.user_id.into(), &mut transaction)
|
||||
.await?;
|
||||
|
||||
TeamMember::clear_cache(team_id, &redis).await?;
|
||||
|
||||
@@ -415,7 +558,8 @@ pub async fn add_team_member(
|
||||
|
||||
#[derive(Serialize, Deserialize, Clone)]
|
||||
pub struct EditTeamMember {
|
||||
pub permissions: Option<Permissions>,
|
||||
pub permissions: Option<ProjectPermissions>,
|
||||
pub organization_permissions: Option<OrganizationPermissions>,
|
||||
pub role: Option<String>,
|
||||
pub payouts_split: Option<Decimal>,
|
||||
pub ordering: Option<i64>,
|
||||
@@ -443,13 +587,11 @@ pub async fn edit_team_member(
|
||||
)
|
||||
.await?
|
||||
.1;
|
||||
let member = TeamMember::get_from_user_id(id, current_user.id.into(), &**pool)
|
||||
|
||||
let team_association = Team::get_association(id, &**pool)
|
||||
.await?
|
||||
.ok_or_else(|| {
|
||||
ApiError::CustomAuthentication(
|
||||
"You don't have permission to edit members of this team".to_string(),
|
||||
)
|
||||
})?;
|
||||
.ok_or_else(|| ApiError::InvalidInput("The team specified does not exist".to_string()))?;
|
||||
let member = TeamMember::get_from_user_id(id, current_user.id.into(), &**pool).await?;
|
||||
let edit_member_db = TeamMember::get_from_user_id_pending(id, user_id, &**pool)
|
||||
.await?
|
||||
.ok_or_else(|| {
|
||||
@@ -468,17 +610,72 @@ pub async fn edit_team_member(
|
||||
));
|
||||
}
|
||||
|
||||
if !member.permissions.contains(Permissions::EDIT_MEMBER) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You don't have permission to edit members of this team".to_string(),
|
||||
));
|
||||
}
|
||||
match team_association {
|
||||
TeamAssociationId::Project(project_id) => {
|
||||
let organization =
|
||||
Organization::get_associated_organization_project_id(project_id, &**pool).await?;
|
||||
let organization_team_member = if let Some(organization) = &organization {
|
||||
TeamMember::get_from_user_id(organization.team_id, current_user.id.into(), &**pool)
|
||||
.await?
|
||||
} else {
|
||||
None
|
||||
};
|
||||
let permissions = ProjectPermissions::get_permissions_by_role(
|
||||
¤t_user.role,
|
||||
&member.clone(),
|
||||
&organization_team_member,
|
||||
)
|
||||
.unwrap_or_default();
|
||||
if !permissions.contains(ProjectPermissions::EDIT_MEMBER) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You don't have permission to edit members of this team".to_string(),
|
||||
));
|
||||
}
|
||||
|
||||
if let Some(new_permissions) = edit_member.permissions {
|
||||
if !member.permissions.contains(new_permissions) {
|
||||
return Err(ApiError::InvalidInput(
|
||||
"The new permissions have permissions that you don't have".to_string(),
|
||||
));
|
||||
if let Some(new_permissions) = edit_member.permissions {
|
||||
if !permissions.contains(new_permissions) {
|
||||
return Err(ApiError::InvalidInput(
|
||||
"The new permissions have permissions that you don't have".to_string(),
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
if edit_member.organization_permissions.is_some() {
|
||||
return Err(ApiError::InvalidInput(
|
||||
"The organization permissions of a project team member cannot be edited"
|
||||
.to_string(),
|
||||
));
|
||||
}
|
||||
}
|
||||
TeamAssociationId::Organization(_) => {
|
||||
let organization_permissions =
|
||||
OrganizationPermissions::get_permissions_by_role(¤t_user.role, &member)
|
||||
.unwrap_or_default();
|
||||
|
||||
if !organization_permissions.contains(OrganizationPermissions::EDIT_MEMBER) {
|
||||
return Err(ApiError::InvalidInput(
|
||||
"You don't have permission to edit organization permissions".to_string(),
|
||||
));
|
||||
}
|
||||
|
||||
if let Some(new_permissions) = edit_member.organization_permissions {
|
||||
if !organization_permissions.contains(new_permissions) {
|
||||
return Err(ApiError::InvalidInput(
|
||||
"The new organization permissions have permissions that you don't have"
|
||||
.to_string(),
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
if edit_member.permissions.is_some()
|
||||
&& !organization_permissions
|
||||
.contains(OrganizationPermissions::EDIT_MEMBER_DEFAULT_PERMISSIONS)
|
||||
{
|
||||
return Err(ApiError::InvalidInput(
|
||||
"You do not have permission to give this user default project permissions."
|
||||
.to_string(),
|
||||
));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -500,6 +697,7 @@ pub async fn edit_team_member(
|
||||
id,
|
||||
user_id,
|
||||
edit_member.permissions,
|
||||
edit_member.organization_permissions,
|
||||
edit_member.role.clone(),
|
||||
None,
|
||||
edit_member.payouts_split,
|
||||
@@ -541,6 +739,21 @@ pub async fn transfer_ownership(
|
||||
.await?
|
||||
.1;
|
||||
|
||||
// Forbid transferring ownership of a project team that is owned by an organization
|
||||
// These are owned by the organization owner, and must be removed from the organization first
|
||||
let pid = Team::get_association(id.into(), &**pool).await?;
|
||||
if let Some(TeamAssociationId::Project(pid)) = pid {
|
||||
let result = Project::get_id(pid, &**pool, &redis).await?;
|
||||
if let Some(project_item) = result {
|
||||
if project_item.inner.organization_id.is_some() {
|
||||
return Err(ApiError::InvalidInput(
|
||||
"You cannot transfer ownership of a project team that is owend by an organization"
|
||||
.to_string(),
|
||||
));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if !current_user.role.is_admin() {
|
||||
let member = TeamMember::get_from_user_id(id.into(), current_user.id.into(), &**pool)
|
||||
.await?
|
||||
@@ -575,6 +788,7 @@ pub async fn transfer_ownership(
|
||||
id.into(),
|
||||
current_user.id.into(),
|
||||
None,
|
||||
None,
|
||||
Some(crate::models::teams::DEFAULT_ROLE.to_string()),
|
||||
None,
|
||||
None,
|
||||
@@ -586,7 +800,8 @@ pub async fn transfer_ownership(
|
||||
TeamMember::edit_team_member(
|
||||
id.into(),
|
||||
new_owner.user_id.into(),
|
||||
Some(Permissions::ALL),
|
||||
Some(ProjectPermissions::all()),
|
||||
Some(OrganizationPermissions::all()),
|
||||
Some(crate::models::teams::OWNER_ROLE.to_string()),
|
||||
None,
|
||||
None,
|
||||
@@ -623,13 +838,11 @@ pub async fn remove_team_member(
|
||||
)
|
||||
.await?
|
||||
.1;
|
||||
let member = TeamMember::get_from_user_id(id, current_user.id.into(), &**pool)
|
||||
|
||||
let team_association = Team::get_association(id, &**pool)
|
||||
.await?
|
||||
.ok_or_else(|| {
|
||||
ApiError::CustomAuthentication(
|
||||
"You don't have permission to edit members of this team".to_string(),
|
||||
)
|
||||
})?;
|
||||
.ok_or_else(|| ApiError::InvalidInput("The team specified does not exist".to_string()))?;
|
||||
let member = TeamMember::get_from_user_id(id, current_user.id.into(), &**pool).await?;
|
||||
|
||||
let delete_member = TeamMember::get_from_user_id_pending(id, user_id, &**pool).await?;
|
||||
|
||||
@@ -643,29 +856,101 @@ pub async fn remove_team_member(
|
||||
|
||||
let mut transaction = pool.begin().await?;
|
||||
|
||||
if delete_member.accepted {
|
||||
// Members other than the owner can either leave the team, or be
|
||||
// removed by a member with the REMOVE_MEMBER permission.
|
||||
if delete_member.user_id == member.user_id
|
||||
|| (member.permissions.contains(Permissions::REMOVE_MEMBER) && member.accepted)
|
||||
{
|
||||
TeamMember::delete(id, user_id, &mut transaction).await?;
|
||||
} else {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have permission to remove a member from this team".to_string(),
|
||||
));
|
||||
// Organization attached to a project this team is attached to
|
||||
match team_association {
|
||||
TeamAssociationId::Project(pid) => {
|
||||
let organization =
|
||||
Organization::get_associated_organization_project_id(pid, &**pool).await?;
|
||||
let organization_team_member = if let Some(organization) = &organization {
|
||||
TeamMember::get_from_user_id(
|
||||
organization.team_id,
|
||||
current_user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await?
|
||||
} else {
|
||||
None
|
||||
};
|
||||
let permissions = ProjectPermissions::get_permissions_by_role(
|
||||
¤t_user.role,
|
||||
&member,
|
||||
&organization_team_member,
|
||||
)
|
||||
.unwrap_or_default();
|
||||
|
||||
if delete_member.accepted {
|
||||
// Members other than the owner can either leave the team, or be
|
||||
// removed by a member with the REMOVE_MEMBER permission.
|
||||
if Some(delete_member.user_id) == member.as_ref().map(|m| m.user_id)
|
||||
|| permissions.contains(ProjectPermissions::REMOVE_MEMBER)
|
||||
&& member.as_ref().map(|m| m.accepted).unwrap_or(true)
|
||||
// true as if the permission exists, but the member does not, they are part of an org
|
||||
{
|
||||
TeamMember::delete(id, user_id, &mut transaction).await?;
|
||||
} else {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have permission to remove a member from this team"
|
||||
.to_string(),
|
||||
));
|
||||
}
|
||||
} else if Some(delete_member.user_id) == member.as_ref().map(|m| m.user_id)
|
||||
|| permissions.contains(ProjectPermissions::MANAGE_INVITES)
|
||||
&& member.as_ref().map(|m| m.accepted).unwrap_or(true)
|
||||
// true as if the permission exists, but the member does not, they are part of an org
|
||||
{
|
||||
// This is a pending invite rather than a member, so the
|
||||
// user being invited or team members with the MANAGE_INVITES
|
||||
// permission can remove it.
|
||||
TeamMember::delete(id, user_id, &mut transaction).await?;
|
||||
} else {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have permission to cancel a team invite".to_string(),
|
||||
));
|
||||
}
|
||||
}
|
||||
TeamAssociationId::Organization(_) => {
|
||||
let organization_permissions =
|
||||
OrganizationPermissions::get_permissions_by_role(¤t_user.role, &member)
|
||||
.unwrap_or_default();
|
||||
if let Some(member) = member {
|
||||
// Organization teams requires a TeamMember, so we can 'unwrap'
|
||||
if delete_member.accepted {
|
||||
// Members other than the owner can either leave the team, or be
|
||||
// removed by a member with the REMOVE_MEMBER permission.
|
||||
if delete_member.user_id == member.user_id
|
||||
|| organization_permissions
|
||||
.contains(OrganizationPermissions::REMOVE_MEMBER)
|
||||
&& member.accepted
|
||||
{
|
||||
TeamMember::delete(id, user_id, &mut transaction).await?;
|
||||
} else {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have permission to remove a member from this organization"
|
||||
.to_string(),
|
||||
));
|
||||
}
|
||||
} else if delete_member.user_id == member.user_id
|
||||
|| organization_permissions
|
||||
.contains(OrganizationPermissions::MANAGE_INVITES)
|
||||
&& member.accepted
|
||||
{
|
||||
// This is a pending invite rather than a member, so the
|
||||
// user being invited or team members with the MANAGE_INVITES
|
||||
// permission can remove it.
|
||||
TeamMember::delete(id, user_id, &mut transaction).await?;
|
||||
} else {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have permission to cancel an organization invite"
|
||||
.to_string(),
|
||||
));
|
||||
}
|
||||
} else {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have permission to remove a member from this organization"
|
||||
.to_string(),
|
||||
));
|
||||
}
|
||||
}
|
||||
} else if delete_member.user_id == member.user_id
|
||||
|| (member.permissions.contains(Permissions::MANAGE_INVITES) && member.accepted)
|
||||
{
|
||||
// This is a pending invite rather than a member, so the
|
||||
// user being invited or team members with the MANAGE_INVITES
|
||||
// permission can remove it.
|
||||
TeamMember::delete(id, user_id, &mut transaction).await?;
|
||||
} else {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have permission to cancel a team invite".to_string(),
|
||||
));
|
||||
}
|
||||
|
||||
TeamMember::clear_cache(id, &redis).await?;
|
||||
|
||||
@@ -4,7 +4,7 @@ use crate::database::models::notification_item::NotificationBuilder;
|
||||
use crate::database::models::version_item::{
|
||||
DependencyBuilder, VersionBuilder, VersionFileBuilder,
|
||||
};
|
||||
use crate::database::models::{self, image_item};
|
||||
use crate::database::models::{self, image_item, Organization};
|
||||
use crate::file_hosting::FileHost;
|
||||
use crate::models::images::{Image, ImageContext, ImageId};
|
||||
use crate::models::notifications::NotificationBody;
|
||||
@@ -14,7 +14,7 @@ use crate::models::projects::{
|
||||
Dependency, DependencyType, FileType, GameVersion, Loader, ProjectId, Version, VersionFile,
|
||||
VersionId, VersionStatus, VersionType,
|
||||
};
|
||||
use crate::models::teams::Permissions;
|
||||
use crate::models::teams::ProjectPermissions;
|
||||
use crate::queue::session::AuthQueue;
|
||||
use crate::util::routes::read_from_field;
|
||||
use crate::util::validate::validation_errors_to_string;
|
||||
@@ -215,17 +215,34 @@ async fn version_create_inner(
|
||||
user.id.into(),
|
||||
&mut *transaction,
|
||||
)
|
||||
.await?
|
||||
.ok_or_else(|| {
|
||||
CreateError::CustomAuthenticationError(
|
||||
"You don't have permission to upload this version!".to_string(),
|
||||
)
|
||||
})?;
|
||||
.await?;
|
||||
|
||||
if !team_member
|
||||
.permissions
|
||||
.contains(Permissions::UPLOAD_VERSION)
|
||||
{
|
||||
// Get organization attached, if exists, and the member project permissions
|
||||
let organization = models::Organization::get_associated_organization_project_id(
|
||||
project_id,
|
||||
&mut *transaction,
|
||||
)
|
||||
.await?;
|
||||
|
||||
let organization_team_member = if let Some(organization) = &organization {
|
||||
models::TeamMember::get_from_user_id(
|
||||
organization.team_id,
|
||||
user.id.into(),
|
||||
&mut *transaction,
|
||||
)
|
||||
.await?
|
||||
} else {
|
||||
None
|
||||
};
|
||||
|
||||
let permissions = ProjectPermissions::get_permissions_by_role(
|
||||
&user.role,
|
||||
&team_member,
|
||||
&organization_team_member,
|
||||
)
|
||||
.unwrap_or_default();
|
||||
|
||||
if !permissions.contains(ProjectPermissions::UPLOAD_VERSION) {
|
||||
return Err(CreateError::CustomAuthenticationError(
|
||||
"You don't have permission to upload this version!".to_string(),
|
||||
));
|
||||
@@ -572,17 +589,33 @@ async fn upload_file_to_version_inner(
|
||||
user.id.into(),
|
||||
&mut *transaction,
|
||||
)
|
||||
.await?
|
||||
.ok_or_else(|| {
|
||||
CreateError::CustomAuthenticationError(
|
||||
"You don't have permission to upload files to this version!".to_string(),
|
||||
)
|
||||
})?;
|
||||
.await?;
|
||||
|
||||
if !team_member
|
||||
.permissions
|
||||
.contains(Permissions::UPLOAD_VERSION)
|
||||
{
|
||||
let organization = Organization::get_associated_organization_project_id(
|
||||
version.inner.project_id,
|
||||
&**client,
|
||||
)
|
||||
.await?;
|
||||
|
||||
let organization_team_member = if let Some(organization) = &organization {
|
||||
models::TeamMember::get_from_user_id(
|
||||
organization.team_id,
|
||||
user.id.into(),
|
||||
&mut *transaction,
|
||||
)
|
||||
.await?
|
||||
} else {
|
||||
None
|
||||
};
|
||||
|
||||
let permissions = ProjectPermissions::get_permissions_by_role(
|
||||
&user.role,
|
||||
&team_member,
|
||||
&organization_team_member,
|
||||
)
|
||||
.unwrap_or_default();
|
||||
|
||||
if !permissions.contains(ProjectPermissions::UPLOAD_VERSION) {
|
||||
return Err(CreateError::CustomAuthenticationError(
|
||||
"You don't have permission to upload files to this version!".to_string(),
|
||||
));
|
||||
|
||||
@@ -6,7 +6,7 @@ use crate::auth::{
|
||||
use crate::models::ids::VersionId;
|
||||
use crate::models::pats::Scopes;
|
||||
use crate::models::projects::VersionType;
|
||||
use crate::models::teams::Permissions;
|
||||
use crate::models::teams::ProjectPermissions;
|
||||
use crate::queue::session::AuthQueue;
|
||||
use crate::{database, models};
|
||||
use actix_web::{delete, get, post, web, HttpRequest, HttpResponse};
|
||||
@@ -185,17 +185,36 @@ pub async fn delete_file(
|
||||
&**pool,
|
||||
)
|
||||
.await
|
||||
.map_err(ApiError::Database)?
|
||||
.ok_or_else(|| {
|
||||
ApiError::CustomAuthentication(
|
||||
"You don't have permission to delete this file!".to_string(),
|
||||
)
|
||||
})?;
|
||||
.map_err(ApiError::Database)?;
|
||||
|
||||
if !team_member
|
||||
.permissions
|
||||
.contains(Permissions::DELETE_VERSION)
|
||||
{
|
||||
let organization =
|
||||
database::models::Organization::get_associated_organization_project_id(
|
||||
row.project_id,
|
||||
&**pool,
|
||||
)
|
||||
.await
|
||||
.map_err(ApiError::Database)?;
|
||||
|
||||
let organization_team_member = if let Some(organization) = &organization {
|
||||
database::models::TeamMember::get_from_user_id_organization(
|
||||
organization.id,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await
|
||||
.map_err(ApiError::Database)?
|
||||
} else {
|
||||
None
|
||||
};
|
||||
|
||||
let permissions = ProjectPermissions::get_permissions_by_role(
|
||||
&user.role,
|
||||
&team_member,
|
||||
&organization_team_member,
|
||||
)
|
||||
.unwrap_or_default();
|
||||
|
||||
if !permissions.contains(ProjectPermissions::DELETE_VERSION) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You don't have permission to delete this file!".to_string(),
|
||||
));
|
||||
|
||||
@@ -3,13 +3,13 @@ use crate::auth::{
|
||||
filter_authorized_versions, get_user_from_headers, is_authorized, is_authorized_version,
|
||||
};
|
||||
use crate::database;
|
||||
use crate::database::models::image_item;
|
||||
use crate::database::models::{image_item, Organization};
|
||||
use crate::models;
|
||||
use crate::models::ids::base62_impl::parse_base62;
|
||||
use crate::models::images::ImageContext;
|
||||
use crate::models::pats::Scopes;
|
||||
use crate::models::projects::{Dependency, FileType, VersionStatus, VersionType};
|
||||
use crate::models::teams::Permissions;
|
||||
use crate::models::teams::ProjectPermissions;
|
||||
use crate::queue::session::AuthQueue;
|
||||
use crate::util::img;
|
||||
use crate::util::validate::validation_errors_to_string;
|
||||
@@ -353,10 +353,31 @@ pub async fn version_edit(
|
||||
)
|
||||
.await?;
|
||||
|
||||
let permissions = Permissions::get_permissions_by_role(&user.role, &team_member);
|
||||
let organization = Organization::get_associated_organization_project_id(
|
||||
version_item.inner.project_id,
|
||||
&**pool,
|
||||
)
|
||||
.await?;
|
||||
|
||||
let organization_team_member = if let Some(organization) = &organization {
|
||||
database::models::TeamMember::get_from_user_id(
|
||||
organization.team_id,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await?
|
||||
} else {
|
||||
None
|
||||
};
|
||||
|
||||
let permissions = ProjectPermissions::get_permissions_by_role(
|
||||
&user.role,
|
||||
&team_member,
|
||||
&organization_team_member,
|
||||
);
|
||||
|
||||
if let Some(perms) = permissions {
|
||||
if !perms.contains(Permissions::UPLOAD_VERSION) {
|
||||
if !perms.contains(ProjectPermissions::UPLOAD_VERSION) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have the permissions to edit this version!".to_string(),
|
||||
));
|
||||
@@ -754,11 +775,33 @@ pub async fn version_schedule(
|
||||
)
|
||||
.await?;
|
||||
|
||||
if !user.role.is_mod()
|
||||
&& !team_member
|
||||
.map(|x| x.permissions.contains(Permissions::EDIT_DETAILS))
|
||||
.unwrap_or(false)
|
||||
{
|
||||
let organization_item =
|
||||
database::models::Organization::get_associated_organization_project_id(
|
||||
version_item.inner.project_id,
|
||||
&**pool,
|
||||
)
|
||||
.await
|
||||
.map_err(ApiError::Database)?;
|
||||
|
||||
let organization_team_member = if let Some(organization) = &organization_item {
|
||||
database::models::TeamMember::get_from_user_id(
|
||||
organization.team_id,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await?
|
||||
} else {
|
||||
None
|
||||
};
|
||||
|
||||
let permissions = ProjectPermissions::get_permissions_by_role(
|
||||
&user.role,
|
||||
&team_member,
|
||||
&organization_team_member,
|
||||
)
|
||||
.unwrap_or_default();
|
||||
|
||||
if !user.role.is_mod() && !permissions.contains(ProjectPermissions::EDIT_DETAILS) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have permission to edit this version's scheduling data!".to_string(),
|
||||
));
|
||||
@@ -819,17 +862,30 @@ pub async fn version_delete(
|
||||
&**pool,
|
||||
)
|
||||
.await
|
||||
.map_err(ApiError::Database)?
|
||||
.ok_or_else(|| {
|
||||
ApiError::InvalidInput(
|
||||
"You do not have permission to delete versions in this team".to_string(),
|
||||
)
|
||||
})?;
|
||||
.map_err(ApiError::Database)?;
|
||||
|
||||
if !team_member
|
||||
.permissions
|
||||
.contains(Permissions::DELETE_VERSION)
|
||||
{
|
||||
let organization =
|
||||
Organization::get_associated_organization_project_id(version.inner.project_id, &**pool)
|
||||
.await?;
|
||||
|
||||
let organization_team_member = if let Some(organization) = &organization {
|
||||
database::models::TeamMember::get_from_user_id(
|
||||
organization.team_id,
|
||||
user.id.into(),
|
||||
&**pool,
|
||||
)
|
||||
.await?
|
||||
} else {
|
||||
None
|
||||
};
|
||||
let permissions = ProjectPermissions::get_permissions_by_role(
|
||||
&user.role,
|
||||
&team_member,
|
||||
&organization_team_member,
|
||||
)
|
||||
.unwrap_or_default();
|
||||
|
||||
if !permissions.contains(ProjectPermissions::DELETE_VERSION) {
|
||||
return Err(ApiError::CustomAuthentication(
|
||||
"You do not have permission to delete versions in this team".to_string(),
|
||||
));
|
||||
|
||||
Reference in New Issue
Block a user