Fix access controls (#109)

* Fix access controls

* Remove CF indexing, fix some stuff

src/routes/mods.rs

@@ -11,6 +11,8 @@ use futures::StreamExt;
 use serde::{Deserialize, Serialize};
 use sqlx::PgPool;
 use std::sync::Arc;
+use crate::search::indexing::queue::CreationQueue;
+use actix_web::web::Data;
 
 #[get("mod")]
 pub async fn mod_search(
@@ -58,7 +60,7 @@ pub async fn mods_get(
                         let user_id: database::models::ids::UserId = user.id.into();
 
                         let mod_exists = sqlx::query!(
-                            "SELECT EXISTS(SELECT 1 FROM team_members WHERE id = $1 AND user_id = $2)",
+                            "SELECT EXISTS(SELECT 1 FROM team_members WHERE team_id = $1 AND user_id = $2)",
                             mod_data.inner.team_id as database::models::ids::TeamId,
                             user_id as database::models::ids::UserId,
                         )
@@ -104,7 +106,7 @@ pub async fn mod_slug_get(
                     let user_id: database::models::ids::UserId = user.id.into();
 
                     let mod_exists = sqlx::query!(
-                        "SELECT EXISTS(SELECT 1 FROM team_members WHERE id = $1 AND user_id = $2)",
+                        "SELECT EXISTS(SELECT 1 FROM team_members WHERE team_id = $1 AND user_id = $2)",
                         data.inner.team_id as database::models::ids::TeamId,
                         user_id as database::models::ids::UserId,
                     )
@@ -151,7 +153,7 @@ pub async fn mod_get(
                     let user_id: database::models::ids::UserId = user.id.into();
 
                     let mod_exists = sqlx::query!(
-                        "SELECT EXISTS(SELECT 1 FROM team_members WHERE id = $1 AND user_id = $2)",
+                        "SELECT EXISTS(SELECT 1 FROM team_members WHERE team_id = $1 AND user_id = $2)",
                         data.inner.team_id as database::models::ids::TeamId,
                         user_id as database::models::ids::UserId,
                     )
@@ -265,6 +267,7 @@ pub async fn mod_edit(
     config: web::Data<SearchConfig>,
     file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
     new_mod: web::Json<EditMod>,
+    indexing_queue: Data<Arc<CreationQueue>>,
 ) -> Result<HttpResponse, ApiError> {
     let user = get_user_from_headers(req.headers(), &**pool).await?;
 
@@ -378,8 +381,14 @@ pub async fn mod_edit(
                 .await
                 .map_err(|e| ApiError::DatabaseError(e.into()))?;
 
-                if mod_item.status.is_searchable() && status.is_searchable() {
+                if mod_item.status.is_searchable() && !status.is_searchable() {
                     delete_from_index(id.into(), config).await?;
+                } else if !mod_item.status.is_searchable() && status.is_searchable() {
+                    let index_mod =
+                        crate::search::indexing::local_import::query_one(mod_id.into(), &mut *transaction)
+                            .await?;
+
+                    indexing_queue.add(index_mod);
                 }
             }