tomasalias/AstralRinth
1
0
Fork 0
forked from didirus/AstralRinth
Code Pull Requests Activity

Run fmt, fix dep route (#312)

Browse Source
This commit is contained in:
Geometrically
2022-02-27 21:44:00 -07:00
committed by GitHub
parent 725f8571bb
commit 459e36c027
53 changed files with 1798 additions and 867 deletions
Download Patch File Download Diff File Expand all files Collapse all files

195
src/routes/teams.rs
View File

@@ -1,4 +1,6 @@
use crate::database::models::notification_item::{NotificationActionBuilder, NotificationBuilder};
use crate::database::models::notification_item::{
NotificationActionBuilder, NotificationBuilder,
};
use crate::database::models::TeamMember;
use crate::models::ids::ProjectId;
use crate::models::teams::{Permissions, TeamId};
@@ -17,23 +19,33 @@ pub async fn team_members_get_project(
) -> Result<HttpResponse, ApiError> {
let string = info.into_inner().0;
let project_data =
crate::database::models::Project::get_from_slug_or_project_id(string, &**pool).await?;
crate::database::models::Project::get_from_slug_or_project_id(
string, &**pool,
)
.await?;
if let Some(project) = project_data {
let members_data = TeamMember::get_from_team_full(project.team_id, &**pool).await?;
let members_data =
TeamMember::get_from_team_full(project.team_id, &**pool).await?;
let current_user = get_user_from_headers(req.headers(), &**pool).await.ok();
let current_user =
get_user_from_headers(req.headers(), &**pool).await.ok();
if let Some(user) = current_user {
let team_member =
TeamMember::get_from_user_id(project.team_id, user.id.into(), &**pool)
.await
.map_err(ApiError::DatabaseError)?;
let team_member = TeamMember::get_from_user_id(
project.team_id,
user.id.into(),
&**pool,
)
.await
.map_err(ApiError::DatabaseError)?;
if team_member.is_some() {
let team_members: Vec<_> = members_data
.into_iter()
.map(|data| crate::models::teams::TeamMember::from(data, false))
.map(|data| {
crate::models::teams::TeamMember::from(data, false)
})
.collect();
return Ok(HttpResponse::Ok().json(team_members));
@@ -59,14 +71,16 @@ pub async fn team_members_get(
pool: web::Data<PgPool>,
) -> Result<HttpResponse, ApiError> {
let id = info.into_inner().0;
let members_data = TeamMember::get_from_team_full(id.into(), &**pool).await?;
let members_data =
TeamMember::get_from_team_full(id.into(), &**pool).await?;
let current_user = get_user_from_headers(req.headers(), &**pool).await.ok();
if let Some(user) = current_user {
let team_member = TeamMember::get_from_user_id(id.into(), user.id.into(), &**pool)
.await
.map_err(ApiError::DatabaseError)?;
let team_member =
TeamMember::get_from_user_id(id.into(), user.id.into(), &**pool)
.await
.map_err(ApiError::DatabaseError)?;
if team_member.is_some() {
let team_members: Vec<_> = members_data
@@ -96,8 +110,12 @@ pub async fn join_team(
let team_id = info.into_inner().0.into();
let current_user = get_user_from_headers(req.headers(), &**pool).await?;
let member =
TeamMember::get_from_user_id_pending(team_id, current_user.id.into(), &**pool).await?;
let member = TeamMember::get_from_user_id_pending(
team_id,
current_user.id.into(),
&**pool,
)
.await?;
if let Some(member) = member {
if member.accepted {
@@ -153,17 +171,20 @@ pub async fn add_team_member(
let mut transaction = pool.begin().await?;
let current_user = get_user_from_headers(req.headers(), &**pool).await?;
let member = TeamMember::get_from_user_id(team_id, current_user.id.into(), &**pool)
.await?
.ok_or_else(|| {
ApiError::CustomAuthenticationError(
"You don't have permission to edit members of this team".to_string(),
)
})?;
let member =
TeamMember::get_from_user_id(team_id, current_user.id.into(), &**pool)
.await?
.ok_or_else(|| {
ApiError::CustomAuthenticationError(
"You don't have permission to edit members of this team"
.to_string(),
)
})?;
if !member.permissions.contains(Permissions::MANAGE_INVITES) {
return Err(ApiError::CustomAuthenticationError(
"You don't have permission to invite users to this team".to_string(),
"You don't have permission to invite users to this team"
.to_string(),
));
}
if !member.permissions.contains(new_member.permissions) {
@@ -191,16 +212,23 @@ pub async fn add_team_member(
));
} else {
return Err(ApiError::InvalidInputError(
"There is already a pending member request for this user".to_string(),
"There is already a pending member request for this user"
.to_string(),
));
}
}
crate::database::models::User::get(member.user_id, &**pool)
.await?
.ok_or_else(|| ApiError::InvalidInputError("An invalid User ID specified".to_string()))?;
.ok_or_else(|| {
ApiError::InvalidInputError(
"An invalid User ID specified".to_string(),
)
})?;
let new_id = crate::database::models::ids::generate_team_member_id(&mut transaction).await?;
let new_id =
crate::database::models::ids::generate_team_member_id(&mut transaction)
.await?;
TeamMember {
id: new_id,
team_id,
@@ -232,11 +260,18 @@ pub async fn add_team_member(
"Team invite from {} to join the team for project {}",
current_user.username, result.title
),
link: format!("/{}/{}", result.project_type, ProjectId(result.id as u64)),
link: format!(
"/{}/{}",
result.project_type,
ProjectId(result.id as u64)
),
actions: vec![
NotificationActionBuilder {
title: "Accept".to_string(),
action_route: ("POST".to_string(), format!("team/{}/join", team)),
action_route: (
"POST".to_string(),
format!("team/{}/join", team),
),
},
NotificationActionBuilder {
title: "Deny".to_string(),
@@ -273,20 +308,24 @@ pub async fn edit_team_member(
let user_id = ids.1.into();
let current_user = get_user_from_headers(req.headers(), &**pool).await?;
let member = TeamMember::get_from_user_id(id, current_user.id.into(), &**pool)
.await?
.ok_or_else(|| {
ApiError::CustomAuthenticationError(
"You don't have permission to edit members of this team".to_string(),
)
})?;
let edit_member_db = TeamMember::get_from_user_id_pending(id, user_id, &**pool)
.await?
.ok_or_else(|| {
ApiError::CustomAuthenticationError(
"You don't have permission to edit members of this team".to_string(),
)
})?;
let member =
TeamMember::get_from_user_id(id, current_user.id.into(), &**pool)
.await?
.ok_or_else(|| {
ApiError::CustomAuthenticationError(
"You don't have permission to edit members of this team"
.to_string(),
)
})?;
let edit_member_db =
TeamMember::get_from_user_id_pending(id, user_id, &**pool)
.await?
.ok_or_else(|| {
ApiError::CustomAuthenticationError(
"You don't have permission to edit members of this team"
.to_string(),
)
})?;
let mut transaction = pool.begin().await?;
@@ -298,14 +337,16 @@ pub async fn edit_team_member(
if !member.permissions.contains(Permissions::EDIT_MEMBER) {
return Err(ApiError::CustomAuthenticationError(
"You don't have permission to edit members of this team".to_string(),
"You don't have permission to edit members of this team"
.to_string(),
));
}
if let Some(new_permissions) = edit_member.permissions {
if !member.permissions.contains(new_permissions) {
return Err(ApiError::InvalidInputError(
"The new permissions have permissions that you don't have".to_string(),
"The new permissions have permissions that you don't have"
.to_string(),
));
}
}
@@ -346,22 +387,34 @@ pub async fn transfer_ownership(
let id = info.into_inner().0;
let current_user = get_user_from_headers(req.headers(), &**pool).await?;
let member = TeamMember::get_from_user_id(id.into(), current_user.id.into(), &**pool)
.await?
.ok_or_else(|| {
ApiError::CustomAuthenticationError(
"You don't have permission to edit members of this team".to_string(),
)
})?;
let new_member = TeamMember::get_from_user_id(id.into(), new_owner.user_id.into(), &**pool)
.await?
.ok_or_else(|| {
ApiError::InvalidInputError("The new owner specified does not exist".to_string())
})?;
let member = TeamMember::get_from_user_id(
id.into(),
current_user.id.into(),
&**pool,
)
.await?
.ok_or_else(|| {
ApiError::CustomAuthenticationError(
"You don't have permission to edit members of this team"
.to_string(),
)
})?;
let new_member = TeamMember::get_from_user_id(
id.into(),
new_owner.user_id.into(),
&**pool,
)
.await?
.ok_or_else(|| {
ApiError::InvalidInputError(
"The new owner specified does not exist".to_string(),
)
})?;
if member.role != crate::models::teams::OWNER_ROLE {
return Err(ApiError::CustomAuthenticationError(
"You don't have permission to edit the ownership of this team".to_string(),
"You don't have permission to edit the ownership of this team"
.to_string(),
));
}
@@ -409,15 +462,18 @@ pub async fn remove_team_member(
let user_id = ids.1.into();
let current_user = get_user_from_headers(req.headers(), &**pool).await?;
let member = TeamMember::get_from_user_id(id, current_user.id.into(), &**pool)
.await?
.ok_or_else(|| {
ApiError::CustomAuthenticationError(
"You don't have permission to edit members of this team".to_string(),
)
})?;
let member =
TeamMember::get_from_user_id(id, current_user.id.into(), &**pool)
.await?
.ok_or_else(|| {
ApiError::CustomAuthenticationError(
"You don't have permission to edit members of this team"
.to_string(),
)
})?;
let delete_member = TeamMember::get_from_user_id_pending(id, user_id, &**pool).await?;
let delete_member =
TeamMember::get_from_user_id_pending(id, user_id, &**pool).await?;
if let Some(delete_member) = delete_member {
if delete_member.role == crate::models::teams::OWNER_ROLE {
@@ -431,7 +487,8 @@ pub async fn remove_team_member(
// Members other than the owner can either leave the team, or be
// removed by a member with the REMOVE_MEMBER permission.
if delete_member.user_id == member.user_id
|| (member.permissions.contains(Permissions::REMOVE_MEMBER) && member.accepted)
|| (member.permissions.contains(Permissions::REMOVE_MEMBER)
&& member.accepted)
{
TeamMember::delete(id, user_id, &**pool).await?;
} else {
@@ -440,7 +497,8 @@ pub async fn remove_team_member(
));
}
} else if delete_member.user_id == member.user_id
|| (member.permissions.contains(Permissions::MANAGE_INVITES) && member.accepted)
|| (member.permissions.contains(Permissions::MANAGE_INVITES)
&& member.accepted)
{
// This is a pending invite rather than a member, so the
// user being invited or team members with the MANAGE_INVITES
@@ -448,7 +506,8 @@ pub async fn remove_team_member(
TeamMember::delete(id, user_id, &**pool).await?;
} else {
return Err(ApiError::CustomAuthenticationError(
"You do not have permission to cancel a team invite".to_string(),
"You do not have permission to cancel a team invite"
.to_string(),
));
}
Ok(HttpResponse::NoContent().body(""))