+Parsing channel_id param correctly

+ Checking for proper permissions in user moar if let bindings!!!1
2021-02-03 23:29:53 -08:00 · 2021-02-03 23:29:53 -08:00 · 20aca8a069
commit 20aca8a069
parent 42e783ccf1
1 changed files with 44 additions and 19 deletions
--- a/json-api/src/channels.rs
+++ b/json-api/src/channels.rs
@ -84,19 +84,48 @@ pub async fn create_channel(pool: &Pool, response: &mut Response<Body>, params:
    }
 }

-pub async fn delete_channel(pool: &Pool, response: &mut Response<Body>, params: Value) {
-    // make sure we have the right parameters provided
-    if let Some(name) = params.get("channel_id") {
-        if let Some(id) = name.as_u64() {
-            // TODO: something more intelligent with the logging im ngl
+pub async fn delete_channel(pool: &Pool, response: &mut Response<Body>, params: HashMap<&str, &str>) {
+    /*
+     * Deletes a channel from the database, only after making sure the user has
+     * the required permissions to do so
+     * @channel_id : u64 - required
+    */
+    use crate::perms;
+    use db::member::Member;
+    use db::Response::*;
+
+    let uid = crate::http::extract_uid(&params);
+    let permissions = match Member::get(pool, uid).await {
+        Row(user) => user.permissions,
+        _ => 0
+    };
+
+    // make sure unpriveleged users don't delete channels somehow
+    if perms::has_perm(permissions, perms::DELETE_CHANNEL) == false{
+        *response.status_mut() = StatusCode::BAD_REQUEST;
+        return;
+    }
+
+    // Collect the channel_id param before we attempt deletion
+    let channel_id = if let Some(chan) = params.get("channel_id") {
+        let c = chan;
+        match c.to_string().parse::<u64>() {
+            Ok(val) => Some(val),
+            _ => None
+        }
+    } else {
+        None
+    };
+
+    if let Some(id) = channel_id {
        match Channel::delete(pool, id).await {
-                db::Response::Success => {},
-                db::Response::Other(data) =>  {
+            Success => {/* nothing to do on sucess */},
+            Other(data) =>  {
                eprintln!("\t{}", data);
                *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR;
            }
-                _ => {
-                    eprintln!("\tBro like restart the server");
+            _ => { // ngmi
+                eprintln!("\tBro like restart the server this branch should never execute");
                *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR;
            }
        }     
@ -105,8 +134,4 @@ pub async fn delete_channel(pool: &Pool, response: &mut Response<Body>, params:
        *response.status_mut() = StatusCode::BAD_REQUEST;
    }
 }
-    else {
-        *response.status_mut() = StatusCode::BAD_REQUEST;
-    }
-}