From 73f050be6289f540677aa5d8e8855d8608d4fcf4 Mon Sep 17 00:00:00 2001
From: shockrah <alejandros714@protonmail.com>
Date: Wed, 26 Aug 2020 20:35:44 -0700
Subject: [PATCH] +helper function to process the expires flag in params +can
 now verify if a user is allowed to use perma invites - still need to
 generatre appropos 400 for those with no permisions at all

---
 server-api/src/invites.rs | 33 ++++++++++++++++++++++++++++++---
 1 file changed, 30 insertions(+), 3 deletions(-)

diff --git a/server-api/src/invites.rs b/server-api/src/invites.rs
index 29acb33..9236ff1 100644
--- a/server-api/src/invites.rs
+++ b/server-api/src/invites.rs
@@ -10,7 +10,7 @@ use hyper::{Response, Body, StatusCode};
 
 use chrono::Utc;
 
-use crate::db_types::BigInt;
+use crate::db_types::{UBigInt, BigInt};
 use crate::members::{self, Member};
 
 #[derive(Serialize)]
@@ -111,19 +111,46 @@ async fn insert_new_invite(pool: &Pool, invite: &Invite) -> Result<(), Error>{
     Ok(())
 }
 
+async fn process_expires_parameter(p: &Pool, exp: &Value, id: UBigInt) -> bool {
+    // TODO: fix this somewhat unsafe code
+    // NOTE: its unsafe because of these lazy as heck unwraps everywhere
+    use crate::perms::{CREATE_PERM_INVITES, CREATE_TMP_INVITES};
+    let conn = p.get_conn().await.unwrap();
+    let db_tup: (Conn, Option<UBigInt>) = conn.first_exec(
+            "SELECT permissions FROM members WHERE id = :id", 
+            params!{"id" => id})
+            .await.unwrap();
+    // depending on what type of invite we requested we should make sure we have the 
+    // right permissions to do so
+    let real_perms = db_tup.1.unwrap(); // safe via auth module
+    if let Some(exp) = exp.as_bool() {
+        // perma?
+        if exp {
+            return (real_perms & CREATE_PERM_INVITES) == CREATE_PERM_INVITES;
+        }
+        else {
+            return (real_perms & CREATE_TMP_INVITES) == CREATE_TMP_INVITES;
+        }
+    }
+    else {
+        return false;
+    }
+}
+
 pub async fn create(pool: &Pool, response: &mut Response<Body>, params: Value) {
     /*
      * Creates a new invite
      */
 
+    let id = params.get("id").unwrap().as_u64().unwrap();
+
     let use_count = match params.get("uses")  {
         Some(val) => val.as_i64(),
         None => None
     };
 
-    // TODO: remove the unwrap
     let expires = match params.get("expires") {
-        Some(val) => val.as_bool().unwrap_or(true),
+        Some(exp_val) => process_expires_parameter(pool, exp_val, id).await,
         None => true
     };