+helper function to process the expires flag in params
+can now verify if a user is allowed to use perma invites - still need to generatre appropos 400 for those with no permisions at all
This commit is contained in:
shockrah
parent
9eff4284a9
commit
73f050be62
@ -10,7 +10,7 @@ use hyper::{Response, Body, StatusCode};
|
|||||||
|
|
||||||
use chrono::Utc;
|
use chrono::Utc;
|
||||||
|
|
||||||
use crate::db_types::BigInt;
|
use crate::db_types::{UBigInt, BigInt};
|
||||||
use crate::members::{self, Member};
|
use crate::members::{self, Member};
|
||||||
|
|
||||||
#[derive(Serialize)]
|
#[derive(Serialize)]
|
||||||
@ -111,19 +111,46 @@ async fn insert_new_invite(pool: &Pool, invite: &Invite) -> Result<(), Error>{
|
|||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async fn process_expires_parameter(p: &Pool, exp: &Value, id: UBigInt) -> bool {
|
||||||
|
// TODO: fix this somewhat unsafe code
|
||||||
|
// NOTE: its unsafe because of these lazy as heck unwraps everywhere
|
||||||
|
use crate::perms::{CREATE_PERM_INVITES, CREATE_TMP_INVITES};
|
||||||
|
let conn = p.get_conn().await.unwrap();
|
||||||
|
let db_tup: (Conn, Option<UBigInt>) = conn.first_exec(
|
||||||
|
"SELECT permissions FROM members WHERE id = :id",
|
||||||
|
params!{"id" => id})
|
||||||
|
.await.unwrap();
|
||||||
|
// depending on what type of invite we requested we should make sure we have the
|
||||||
|
// right permissions to do so
|
||||||
|
let real_perms = db_tup.1.unwrap(); // safe via auth module
|
||||||
|
if let Some(exp) = exp.as_bool() {
|
||||||
|
// perma?
|
||||||
|
if exp {
|
||||||
|
return (real_perms & CREATE_PERM_INVITES) == CREATE_PERM_INVITES;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return (real_perms & CREATE_TMP_INVITES) == CREATE_TMP_INVITES;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
pub async fn create(pool: &Pool, response: &mut Response<Body>, params: Value) {
|
pub async fn create(pool: &Pool, response: &mut Response<Body>, params: Value) {
|
||||||
/*
|
/*
|
||||||
* Creates a new invite
|
* Creates a new invite
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
let id = params.get("id").unwrap().as_u64().unwrap();
|
||||||
|
|
||||||
let use_count = match params.get("uses") {
|
let use_count = match params.get("uses") {
|
||||||
Some(val) => val.as_i64(),
|
Some(val) => val.as_i64(),
|
||||||
None => None
|
None => None
|
||||||
};
|
};
|
||||||
|
|
||||||
// TODO: remove the unwrap
|
|
||||||
let expires = match params.get("expires") {
|
let expires = match params.get("expires") {
|
||||||
Some(val) => val.as_bool().unwrap_or(true),
|
Some(exp_val) => process_expires_parameter(pool, exp_val, id).await,
|
||||||
None => true
|
None => true
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user