+helper function to process the expires flag in params

+can now verify if a user is allowed to use perma invites - still need to generatre appropos 400 for those with no permisions at all
2020-08-26 20:35:44 -07:00 · 2020-08-26 20:35:44 -07:00 · 73f050be62
commit 73f050be62
parent 9eff4284a9
1 changed files with 30 additions and 3 deletions
--- a/server-api/src/invites.rs
+++ b/server-api/src/invites.rs
@ -10,7 +10,7 @@ use hyper::{Response, Body, StatusCode};

 use chrono::Utc;

-use crate::db_types::BigInt;
+use crate::db_types::{UBigInt, BigInt};
 use crate::members::{self, Member};

 #[derive(Serialize)]
@ -111,19 +111,46 @@ async fn insert_new_invite(pool: &Pool, invite: &Invite) -> Result<(), Error>{
    Ok(())
 }

+async fn process_expires_parameter(p: &Pool, exp: &Value, id: UBigInt) -> bool {
+    // TODO: fix this somewhat unsafe code
+    // NOTE: its unsafe because of these lazy as heck unwraps everywhere
+    use crate::perms::{CREATE_PERM_INVITES, CREATE_TMP_INVITES};
+    let conn = p.get_conn().await.unwrap();
+    let db_tup: (Conn, Option<UBigInt>) = conn.first_exec(
+            "SELECT permissions FROM members WHERE id = :id", 
+            params!{"id" => id})
+            .await.unwrap();
+    // depending on what type of invite we requested we should make sure we have the 
+    // right permissions to do so
+    let real_perms = db_tup.1.unwrap(); // safe via auth module
+    if let Some(exp) = exp.as_bool() {
+        // perma?
+        if exp {
+            return (real_perms & CREATE_PERM_INVITES) == CREATE_PERM_INVITES;
+        }
+        else {
+            return (real_perms & CREATE_TMP_INVITES) == CREATE_TMP_INVITES;
+        }
+    }
+    else {
+        return false;
+    }
+}
+
 pub async fn create(pool: &Pool, response: &mut Response<Body>, params: Value) {
    /*
     * Creates a new invite
     */

+    let id = params.get("id").unwrap().as_u64().unwrap();
+
    let use_count = match params.get("uses")  {
        Some(val) => val.as_i64(),
        None => None
    };

-    // TODO: remove the unwrap
    let expires = match params.get("expires") {
-        Some(val) => val.as_bool().unwrap_or(true),
+        Some(exp_val) => process_expires_parameter(pool, exp_val, id).await,
        None => true
    };