diff options
| author | metamuffin <metamuffin@disroot.org> | 2023-10-04 20:41:59 +0200 |
|---|---|---|
| committer | metamuffin <metamuffin@disroot.org> | 2023-10-04 20:41:59 +0200 |
| commit | 347274afb36e926b328e799ca8004fc874ffe4cb (patch) | |
| tree | 8c7ec38938e3673ce5752bffa9442daa9f589f3d /server/src/routes | |
| parent | 4095a8804c17c3ec12706f00d3694f564afc0b95 (diff) | |
| download | jellything-347274afb36e926b328e799ca8004fc874ffe4cb.tar jellything-347274afb36e926b328e799ca8004fc874ffe4cb.tar.bz2 jellything-347274afb36e926b328e799ca8004fc874ffe4cb.tar.zst | |
more permission stuff
Diffstat (limited to 'server/src/routes')
| -rw-r--r-- | server/src/routes/api/mod.rs | 7 | ||||
| -rw-r--r-- | server/src/routes/stream.rs | 5 | ||||
| -rw-r--r-- | server/src/routes/ui/admin/user.rs | 16 | ||||
| -rw-r--r-- | server/src/routes/ui/assets.rs | 7 | ||||
| -rw-r--r-- | server/src/routes/ui/node.rs | 5 |
5 files changed, 22 insertions, 18 deletions
diff --git a/server/src/routes/api/mod.rs b/server/src/routes/api/mod.rs index 23f313f..615c836 100644 --- a/server/src/routes/api/mod.rs +++ b/server/src/routes/api/mod.rs @@ -41,13 +41,14 @@ pub fn r_api_account_login(database: &State<Database>, data: Json<LoginForm>) -> #[get("/api/node_raw/<id>")] pub fn r_api_node_raw( - _admin: AdminSession, + admin: AdminSession, database: &State<Database>, - id: String, + id: &str, ) -> MyResult<Json<Node>> { + drop(admin); let node = database .node - .get(&id) + .get(&id.to_string()) .context("retrieving library node")? .ok_or(anyhow!("node does not exist"))?; Ok(Json(node)) diff --git a/server/src/routes/stream.rs b/server/src/routes/stream.rs index 21575b6..b1248ba 100644 --- a/server/src/routes/stream.rs +++ b/server/src/routes/stream.rs @@ -6,7 +6,7 @@ use super::ui::{account::session::Session, error::MyError}; use crate::{database::Database, federation::Federation}; use anyhow::{anyhow, Result}; -use jellybase::CONF; +use jellybase::{permission::NodePermissionExt, CONF}; use jellycommon::{stream::StreamSpec, MediaSource}; use log::{info, warn}; use rocket::{ @@ -36,7 +36,7 @@ pub async fn r_stream_head( #[get("/n/<id>/stream?<spec..>")] pub async fn r_stream( - _sess: Session, + session: Session, federation: &State<Federation>, db: &State<Database>, id: &str, @@ -46,6 +46,7 @@ pub async fn r_stream( let node = db .node .get(&id.to_string())? + .only_if_permitted(&session.user.permissions) .ok_or(anyhow!("node does not exist"))?; let source = node .private diff --git a/server/src/routes/ui/admin/user.rs b/server/src/routes/ui/admin/user.rs index e61ec45..42bcfa7 100644 --- a/server/src/routes/ui/admin/user.rs +++ b/server/src/routes/ui/admin/user.rs @@ -66,15 +66,15 @@ fn manage_single_user<'a>( Ok(LayoutPage { title: "User management".to_string(), content: markup::new! { - h1 { "Manage User" } + h1 { @format!("{:?}", user.display_name) " (" @user.name ")" } + a[href=uri!(r_admin_users())] "Back to the User List" @FlashDisplay { flash: flash.clone() } - h2 { @format!("{:?}", user.display_name) " (" @user.name ")" } form[method="POST", action=uri!(r_admin_remove_user())] { input[type="text", name="name", value=&user.name, hidden]; - input[type="submit", value="Remove(!)"]; + input[type="submit", value="Remove user(!)"]; } - h3 { "Permissions" } + h2 { "Permissions" } @PermissionDisplay { perms: &user.permissions } form[method="POST", action=uri!(r_admin_user_permission())] { @@ -90,9 +90,9 @@ fn manage_single_user<'a>( } fieldset.perms { legend { "Permission" } - label { input[type="radio", name="action", value="unset"]; "Unset" } - label { input[type="radio", name="action", value="grant"]; "Grant" } - label { input[type="radio", name="action", value="revoke"]; "Revoke" } + label { input[type="radio", name="action", value="unset"]; "Unset" } br; + label { input[type="radio", name="action", value="grant"]; "Grant" } br; + label { input[type="radio", name="action", value="revoke"]; "Revoke" } br; } input[type="submit", value="Update"]; } @@ -132,7 +132,7 @@ pub enum GrantState { Unset, } -#[post("/admin/update_user_permission", data = "<form>")] +#[post("/admin/q", data = "<form>")] pub fn r_admin_user_permission( session: AdminSession, database: &State<Database>, diff --git a/server/src/routes/ui/assets.rs b/server/src/routes/ui/assets.rs index f88faa4..5789685 100644 --- a/server/src/routes/ui/assets.rs +++ b/server/src/routes/ui/assets.rs @@ -8,7 +8,7 @@ use crate::{ routes::ui::{account::session::Session, error::MyError, CacheControlFile}, }; use anyhow::{anyhow, Context}; -use jellybase::AssetLocationExt; +use jellybase::{AssetLocationExt, permission::NodePermissionExt}; use jellycommon::AssetLocation; use log::info; use rocket::{get, http::ContentType, FromFormField, State, UriDisplayQuery}; @@ -25,7 +25,7 @@ pub enum AssetRole { #[get("/n/<id>/asset?<role>&<width>")] pub async fn r_item_assets( - _sess: Session, + session: Session, db: &State<Database>, id: &str, role: AssetRole, @@ -34,13 +34,14 @@ pub async fn r_item_assets( let node = db .node .get(&id.to_string())? + .only_if_permitted(&session.user.permissions) .ok_or(anyhow!("node does not exist"))?; let mut asset = match role { AssetRole::Backdrop => node.private.backdrop, AssetRole::Poster => node.private.poster, }; if let None = asset { - if let Some(parent) = &node.public.parent { + if let Some(parent) = &node.public.path.last() { let parent = db.node.get(parent)?.ok_or(anyhow!("node does not exist"))?; asset = match role { AssetRole::Backdrop => parent.private.backdrop, diff --git a/server/src/routes/ui/node.rs b/server/src/routes/ui/node.rs index 1a906f1..b72ec11 100644 --- a/server/src/routes/ui/node.rs +++ b/server/src/routes/ui/node.rs @@ -22,6 +22,7 @@ use crate::{ uri, }; use anyhow::{anyhow, Context}; +use jellybase::permission::NodePermissionExt; use jellycommon::{MediaInfo, NodeKind, NodePublic, Rating, SourceTrackKind}; use rocket::{get, serde::json::Json, Either, State}; @@ -39,11 +40,11 @@ pub async fn r_library_node_filter<'a>( aj: AcceptJson, filter: NodeFilterSort, ) -> Result<Either<DynLayoutPage<'a>, Json<NodePublic>>, MyError> { - drop(session); let node = db .node .get(&id.to_string()) .context("retrieving library node")? + .only_if_permitted(&session.user.permissions) .ok_or(anyhow!("node does not exist"))? .public; @@ -124,7 +125,7 @@ markup::define! { } @if matches!(node.kind, NodeKind::Collection | NodeKind::Channel) { @if matches!(node.kind, NodeKind::Collection) { - @if let Some(parent) = &node.parent { + @if let Some(parent) = &node.path.last().cloned() { a.dirup[href=uri!(r_library_node(parent))] { "Go up" } } } |