From 347274afb36e926b328e799ca8004fc874ffe4cb Mon Sep 17 00:00:00 2001 From: metamuffin Date: Wed, 4 Oct 2023 20:41:59 +0200 Subject: more permission stuff --- server/src/import.rs | 49 ++++++++++++++++++++------------------ server/src/routes/api/mod.rs | 7 +++--- server/src/routes/stream.rs | 5 ++-- server/src/routes/ui/admin/user.rs | 16 ++++++------- server/src/routes/ui/assets.rs | 7 +++--- server/src/routes/ui/node.rs | 5 ++-- 6 files changed, 48 insertions(+), 41 deletions(-) (limited to 'server/src') diff --git a/server/src/import.rs b/server/src/import.rs index d3919b5..ad1d5e9 100644 --- a/server/src/import.rs +++ b/server/src/import.rs @@ -27,7 +27,7 @@ pub async fn import(db: &Database, fed: &Federation) -> anyhow::Result<()> { let permit = IMPORT_SEM.try_acquire()?; db.node.clear()?; info!("importing..."); - let (_, errs) = import_path(CONF.library_path.clone(), db, fed, None) + let (_, errs) = import_path(CONF.library_path.clone(), db, fed, vec![]) .await .context("indexing")?; info!("import completed"); @@ -46,7 +46,7 @@ pub async fn import_path( path: PathBuf, db: &Database, fed: &Federation, - parent: Option, + mut node_path: Vec, ) -> anyhow::Result<(Vec, usize)> { if path.is_dir() { let mpath = path.join("directory.json"); @@ -62,14 +62,16 @@ pub async fn import_path( let identifier = if mpath.exists() { path.file_name().unwrap().to_str().unwrap().to_string() } else { - parent - .clone() + node_path + .last() + .cloned() .ok_or(anyhow!("non-root node requires parent"))? }; + node_path.push(identifier.clone()); let mut all: FuturesUnordered<_> = children_paths .into_iter() - .map(|p| import_path(p.clone(), db, fed, Some(identifier.clone())).map_err(|e| (p, e))) + .map(|p| import_path(p.clone(), db, fed, node_path.clone()).map_err(|e| (p, e))) .collect(); let mut children_ids = Vec::new(); @@ -87,13 +89,14 @@ pub async fn import_path( } } if mpath.exists() { - let mut data: Node = + let mut node: Node = serde_json::from_reader(File::open(mpath).context("metadata missing")?)?; - data.public.children = children_ids; - data.public.parent = parent; + node.public.children = children_ids; + node.public.path = node_path; + node.public.id = Some(identifier.to_owned()); info!("adding {identifier}"); - db.node.insert(&identifier, &data)?; + db.node.insert(&identifier, &node)?; Ok((vec![identifier], errs)) } else { Ok((children_ids, errs)) @@ -101,8 +104,8 @@ pub async fn import_path( } else if path.is_file() { info!("loading {path:?}"); let datafile = File::open(path.clone()).context("cant load metadata")?; - let mut data: Node = serde_json::from_reader(datafile).context("invalid metadata")?; - let identifier = data.private.id.clone().unwrap_or_else(|| { + let mut node: Node = serde_json::from_reader(datafile).context("invalid metadata")?; + let identifier = node.private.id.clone().unwrap_or_else(|| { path.file_name() .unwrap() .to_str() @@ -112,19 +115,20 @@ pub async fn import_path( .to_string() }); - let idents = if let Some(io) = data.private.import.take() { + let idents = if let Some(io) = node.private.import.take() { let session = fed .get_session(&io.host) .await .context("creating session")?; - import_remote(io, db, &session, identifier.clone(), parent) + import_remote(io, db, &session, identifier.clone(), node_path) .await .context("federated import")? } else { debug!("adding {identifier}"); - data.public.parent = parent; - db.node.insert(&identifier, &data)?; + node.public.path = node_path; + node.public.id = Some(identifier.to_owned()); + db.node.insert(&identifier, &node)?; vec![identifier] }; Ok((idents, 0)) @@ -141,7 +145,7 @@ async fn import_remote( db: &Database, session: &Arc, identifier: String, - parent: Option, + mut node_path: Vec, ) -> anyhow::Result> { let _permit = SEM_REMOTE_IMPORT.acquire().await.unwrap(); info!("loading federated node {identifier:?}"); @@ -163,9 +167,7 @@ async fn import_remote( drop(_permit); - let child_parent = if flatten { - parent - } else { + if !flatten { let mut node = Node { public: node.clone(), private: NodePrivate { @@ -179,7 +181,7 @@ async fn import_remote( }), }, }; - node.public.parent = parent; + node.public.path = node_path.clone(); node.public.federated = Some(opts.host.clone()); node.public .children @@ -187,9 +189,10 @@ async fn import_remote( .for_each(|c| *c = format!("{}{c}", opts.prefix.clone().unwrap_or(String::new()))); debug!("adding {identifier}"); + node.public.id = Some(identifier.to_owned()); db.node.insert(&identifier, &node)?; - Some(opts.id.clone()) - }; + node_path.push(opts.id.clone()); + } let mut children: FuturesUnordered<_> = node .children @@ -204,7 +207,7 @@ async fn import_remote( db, session, prefixed, - child_parent.clone(), + node_path.clone(), ) }) .collect(); diff --git a/server/src/routes/api/mod.rs b/server/src/routes/api/mod.rs index 23f313f..615c836 100644 --- a/server/src/routes/api/mod.rs +++ b/server/src/routes/api/mod.rs @@ -41,13 +41,14 @@ pub fn r_api_account_login(database: &State, data: Json) -> #[get("/api/node_raw/")] pub fn r_api_node_raw( - _admin: AdminSession, + admin: AdminSession, database: &State, - id: String, + id: &str, ) -> MyResult> { + drop(admin); let node = database .node - .get(&id) + .get(&id.to_string()) .context("retrieving library node")? .ok_or(anyhow!("node does not exist"))?; Ok(Json(node)) diff --git a/server/src/routes/stream.rs b/server/src/routes/stream.rs index 21575b6..b1248ba 100644 --- a/server/src/routes/stream.rs +++ b/server/src/routes/stream.rs @@ -6,7 +6,7 @@ use super::ui::{account::session::Session, error::MyError}; use crate::{database::Database, federation::Federation}; use anyhow::{anyhow, Result}; -use jellybase::CONF; +use jellybase::{permission::NodePermissionExt, CONF}; use jellycommon::{stream::StreamSpec, MediaSource}; use log::{info, warn}; use rocket::{ @@ -36,7 +36,7 @@ pub async fn r_stream_head( #[get("/n//stream?")] pub async fn r_stream( - _sess: Session, + session: Session, federation: &State, db: &State, id: &str, @@ -46,6 +46,7 @@ pub async fn r_stream( let node = db .node .get(&id.to_string())? + .only_if_permitted(&session.user.permissions) .ok_or(anyhow!("node does not exist"))?; let source = node .private diff --git a/server/src/routes/ui/admin/user.rs b/server/src/routes/ui/admin/user.rs index e61ec45..42bcfa7 100644 --- a/server/src/routes/ui/admin/user.rs +++ b/server/src/routes/ui/admin/user.rs @@ -66,15 +66,15 @@ fn manage_single_user<'a>( Ok(LayoutPage { title: "User management".to_string(), content: markup::new! { - h1 { "Manage User" } + h1 { @format!("{:?}", user.display_name) " (" @user.name ")" } + a[href=uri!(r_admin_users())] "Back to the User List" @FlashDisplay { flash: flash.clone() } - h2 { @format!("{:?}", user.display_name) " (" @user.name ")" } form[method="POST", action=uri!(r_admin_remove_user())] { input[type="text", name="name", value=&user.name, hidden]; - input[type="submit", value="Remove(!)"]; + input[type="submit", value="Remove user(!)"]; } - h3 { "Permissions" } + h2 { "Permissions" } @PermissionDisplay { perms: &user.permissions } form[method="POST", action=uri!(r_admin_user_permission())] { @@ -90,9 +90,9 @@ fn manage_single_user<'a>( } fieldset.perms { legend { "Permission" } - label { input[type="radio", name="action", value="unset"]; "Unset" } - label { input[type="radio", name="action", value="grant"]; "Grant" } - label { input[type="radio", name="action", value="revoke"]; "Revoke" } + label { input[type="radio", name="action", value="unset"]; "Unset" } br; + label { input[type="radio", name="action", value="grant"]; "Grant" } br; + label { input[type="radio", name="action", value="revoke"]; "Revoke" } br; } input[type="submit", value="Update"]; } @@ -132,7 +132,7 @@ pub enum GrantState { Unset, } -#[post("/admin/update_user_permission", data = "
")] +#[post("/admin/q", data = "")] pub fn r_admin_user_permission( session: AdminSession, database: &State, diff --git a/server/src/routes/ui/assets.rs b/server/src/routes/ui/assets.rs index f88faa4..5789685 100644 --- a/server/src/routes/ui/assets.rs +++ b/server/src/routes/ui/assets.rs @@ -8,7 +8,7 @@ use crate::{ routes::ui::{account::session::Session, error::MyError, CacheControlFile}, }; use anyhow::{anyhow, Context}; -use jellybase::AssetLocationExt; +use jellybase::{AssetLocationExt, permission::NodePermissionExt}; use jellycommon::AssetLocation; use log::info; use rocket::{get, http::ContentType, FromFormField, State, UriDisplayQuery}; @@ -25,7 +25,7 @@ pub enum AssetRole { #[get("/n//asset?&")] pub async fn r_item_assets( - _sess: Session, + session: Session, db: &State, id: &str, role: AssetRole, @@ -34,13 +34,14 @@ pub async fn r_item_assets( let node = db .node .get(&id.to_string())? + .only_if_permitted(&session.user.permissions) .ok_or(anyhow!("node does not exist"))?; let mut asset = match role { AssetRole::Backdrop => node.private.backdrop, AssetRole::Poster => node.private.poster, }; if let None = asset { - if let Some(parent) = &node.public.parent { + if let Some(parent) = &node.public.path.last() { let parent = db.node.get(parent)?.ok_or(anyhow!("node does not exist"))?; asset = match role { AssetRole::Backdrop => parent.private.backdrop, diff --git a/server/src/routes/ui/node.rs b/server/src/routes/ui/node.rs index 1a906f1..b72ec11 100644 --- a/server/src/routes/ui/node.rs +++ b/server/src/routes/ui/node.rs @@ -22,6 +22,7 @@ use crate::{ uri, }; use anyhow::{anyhow, Context}; +use jellybase::permission::NodePermissionExt; use jellycommon::{MediaInfo, NodeKind, NodePublic, Rating, SourceTrackKind}; use rocket::{get, serde::json::Json, Either, State}; @@ -39,11 +40,11 @@ pub async fn r_library_node_filter<'a>( aj: AcceptJson, filter: NodeFilterSort, ) -> Result, Json>, MyError> { - drop(session); let node = db .node .get(&id.to_string()) .context("retrieving library node")? + .only_if_permitted(&session.user.permissions) .ok_or(anyhow!("node does not exist"))? .public; @@ -124,7 +125,7 @@ markup::define! { } @if matches!(node.kind, NodeKind::Collection | NodeKind::Channel) { @if matches!(node.kind, NodeKind::Collection) { - @if let Some(parent) = &node.parent { + @if let Some(parent) = &node.path.last().cloned() { a.dirup[href=uri!(r_library_node(parent))] { "Go up" } } } -- cgit v1.2.3-70-g09d2