diff --git a/src/routes/channels/delete_channel.rs b/src/routes/channels/delete_channel.rs
index 9fd0881fc17950b14b24736c7a757e9639e5f62c..7fc65de1a5a9630d0c5ccda3e11e666b327d3134 100644
--- a/src/routes/channels/delete_channel.rs
+++ b/src/routes/channels/delete_channel.rs
@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref) -> Result<()> {
.for_channel()
.await?;
if !perm.get_view() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
match &target {
diff --git a/src/routes/channels/fetch_channel.rs b/src/routes/channels/fetch_channel.rs
index d5e686741185c4c4a990c3071193ca3cda610d91..75a7d5b0229dbb23f4bc8157102c81137e60e04e 100644
--- a/src/routes/channels/fetch_channel.rs
+++ b/src/routes/channels/fetch_channel.rs
@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
.for_channel()
.await?;
if !perm.get_view() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
Ok(json!(target))
diff --git a/src/routes/channels/group_add_member.rs b/src/routes/channels/group_add_member.rs
index 4ff36fd9f187413fab5f141c2a7e40d867e9e3b9..e925fd92a76a808949934e0fcfc3804b59cbd940 100644
--- a/src/routes/channels/group_add_member.rs
+++ b/src/routes/channels/group_add_member.rs
@@ -16,7 +16,7 @@ pub async fn req(user: User, target: Ref, member: Ref) -> Result<()> {
.for_channel()
.await?;
if !perm.get_view() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
if let Channel::Group { id, recipients, .. } = &channel {
diff --git a/src/routes/channels/group_remove_member.rs b/src/routes/channels/group_remove_member.rs
index 08bd4e31536c2e4684f6a2990b5e222ec0e41c1f..e12414bf3b0be3d8e6e4aac0bce0a00cc91f19fa 100644
--- a/src/routes/channels/group_remove_member.rs
+++ b/src/routes/channels/group_remove_member.rs
@@ -20,7 +20,7 @@ pub async fn req(user: User, target: Ref, member: Ref) -> Result<()> {
{
if &user.id != owner {
// figure out if we want to use perm system here
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
if recipients.iter().find(|x| *x == &member.id).is_none() {
diff --git a/src/routes/channels/message_delete.rs b/src/routes/channels/message_delete.rs
index 85bdfed986533b9e1afb3b7c9d4841db3324ace7..fa794d774d1653fd66914acafe48d499275f5da0 100644
--- a/src/routes/channels/message_delete.rs
+++ b/src/routes/channels/message_delete.rs
@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref, msg: Ref) -> Result<()> {
.for_channel()
.await?;
if !perm.get_view() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
let message = msg.fetch_message(&channel).await?;
diff --git a/src/routes/channels/message_edit.rs b/src/routes/channels/message_edit.rs
index dc559c203277072ff67888e2f27a4dd55ab62a6c..15cdc48d8f91133e5d7736f8a0774b24cb356fd3 100644
--- a/src/routes/channels/message_edit.rs
+++ b/src/routes/channels/message_edit.rs
@@ -24,7 +24,7 @@ pub async fn req(user: User, target: Ref, msg: Ref, edit: Json<Data>) -> Result<
.for_channel()
.await?;
if !perm.get_view() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
let message = msg.fetch_message(&channel).await?;
diff --git a/src/routes/channels/message_fetch.rs b/src/routes/channels/message_fetch.rs
index 162e48dbba54d2e96f936fc0cb191508c249209b..d308c84acc0c9df2059b306cb70f34cd29ada049 100644
--- a/src/routes/channels/message_fetch.rs
+++ b/src/routes/channels/message_fetch.rs
@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref, msg: Ref) -> Result<JsonValue> {
.for_channel()
.await?;
if !perm.get_view() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
let message = msg.fetch_message(&channel).await?;
diff --git a/src/routes/channels/message_query.rs b/src/routes/channels/message_query.rs
index c30967f8dddcbc86d8ebf89389012dcb9df648c8..dadf8b54e09d527d4f6f485a503f2dc9fe54fced 100644
--- a/src/routes/channels/message_query.rs
+++ b/src/routes/channels/message_query.rs
@@ -34,7 +34,7 @@ pub async fn req(user: User, target: Ref, options: Form<Options>) -> Result<Json
.for_channel()
.await?;
if !perm.get_view() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
let mut query = doc! { "channel": target.id() };
diff --git a/src/routes/channels/message_query_stale.rs b/src/routes/channels/message_query_stale.rs
index 300ae76524de9634d62f05dcf77c1028000eece8..2930a423a67426b9d0a4b5e95b4998bba05e0d51 100644
--- a/src/routes/channels/message_query_stale.rs
+++ b/src/routes/channels/message_query_stale.rs
@@ -14,7 +14,7 @@ pub struct Options {
#[post("/<target>/messages/stale", data = "<data>")]
pub async fn req(user: User, target: Ref, data: Json<Options>) -> Result<JsonValue> {
if data.ids.len() > 150 {
- return Err(Error::LabelMe);
+ return Err(Error::TooManyIds);
}
let target = target.fetch_channel().await?;
@@ -24,7 +24,7 @@ pub async fn req(user: User, target: Ref, data: Json<Options>) -> Result<JsonVal
.for_channel()
.await?;
if !perm.get_view() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
let mut cursor = get_collection("messages")
diff --git a/src/routes/channels/message_send.rs b/src/routes/channels/message_send.rs
index aaf275ed3c50ba60dda4758a5bb961cfb962f992..9f6fb93d9e50c3a996b633076a52b1e5b51338ed 100644
--- a/src/routes/channels/message_send.rs
+++ b/src/routes/channels/message_send.rs
@@ -34,7 +34,7 @@ pub async fn req(user: User, target: Ref, message: Json<Data>) -> Result<JsonVal
.for_channel()
.await?;
if !perm.get_send_message() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
if get_collection("messages")
diff --git a/src/routes/users/fetch_user.rs b/src/routes/users/fetch_user.rs
index 9a660719c67c7b80092eb5f0fee9ae97f2f71eb3..063ddf34d6b09bfa1ae1138d5d6486d3cb5fedca 100644
--- a/src/routes/users/fetch_user.rs
+++ b/src/routes/users/fetch_user.rs
@@ -13,7 +13,7 @@ pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
.await?;
if !perm.get_access() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
Ok(json!(target.from(&user).with(perm)))
diff --git a/src/routes/users/find_mutual.rs b/src/routes/users/find_mutual.rs
index 7b3f1f640a11c91e70c70366de98070eff2d0f89..2a31d4bd59cb7502c8586f55af9dbc103f8f5e36 100644
--- a/src/routes/users/find_mutual.rs
+++ b/src/routes/users/find_mutual.rs
@@ -12,8 +12,8 @@ pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
.find(
doc! {
"$and": [
- { "relations.id": &user.id },
- { "relations.id": &target.id }
+ { "relations._id": &user.id },
+ { "relations._id": &target.id }
]
},
FindOptions::builder().projection(doc! { "_id": 1 }).build(),
diff --git a/src/util/result.rs b/src/util/result.rs
index e69c48a5e7696da6b84888ddfe72719a431ba451..0a1e982ca4886ebf7eb8ee3ae017199326521f8b 100644
--- a/src/util/result.rs
+++ b/src/util/result.rs
@@ -50,6 +50,8 @@ pub enum Error {
NotInGroup,
// ? General errors.
+ #[snafu(display("Trying to fetch too much data."))]
+ TooManyIds,
#[snafu(display("Failed to validate fields."))]
FailedValidation { error: ValidationErrors },
#[snafu(display("Encountered a database error."))]
@@ -59,6 +61,8 @@ pub enum Error {
},
#[snafu(display("Internal server error."))]
InternalError,
+ #[snafu(display("Missing permission."))]
+ MissingPermission,
#[snafu(display("Operation cannot be performed on this object."))]
InvalidOperation,
#[snafu(display("Already created an object with this nonce."))]
@@ -96,7 +100,9 @@ impl<'r> Responder<'r, 'static> for Error {
Error::FailedValidation { .. } => Status::UnprocessableEntity,
Error::DatabaseError { .. } => Status::InternalServerError,
Error::InternalError => Status::InternalServerError,
+ Error::MissingPermission => Status::Forbidden,
Error::InvalidOperation => Status::BadRequest,
+ Error::TooManyIds => Status::BadRequest,
Error::DuplicateNonce => Status::Conflict,
Error::NoEffect => Status::Ok,
};