From 10cac358a9cc4e3db03e1dca90bff4c29514cfc1 Mon Sep 17 00:00:00 2001
From: Paul <paulmakles@gmail.com>
Date: Fri, 19 Feb 2021 13:26:04 +0000
Subject: [PATCH] Label permission errors, and too many ids for /stale.
---
src/routes/channels/delete_channel.rs | 2 +-
src/routes/channels/fetch_channel.rs | 2 +-
src/routes/channels/group_add_member.rs | 2 +-
src/routes/channels/group_remove_member.rs | 2 +-
src/routes/channels/message_delete.rs | 2 +-
src/routes/channels/message_edit.rs | 2 +-
src/routes/channels/message_fetch.rs | 2 +-
src/routes/channels/message_query.rs | 2 +-
src/routes/channels/message_query_stale.rs | 4 ++--
src/routes/channels/message_send.rs | 2 +-
src/routes/users/fetch_user.rs | 2 +-
src/routes/users/find_mutual.rs | 4 ++--
src/util/result.rs | 6 ++++++
13 files changed, 20 insertions(+), 14 deletions(-)
diff --git a/src/routes/channels/delete_channel.rs b/src/routes/channels/delete_channel.rs
index 9fd0881..7fc65de 100644
--- a/src/routes/channels/delete_channel.rs
+++ b/src/routes/channels/delete_channel.rs
@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref) -> Result<()> {
.for_channel()
.await?;
if !perm.get_view() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
match &target {
diff --git a/src/routes/channels/fetch_channel.rs b/src/routes/channels/fetch_channel.rs
index d5e6867..75a7d5b 100644
--- a/src/routes/channels/fetch_channel.rs
+++ b/src/routes/channels/fetch_channel.rs
@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
.for_channel()
.await?;
if !perm.get_view() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
Ok(json!(target))
diff --git a/src/routes/channels/group_add_member.rs b/src/routes/channels/group_add_member.rs
index 4ff36fd..e925fd9 100644
--- a/src/routes/channels/group_add_member.rs
+++ b/src/routes/channels/group_add_member.rs
@@ -16,7 +16,7 @@ pub async fn req(user: User, target: Ref, member: Ref) -> Result<()> {
.for_channel()
.await?;
if !perm.get_view() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
if let Channel::Group { id, recipients, .. } = &channel {
diff --git a/src/routes/channels/group_remove_member.rs b/src/routes/channels/group_remove_member.rs
index 08bd4e3..e12414b 100644
--- a/src/routes/channels/group_remove_member.rs
+++ b/src/routes/channels/group_remove_member.rs
@@ -20,7 +20,7 @@ pub async fn req(user: User, target: Ref, member: Ref) -> Result<()> {
{
if &user.id != owner {
// figure out if we want to use perm system here
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
if recipients.iter().find(|x| *x == &member.id).is_none() {
diff --git a/src/routes/channels/message_delete.rs b/src/routes/channels/message_delete.rs
index 85bdfed..fa794d7 100644
--- a/src/routes/channels/message_delete.rs
+++ b/src/routes/channels/message_delete.rs
@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref, msg: Ref) -> Result<()> {
.for_channel()
.await?;
if !perm.get_view() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
let message = msg.fetch_message(&channel).await?;
diff --git a/src/routes/channels/message_edit.rs b/src/routes/channels/message_edit.rs
index dc559c2..15cdc48 100644
--- a/src/routes/channels/message_edit.rs
+++ b/src/routes/channels/message_edit.rs
@@ -24,7 +24,7 @@ pub async fn req(user: User, target: Ref, msg: Ref, edit: Json<Data>) -> Result<
.for_channel()
.await?;
if !perm.get_view() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
let message = msg.fetch_message(&channel).await?;
diff --git a/src/routes/channels/message_fetch.rs b/src/routes/channels/message_fetch.rs
index 162e48d..d308c84 100644
--- a/src/routes/channels/message_fetch.rs
+++ b/src/routes/channels/message_fetch.rs
@@ -12,7 +12,7 @@ pub async fn req(user: User, target: Ref, msg: Ref) -> Result<JsonValue> {
.for_channel()
.await?;
if !perm.get_view() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
let message = msg.fetch_message(&channel).await?;
diff --git a/src/routes/channels/message_query.rs b/src/routes/channels/message_query.rs
index c30967f..dadf8b5 100644
--- a/src/routes/channels/message_query.rs
+++ b/src/routes/channels/message_query.rs
@@ -34,7 +34,7 @@ pub async fn req(user: User, target: Ref, options: Form<Options>) -> Result<Json
.for_channel()
.await?;
if !perm.get_view() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
let mut query = doc! { "channel": target.id() };
diff --git a/src/routes/channels/message_query_stale.rs b/src/routes/channels/message_query_stale.rs
index 300ae76..2930a42 100644
--- a/src/routes/channels/message_query_stale.rs
+++ b/src/routes/channels/message_query_stale.rs
@@ -14,7 +14,7 @@ pub struct Options {
#[post("/<target>/messages/stale", data = "<data>")]
pub async fn req(user: User, target: Ref, data: Json<Options>) -> Result<JsonValue> {
if data.ids.len() > 150 {
- return Err(Error::LabelMe);
+ return Err(Error::TooManyIds);
}
let target = target.fetch_channel().await?;
@@ -24,7 +24,7 @@ pub async fn req(user: User, target: Ref, data: Json<Options>) -> Result<JsonVal
.for_channel()
.await?;
if !perm.get_view() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
let mut cursor = get_collection("messages")
diff --git a/src/routes/channels/message_send.rs b/src/routes/channels/message_send.rs
index aaf275e..9f6fb93 100644
--- a/src/routes/channels/message_send.rs
+++ b/src/routes/channels/message_send.rs
@@ -34,7 +34,7 @@ pub async fn req(user: User, target: Ref, message: Json<Data>) -> Result<JsonVal
.for_channel()
.await?;
if !perm.get_send_message() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
if get_collection("messages")
diff --git a/src/routes/users/fetch_user.rs b/src/routes/users/fetch_user.rs
index 9a66071..063ddf3 100644
--- a/src/routes/users/fetch_user.rs
+++ b/src/routes/users/fetch_user.rs
@@ -13,7 +13,7 @@ pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
.await?;
if !perm.get_access() {
- Err(Error::LabelMe)?
+ Err(Error::MissingPermission)?
}
Ok(json!(target.from(&user).with(perm)))
diff --git a/src/routes/users/find_mutual.rs b/src/routes/users/find_mutual.rs
index 7b3f1f6..2a31d4b 100644
--- a/src/routes/users/find_mutual.rs
+++ b/src/routes/users/find_mutual.rs
@@ -12,8 +12,8 @@ pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
.find(
doc! {
"$and": [
- { "relations.id": &user.id },
- { "relations.id": &target.id }
+ { "relations._id": &user.id },
+ { "relations._id": &target.id }
]
},
FindOptions::builder().projection(doc! { "_id": 1 }).build(),
diff --git a/src/util/result.rs b/src/util/result.rs
index e69c48a..0a1e982 100644
--- a/src/util/result.rs
+++ b/src/util/result.rs
@@ -50,6 +50,8 @@ pub enum Error {
NotInGroup,
// ? General errors.
+ #[snafu(display("Trying to fetch too much data."))]
+ TooManyIds,
#[snafu(display("Failed to validate fields."))]
FailedValidation { error: ValidationErrors },
#[snafu(display("Encountered a database error."))]
@@ -59,6 +61,8 @@ pub enum Error {
},
#[snafu(display("Internal server error."))]
InternalError,
+ #[snafu(display("Missing permission."))]
+ MissingPermission,
#[snafu(display("Operation cannot be performed on this object."))]
InvalidOperation,
#[snafu(display("Already created an object with this nonce."))]
@@ -96,7 +100,9 @@ impl<'r> Responder<'r, 'static> for Error {
Error::FailedValidation { .. } => Status::UnprocessableEntity,
Error::DatabaseError { .. } => Status::InternalServerError,
Error::InternalError => Status::InternalServerError,
+ Error::MissingPermission => Status::Forbidden,
Error::InvalidOperation => Status::BadRequest,
+ Error::TooManyIds => Status::BadRequest,
Error::DuplicateNonce => Status::Conflict,
Error::NoEffect => Status::Ok,
};
--
GitLab