Skip to content
Snippets Groups Projects
Verified Commit beeb7e7a authored by insert's avatar insert
Browse files

Don't allow banned users to view or use invites.

parent d1b44a31
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/guards/guild.rs
+ 26
8
View file @ beeb7e7a
...@@ -94,15 +94,33 @@ pub fn get_member(guild_id: &String, member: &String) -> Option<Member> { ...@@ -94,15 +94,33 @@ pub fn get_member(guild_id: &String, member: &String) -> Option<Member> {
} }
} }
pub fn get_invite(code: &String) -> Option<(String, String, Invite)> { pub fn get_invite<U: Into<Option<String>>>(
if let Ok(result) = database::get_collection("guilds").find_one( code: &String,
doc! { user: U,
"invites": { ) -> Option<(String, String, Invite)> {
"$elemMatch": { let mut doc = doc! {
"code": &code "invites": {
} "$elemMatch": {
"code": &code
} }
}, }
};
if let Some(user_id) = user.into() {
doc.insert(
"bans",
doc! {
"$not": {
"$elemMatch": {
"id": user_id
}
}
},
);
}
if let Ok(result) = database::get_collection("guilds").find_one(
doc,
FindOneOptions::builder() FindOneOptions::builder()
.projection(doc! { .projection(doc! {
"_id": 1, "_id": 1,
......
src/routes/guild.rs
+ 4
4
View file @ beeb7e7a
...@@ -245,7 +245,7 @@ pub fn create_invite( ...@@ -245,7 +245,7 @@ pub fn create_invite(
pub fn remove_invite(user: UserRef, target: GuildRef, code: String) -> Option<Response> { pub fn remove_invite(user: UserRef, target: GuildRef, code: String) -> Option<Response> {
let (permissions, _) = with_permissions!(user, target); let (permissions, _) = with_permissions!(user, target);
if let Some((guild_id, _, invite)) = get_invite(&code) { if let Some((guild_id, _, invite)) = get_invite(&code, None) {
if invite.creator != user.id { if invite.creator != user.id {
if !permissions.get_manage_server() { if !permissions.get_manage_server() {
return Some(Response::LackingPermission(Permission::ManageServer)); return Some(Response::LackingPermission(Permission::ManageServer));
...@@ -303,8 +303,8 @@ pub fn fetch_invites(user: UserRef, target: GuildRef) -> Option<Response> { ...@@ -303,8 +303,8 @@ pub fn fetch_invites(user: UserRef, target: GuildRef) -> Option<Response> {
/// view an invite before joining /// view an invite before joining
#[get("/join/<code>", rank = 1)] #[get("/join/<code>", rank = 1)]
pub fn fetch_invite(_user: UserRef, code: String) -> Response { pub fn fetch_invite(user: UserRef, code: String) -> Response {
if let Some((guild_id, name, invite)) = get_invite(&code) { if let Some((guild_id, name, invite)) = get_invite(&code, user.id) {
if let Some(channel) = ChannelRef::from(invite.channel) { if let Some(channel) = ChannelRef::from(invite.channel) {
Response::Success(json!({ Response::Success(json!({
"guild": { "guild": {
...@@ -327,7 +327,7 @@ pub fn fetch_invite(_user: UserRef, code: String) -> Response { ...@@ -327,7 +327,7 @@ pub fn fetch_invite(_user: UserRef, code: String) -> Response {
/// join a guild using an invite /// join a guild using an invite
#[post("/join/<code>", rank = 1)] #[post("/join/<code>", rank = 1)]
pub fn use_invite(user: UserRef, code: String) -> Response { pub fn use_invite(user: UserRef, code: String) -> Response {
if let Some((guild_id, _, invite)) = get_invite(&code) { if let Some((guild_id, _, invite)) = get_invite(&code, Some(user.id.clone())) {
if let Ok(result) = database::get_collection("members").find_one( if let Ok(result) = database::get_collection("members").find_one(
doc! { doc! {
"_id.guild": &guild_id, "_id.guild": &guild_id,
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment