src/routes/servers/invites_fetch.rs

+use crate::database::*;
+use crate::util::result::{Error, Result};
+
+use futures::StreamExt;
+use mongodb::bson::{doc, from_document};
+use rocket_contrib::json::JsonValue;
+use serde::{Deserialize, Serialize};
+
+#[derive(Serialize, Deserialize, Debug, Clone)]
+pub struct ServerInvite {
+    #[serde(rename = "_id")]
+    code: String,
+    creator: String,
+    channel: String,
+}
+
+#[get("/<target>/invites")]
+pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
+    let target = target.fetch_server().await?;
+
+    let perm = permissions::PermissionCalculator::new(&user)
+        .with_server(&target)
+        .for_server()
+        .await?;
+
+    if !perm.get_manage_server() {
+        Err(Error::MissingPermission)?
+    }
+
+    let mut cursor = get_collection("channel_invites")
+        .find(
+            doc! {
+                "server": target.id
+            },
+            None,
+        )
+        .await
+        .map_err(|_| Error::DatabaseError {
+            operation: "find",
+            with: "channel_invites",
+        })?;
+
+    let mut invites = vec![];
+    while let Some(result) = cursor.next().await {
+        if let Ok(doc) = result {
+            if let Ok(invite) = from_document::<Invite>(doc) {
+                invites.push(invite);
+            }
+        }
+    }
+
+    Ok(json!(invites))
+}

src/routes/servers/member_edit.rs

+use std::collections::HashSet;
+
+use crate::notifications::events::ClientboundNotification;
+use crate::util::result::{Error, Result};
+use crate::{database::*, notifications::events::RemoveMemberField};
+
+use mongodb::bson::{doc, to_document};
+use rocket_contrib::json::Json;
+use serde::{Deserialize, Serialize};
+use validator::Validate;
+
+#[derive(Validate, Serialize, Deserialize)]
+pub struct Data {
+    #[validate(length(min = 1, max = 32))]
+    nickname: Option<String>,
+    avatar: Option<String>,
+    roles: Option<Vec<String>>,
+    remove: Option<RemoveMemberField>,
+}
+
+#[patch("/<server>/members/<target>", data = "<data>")]
+pub async fn req(user: User, server: Ref, target: String, data: Json<Data>) -> Result<()> {
+    let data = data.into_inner();
+    data.validate()
+        .map_err(|error| Error::FailedValidation { error })?;
+
+    if data.nickname.is_none() && data.avatar.is_none() && data.roles.is_none() && data.remove.is_none() {
+        return Ok(());
+    }
+
+    let server = server.fetch_server().await?;
+    let target = Ref::from(target)?.fetch_member(&server.id).await?;
+
+    let perm = permissions::PermissionCalculator::new(&user)
+        .with_server(&server)
+        .for_server()
+        .await?;
+
+    if data.roles.is_some() && !perm.get_manage_roles() {
+        return Err(Error::MissingPermission);
+    }
+
+    if target.id.user == user.id {
+        if (data.nickname.is_some() && !perm.get_change_nickname())
+            || (data.avatar.is_some() && !perm.get_change_avatar())
+        {
+            return Err(Error::MissingPermission);
+        }
+
+        if let Some(remove) = &data.remove {
+            if match remove {
+                RemoveMemberField::Avatar => !perm.get_change_avatar(),
+                RemoveMemberField::Nickname => !perm.get_change_nickname(),
+            } {
+                return Err(Error::MissingPermission);
+            }
+        }
+    } else {
+        if data.avatar.is_some() || (data.nickname.is_some() && !perm.get_manage_nicknames()) {
+            return Err(Error::MissingPermission);
+        }
+
+        if let Some(remove) = &data.remove {
+            if match remove {
+                RemoveMemberField::Avatar => !perm.get_remove_avatars(),
+                RemoveMemberField::Nickname => !perm.get_manage_nicknames(),
+            } {
+                return Err(Error::MissingPermission);
+            }
+        }
+    }
+
+    let mut set = doc! {};
+    let mut unset = doc! {};
+
+    let mut remove_avatar = false;
+    if let Some(remove) = &data.remove {
+        match remove {
+            RemoveMemberField::Avatar => {
+                unset.insert("avatar", 1);
+                remove_avatar = true;
+            }
+            RemoveMemberField::Nickname => {
+                unset.insert("nickname", 1);
+            }
+        }
+    }
+
+    if let Some(name) = &data.nickname {
+        set.insert("nickname", name);
+    }
+
+    if let Some(attachment_id) = &data.avatar {
+        let attachment =
+            File::find_and_use(&attachment_id, "avatars", "user", &target.id.user).await?;
+        set.insert(
+            "avatar",
+            to_document(&attachment).map_err(|_| Error::DatabaseError {
+                operation: "to_document",
+                with: "attachment",
+            })?,
+        );
+
+        remove_avatar = true;
+    }
+
+    if let Some(role_ids) = &data.roles {
+        let mut ids = HashSet::new();
+
+        for role in role_ids {
+            if server.roles.contains_key(role) {
+                ids.insert(role.clone());
+            }
+        }
+
+        set.insert("roles", ids.into_iter().collect::<Vec<String>>());
+    }
+
+    let mut operations = doc! {};
+    if set.len() > 0 {
+        operations.insert("$set", &set);
+    }
+
+    if unset.len() > 0 {
+        operations.insert("$unset", unset);
+    }
+
+    if operations.len() > 0 {
+        get_collection("server_members")
+            .update_one(
+                doc! { "_id.server": &server.id, "_id.user": &target.id.user },
+                operations,
+                None,
+            )
+            .await
+            .map_err(|_| Error::DatabaseError {
+                operation: "update_one",
+                with: "server_member",
+            })?;
+    }
+
+    ClientboundNotification::ServerMemberUpdate {
+        id: target.id.clone(),
+        data: json!(set),
+        clear: data.remove,
+    }
+    .publish(server.id.clone());
+
+    let Member { avatar, .. } = target;
+
+    if remove_avatar {
+        if let Some(old_avatar) = avatar {
+            old_avatar.delete().await?;
+        }
+    }
+
+    Ok(())
+}

src/routes/servers/member_fetch.rs

+use crate::database::*;
+use crate::util::result::{Error, Result};
+
+use mongodb::bson::doc;
+use rocket_contrib::json::JsonValue;
+
+#[get("/<target>/members/<member>")]
+pub async fn req(user: User, target: Ref, member: String) -> Result<JsonValue> {
+    let target = target.fetch_server().await?;
+
+    let perm = permissions::PermissionCalculator::new(&user)
+        .with_server(&target)
+        .for_server()
+        .await?;
+
+    if !perm.get_view() {
+        Err(Error::MissingPermission)?
+    }
+
+    Ok(json!(Ref::from(member)?.fetch_member(&target.id).await?))
+}

src/routes/servers/server_fetch.rs

+use crate::database::*;
+use crate::util::result::{Error, Result};
+
+use rocket_contrib::json::JsonValue;
+
+#[get("/<target>")]
+pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
+    let target = target.fetch_server().await?;
+
+    let perm = permissions::PermissionCalculator::new(&user)
+        .with_server(&target)
+        .for_server()
+        .await?;
+
+    if !perm.get_view() {
+        Err(Error::MissingPermission)?
+    }
+
+    Ok(json!(target))
+}