Added an is_mod_or_admin function to Community

This commit is contained in:
Dessalines 2020-07-21 10:15:17 -04:00
parent 2eac037408
commit 4b6a762a56
5 changed files with 144 additions and 90 deletions

View file

@ -17,6 +17,7 @@
- [Errors](#errors) - [Errors](#errors)
- [API documentation](#api-documentation) - [API documentation](#api-documentation)
* [Sort Types](#sort-types) * [Sort Types](#sort-types)
* [Undoing actions](#undoing-actions)
* [Websocket vs HTTP](#websocket-vs-http) * [Websocket vs HTTP](#websocket-vs-http)
* [User / Authentication / Admin actions](#user--authentication--admin-actions) * [User / Authentication / Admin actions](#user--authentication--admin-actions)
+ [Login](#login) + [Login](#login)
@ -43,142 +44,198 @@
- [Request](#request-5) - [Request](#request-5)
- [Response](#response-5) - [Response](#response-5)
- [HTTP](#http-6) - [HTTP](#http-6)
+ [Edit User Mention](#edit-user-mention) + [Mark User Mention as read](#mark-user-mention-as-read)
- [Request](#request-6) - [Request](#request-6)
- [Response](#response-6) - [Response](#response-6)
- [HTTP](#http-7) - [HTTP](#http-7)
+ [Mark All As Read](#mark-all-as-read) + [Get Private Messages](#get-private-messages)
- [Request](#request-7) - [Request](#request-7)
- [Response](#response-7) - [Response](#response-7)
- [HTTP](#http-8) - [HTTP](#http-8)
+ [Delete Account](#delete-account) + [Create Private Message](#create-private-message)
- [Request](#request-8) - [Request](#request-8)
- [Response](#response-8) - [Response](#response-8)
- [HTTP](#http-9) - [HTTP](#http-9)
+ [Add admin](#add-admin) + [Edit Private Message](#edit-private-message)
- [Request](#request-9) - [Request](#request-9)
- [Response](#response-9) - [Response](#response-9)
- [HTTP](#http-10) - [HTTP](#http-10)
+ [Ban user](#ban-user) + [Delete Private Message](#delete-private-message)
- [Request](#request-10) - [Request](#request-10)
- [Response](#response-10) - [Response](#response-10)
- [HTTP](#http-11) - [HTTP](#http-11)
* [Site](#site) + [Mark Private Message as Read](#mark-private-message-as-read)
+ [List Categories](#list-categories)
- [Request](#request-11) - [Request](#request-11)
- [Response](#response-11) - [Response](#response-11)
- [HTTP](#http-12) - [HTTP](#http-12)
+ [Search](#search) + [Mark All As Read](#mark-all-as-read)
- [Request](#request-12) - [Request](#request-12)
- [Response](#response-12) - [Response](#response-12)
- [HTTP](#http-13) - [HTTP](#http-13)
+ [Get Modlog](#get-modlog) + [Delete Account](#delete-account)
- [Request](#request-13) - [Request](#request-13)
- [Response](#response-13) - [Response](#response-13)
- [HTTP](#http-14) - [HTTP](#http-14)
+ [Create Site](#create-site) + [Add admin](#add-admin)
- [Request](#request-14) - [Request](#request-14)
- [Response](#response-14) - [Response](#response-14)
- [HTTP](#http-15) - [HTTP](#http-15)
+ [Edit Site](#edit-site) + [Ban user](#ban-user)
- [Request](#request-15) - [Request](#request-15)
- [Response](#response-15) - [Response](#response-15)
- [HTTP](#http-16) - [HTTP](#http-16)
+ [Get Site](#get-site) * [Site](#site)
+ [List Categories](#list-categories)
- [Request](#request-16) - [Request](#request-16)
- [Response](#response-16) - [Response](#response-16)
- [HTTP](#http-17) - [HTTP](#http-17)
+ [Transfer Site](#transfer-site) + [Search](#search)
- [Request](#request-17) - [Request](#request-17)
- [Response](#response-17) - [Response](#response-17)
- [HTTP](#http-18) - [HTTP](#http-18)
+ [Get Site Config](#get-site-config) + [Get Modlog](#get-modlog)
- [Request](#request-18) - [Request](#request-18)
- [Response](#response-18) - [Response](#response-18)
- [HTTP](#http-19) - [HTTP](#http-19)
+ [Save Site Config](#save-site-config) + [Create Site](#create-site)
- [Request](#request-19) - [Request](#request-19)
- [Response](#response-19) - [Response](#response-19)
- [HTTP](#http-20) - [HTTP](#http-20)
* [Community](#community) + [Edit Site](#edit-site)
+ [Get Community](#get-community)
- [Request](#request-20) - [Request](#request-20)
- [Response](#response-20) - [Response](#response-20)
- [HTTP](#http-21) - [HTTP](#http-21)
+ [Create Community](#create-community) + [Get Site](#get-site)
- [Request](#request-21) - [Request](#request-21)
- [Response](#response-21) - [Response](#response-21)
- [HTTP](#http-22) - [HTTP](#http-22)
+ [List Communities](#list-communities) + [Transfer Site](#transfer-site)
- [Request](#request-22) - [Request](#request-22)
- [Response](#response-22) - [Response](#response-22)
- [HTTP](#http-23) - [HTTP](#http-23)
+ [Ban from Community](#ban-from-community) + [Get Site Config](#get-site-config)
- [Request](#request-23) - [Request](#request-23)
- [Response](#response-23) - [Response](#response-23)
- [HTTP](#http-24) - [HTTP](#http-24)
+ [Add Mod to Community](#add-mod-to-community) + [Save Site Config](#save-site-config)
- [Request](#request-24) - [Request](#request-24)
- [Response](#response-24) - [Response](#response-24)
- [HTTP](#http-25) - [HTTP](#http-25)
+ [Edit Community](#edit-community) * [Community](#community)
+ [Get Community](#get-community)
- [Request](#request-25) - [Request](#request-25)
- [Response](#response-25) - [Response](#response-25)
- [HTTP](#http-26) - [HTTP](#http-26)
+ [Follow Community](#follow-community) + [Create Community](#create-community)
- [Request](#request-26) - [Request](#request-26)
- [Response](#response-26) - [Response](#response-26)
- [HTTP](#http-27) - [HTTP](#http-27)
+ [Get Followed Communities](#get-followed-communities) + [List Communities](#list-communities)
- [Request](#request-27) - [Request](#request-27)
- [Response](#response-27) - [Response](#response-27)
- [HTTP](#http-28) - [HTTP](#http-28)
+ [Transfer Community](#transfer-community) + [Ban from Community](#ban-from-community)
- [Request](#request-28) - [Request](#request-28)
- [Response](#response-28) - [Response](#response-28)
- [HTTP](#http-29) - [HTTP](#http-29)
* [Post](#post) + [Add Mod to Community](#add-mod-to-community)
+ [Create Post](#create-post)
- [Request](#request-29) - [Request](#request-29)
- [Response](#response-29) - [Response](#response-29)
- [HTTP](#http-30) - [HTTP](#http-30)
+ [Get Post](#get-post) + [Edit Community](#edit-community)
- [Request](#request-30) - [Request](#request-30)
- [Response](#response-30) - [Response](#response-30)
- [HTTP](#http-31) - [HTTP](#http-31)
+ [Get Posts](#get-posts) + [Delete Community](#delete-community)
- [Request](#request-31) - [Request](#request-31)
- [Response](#response-31) - [Response](#response-31)
- [HTTP](#http-32) - [HTTP](#http-32)
+ [Create Post Like](#create-post-like) + [Remove Community](#remove-community)
- [Request](#request-32) - [Request](#request-32)
- [Response](#response-32) - [Response](#response-32)
- [HTTP](#http-33) - [HTTP](#http-33)
+ [Edit Post](#edit-post) + [Follow Community](#follow-community)
- [Request](#request-33) - [Request](#request-33)
- [Response](#response-33) - [Response](#response-33)
- [HTTP](#http-34) - [HTTP](#http-34)
+ [Save Post](#save-post) + [Get Followed Communities](#get-followed-communities)
- [Request](#request-34) - [Request](#request-34)
- [Response](#response-34) - [Response](#response-34)
- [HTTP](#http-35) - [HTTP](#http-35)
* [Comment](#comment) + [Transfer Community](#transfer-community)
+ [Create Comment](#create-comment)
- [Request](#request-35) - [Request](#request-35)
- [Response](#response-35) - [Response](#response-35)
- [HTTP](#http-36) - [HTTP](#http-36)
+ [Edit Comment](#edit-comment) * [Post](#post)
+ [Create Post](#create-post)
- [Request](#request-36) - [Request](#request-36)
- [Response](#response-36) - [Response](#response-36)
- [HTTP](#http-37) - [HTTP](#http-37)
+ [Save Comment](#save-comment) + [Get Post](#get-post)
- [Request](#request-37) - [Request](#request-37)
- [Response](#response-37) - [Response](#response-37)
- [HTTP](#http-38) - [HTTP](#http-38)
+ [Create Comment Like](#create-comment-like) + [Get Posts](#get-posts)
- [Request](#request-38) - [Request](#request-38)
- [Response](#response-38) - [Response](#response-38)
- [HTTP](#http-39) - [HTTP](#http-39)
+ [Create Post Like](#create-post-like)
- [Request](#request-39)
- [Response](#response-39)
- [HTTP](#http-40)
+ [Edit Post](#edit-post)
- [Request](#request-40)
- [Response](#response-40)
- [HTTP](#http-41)
+ [Delete Post](#delete-post)
- [Request](#request-41)
- [Response](#response-41)
- [HTTP](#http-42)
+ [Remove Post](#remove-post)
- [Request](#request-42)
- [Response](#response-42)
- [HTTP](#http-43)
+ [Lock Post](#lock-post)
- [Request](#request-43)
- [Response](#response-43)
- [HTTP](#http-44)
+ [Sticky Post](#sticky-post)
- [Request](#request-44)
- [Response](#response-44)
- [HTTP](#http-45)
+ [Save Post](#save-post)
- [Request](#request-45)
- [Response](#response-45)
- [HTTP](#http-46)
* [Comment](#comment)
+ [Create Comment](#create-comment)
- [Request](#request-46)
- [Response](#response-46)
- [HTTP](#http-47)
+ [Edit Comment](#edit-comment)
- [Request](#request-47)
- [Response](#response-47)
- [HTTP](#http-48)
+ [Delete Comment](#delete-comment)
- [Request](#request-48)
- [Response](#response-48)
- [HTTP](#http-49)
+ [Remove Comment](#remove-comment)
- [Request](#request-49)
- [Response](#response-49)
- [HTTP](#http-50)
+ [Mark Comment as Read](#mark-comment-as-read)
- [Request](#request-50)
- [Response](#response-50)
- [HTTP](#http-51)
+ [Save Comment](#save-comment)
- [Request](#request-51)
- [Response](#response-51)
- [HTTP](#http-52)
+ [Create Comment Like](#create-comment-like)
- [Request](#request-52)
- [Response](#response-52)
- [HTTP](#http-53)
* [RSS / Atom feeds](#rss--atom-feeds) * [RSS / Atom feeds](#rss--atom-feeds)
+ [All](#all) + [All](#all)
+ [Community](#community-1) + [Community](#community-1)
@ -281,6 +338,10 @@ These go wherever there is a `sort` field. The available sort types are:
- `TopYear` - the most upvoted posts/communities of the current year. - `TopYear` - the most upvoted posts/communities of the current year.
- `TopAll` - the most upvoted posts/communities on the current instance. - `TopAll` - the most upvoted posts/communities on the current instance.
### Undoing actions
Whenever you see a `deleted: bool`, `removed: bool`, `read: bool`, `locked: bool`, etc, you can undo this action by sending `false`.
### Websocket vs HTTP ### Websocket vs HTTP
- Below are the websocket JSON requests / responses. For HTTP, ignore all fields except those inside `data`. - Below are the websocket JSON requests / responses. For HTTP, ignore all fields except those inside `data`.
@ -465,6 +526,9 @@ Only the first user will be able to be the admin.
`GET /user/mentions` `GET /user/mentions`
#### Mark User Mention as read #### Mark User Mention as read
Only the recipient can do this.
##### Request ##### Request
```rust ```rust
{ {
@ -595,6 +659,9 @@ Only the first user will be able to be the admin.
`POST /private_message/delete` `POST /private_message/delete`
#### Mark Private Message as Read #### Mark Private Message as Read
Only the recipient can do this.
##### Request ##### Request
```rust ```rust
{ {
@ -1661,6 +1728,9 @@ Only a mod or admin can remove the comment.
`POST /comment/remove` `POST /comment/remove`
#### Mark Comment as Read #### Mark Comment as Read
Only the recipient can do this.
##### Request ##### Request
```rust ```rust
{ {

View file

@ -133,7 +133,7 @@ impl Community {
.get_result::<Self>(conn) .get_result::<Self>(conn)
} }
pub fn community_mods_and_admins( fn community_mods_and_admins(
conn: &PgConnection, conn: &PgConnection,
community_id: i32, community_id: i32,
) -> Result<Vec<i32>, Error> { ) -> Result<Vec<i32>, Error> {
@ -147,6 +147,12 @@ impl Community {
.append(&mut UserView::admins(conn).map(|v| v.into_iter().map(|a| a.id).collect())?); .append(&mut UserView::admins(conn).map(|v| v.into_iter().map(|a| a.id).collect())?);
Ok(mods_and_admins) Ok(mods_and_admins)
} }
pub fn is_mod_or_admin(conn: &PgConnection, user_id: i32, community_id: i32) -> bool {
Self::community_mods_and_admins(conn, community_id)
.unwrap_or_default()
.contains(&user_id)
}
} }
#[derive(Identifiable, Queryable, Associations, PartialEq, Debug)] #[derive(Identifiable, Queryable, Associations, PartialEq, Debug)]

View file

@ -474,11 +474,11 @@ impl Perform for Oper<RemoveComment> {
} }
// Verify that only a mod or admin can remove // Verify that only a mod or admin can remove
let mods_and_admins = blocking(pool, move |conn| { let is_mod_or_admin = blocking(pool, move |conn| {
Community::community_mods_and_admins(conn, community_id) Community::is_mod_or_admin(conn, user_id, community_id)
}) })
.await??; .await?;
if !mods_and_admins.contains(&user_id) { if !is_mod_or_admin {
return Err(APIError::err("not_an_admin").into()); return Err(APIError::err("not_an_admin").into());
} }

View file

@ -802,26 +802,15 @@ impl Perform for Oper<BanFromCommunity> {
let user_id = claims.id; let user_id = claims.id;
let mut community_moderators: Vec<i32> = vec![];
let community_id = data.community_id; let community_id = data.community_id;
community_moderators.append( // Verify that only mods or admins can ban
&mut blocking(pool, move |conn| { let is_mod_or_admin = blocking(pool, move |conn| {
CommunityModeratorView::for_community(&conn, community_id) Community::is_mod_or_admin(conn, user_id, community_id)
.map(|v| v.into_iter().map(|m| m.user_id).collect())
}) })
.await??, .await?;
); if !is_mod_or_admin {
community_moderators.append( return Err(APIError::err("not_an_admin").into());
&mut blocking(pool, move |conn| {
UserView::admins(conn).map(|v| v.into_iter().map(|a| a.id).collect())
})
.await??,
);
if !community_moderators.contains(&user_id) {
return Err(APIError::err("couldnt_update_community").into());
} }
let community_user_ban_form = CommunityUserBanForm { let community_user_ban_form = CommunityUserBanForm {
@ -901,26 +890,15 @@ impl Perform for Oper<AddModToCommunity> {
user_id: data.user_id, user_id: data.user_id,
}; };
let mut community_moderators: Vec<i32> = vec![];
let community_id = data.community_id; let community_id = data.community_id;
community_moderators.append( // Verify that only mods or admins can add mod
&mut blocking(pool, move |conn| { let is_mod_or_admin = blocking(pool, move |conn| {
CommunityModeratorView::for_community(&conn, community_id) Community::is_mod_or_admin(conn, user_id, community_id)
.map(|v| v.into_iter().map(|m| m.user_id).collect())
}) })
.await??, .await?;
); if !is_mod_or_admin {
community_moderators.append( return Err(APIError::err("not_an_admin").into());
&mut blocking(pool, move |conn| {
UserView::admins(conn).map(|v| v.into_iter().map(|a| a.id).collect())
})
.await??,
);
if !community_moderators.contains(&user_id) {
return Err(APIError::err("couldnt_update_community").into());
} }
if data.added { if data.added {

View file

@ -770,11 +770,11 @@ impl Perform for Oper<RemovePost> {
} }
// Verify that only the mods can remove // Verify that only the mods can remove
let mods_and_admins = blocking(pool, move |conn| { let is_mod_or_admin = blocking(pool, move |conn| {
Community::community_mods_and_admins(conn, community_id) Community::is_mod_or_admin(conn, user_id, community_id)
}) })
.await??; .await?;
if !mods_and_admins.contains(&user_id) { if !is_mod_or_admin {
return Err(APIError::err("not_an_admin").into()); return Err(APIError::err("not_an_admin").into());
} }
@ -861,11 +861,11 @@ impl Perform for Oper<LockPost> {
} }
// Verify that only the mods can lock // Verify that only the mods can lock
let mods_and_admins = blocking(pool, move |conn| { let is_mod_or_admin = blocking(pool, move |conn| {
Community::community_mods_and_admins(conn, community_id) Community::is_mod_or_admin(conn, user_id, community_id)
}) })
.await??; .await?;
if !mods_and_admins.contains(&user_id) { if !is_mod_or_admin {
return Err(APIError::err("not_an_admin").into()); return Err(APIError::err("not_an_admin").into());
} }
@ -943,11 +943,11 @@ impl Perform for Oper<StickyPost> {
} }
// Verify that only the mods can sticky // Verify that only the mods can sticky
let mods_and_admins = blocking(pool, move |conn| { let is_mod_or_admin = blocking(pool, move |conn| {
Community::community_mods_and_admins(conn, community_id) Community::is_mod_or_admin(conn, user_id, community_id)
}) })
.await??; .await?;
if !mods_and_admins.contains(&user_id) { if !is_mod_or_admin {
return Err(APIError::err("not_an_admin").into()); return Err(APIError::err("not_an_admin").into());
} }