mirror of
https://gitlab.com/comunic/comunicapiv3
synced 2024-12-28 14:38:52 +00:00
Validate that a user can see another user's page
This commit is contained in:
parent
cf2d9606d9
commit
253d33ef7d
@ -50,6 +50,9 @@ pub fn get_multiple(request: &mut HttpRequestHandler) -> RequestResult {
|
||||
pub fn get_advanced_info(request: &mut HttpRequestHandler) -> RequestResult {
|
||||
let user_id = request.post_user_id("userID")?;
|
||||
|
||||
if !user_helper::can_see_user_page(request.user_id_opt().unwrap_or(0), user_id)? {
|
||||
request.forbidden("You are not allowed to see this user page!".to_string())?;
|
||||
}
|
||||
|
||||
request.success("get user info")
|
||||
}
|
@ -2,6 +2,8 @@ use crate::data::error::ResultBoxError;
|
||||
use crate::data::user::{User, UserID, UserPageStatus, AccountImageVisibility};
|
||||
use crate::helpers::database;
|
||||
use crate::constants::database_tables_names::USERS_TABLE;
|
||||
use crate::data::user::UserPageStatus::PUBLIC;
|
||||
use crate::helpers::friends_helper::are_friend;
|
||||
|
||||
/// User helper
|
||||
///
|
||||
@ -59,4 +61,35 @@ pub fn exists(id: UserID) -> ResultBoxError<bool> {
|
||||
Ok(database::QueryInfo::new(USERS_TABLE)
|
||||
.cond_i64("ID", id)
|
||||
.exec_count()? > 0)
|
||||
}
|
||||
|
||||
/// Check if a given user can see another user's page
|
||||
pub fn can_see_user_page(user_id: UserID, target_user: UserID) -> ResultBoxError<bool> {
|
||||
if user_id == target_user {
|
||||
return Ok(true);
|
||||
}
|
||||
|
||||
let visibility = find_user_by_id(target_user)?.status;
|
||||
|
||||
// Open page = OK
|
||||
if visibility == UserPageStatus::OPEN {
|
||||
return Ok(true);
|
||||
}
|
||||
|
||||
// The user need to be signed in
|
||||
if user_id <= 0 {
|
||||
return Ok(false);
|
||||
}
|
||||
|
||||
// Public Page = OK for signed in users
|
||||
if visibility == PUBLIC {
|
||||
return Ok(true);
|
||||
}
|
||||
|
||||
// Check if the users are friends
|
||||
if !are_friend(user_id, target_user)? {
|
||||
return Ok(false);
|
||||
}
|
||||
|
||||
return Ok(true);
|
||||
}
|
Loading…
Reference in New Issue
Block a user