diff --git a/src/controllers/conversations_controller.rs b/src/controllers/conversations_controller.rs index 221def8..666a19f 100644 --- a/src/controllers/conversations_controller.rs +++ b/src/controllers/conversations_controller.rs @@ -143,12 +143,36 @@ pub fn add_member(r: &mut HttpRequestHandler) -> RequestResult { r.success("The user was added to the conversation!") } +/// Update admin status of a user +pub fn set_admin(r: &mut HttpRequestHandler) -> RequestResult { + let conv_membership = r.post_conv("convID")?; + let conv = conversations_helper::get_single(conv_membership.conv_id)?; + let user_to_update = r.post_user_id("userID")?; + let set_admin = r.post_bool("setAdmin")?; + + if conv.is_managed() { + r.bad_request("This conversation is managed, you can not manually change its members!".to_string())?; + } + + if !conv.can_mark_other_users_admin(r.user_id_ref()?) { + r.forbidden("You are not allowed to make users admin in this conversation!".to_string())?; + } + + if conv.get_membership(&user_to_update).is_none() { + r.bad_request("This user is not a member of this conversation!".to_string())?; + } + + conversations_helper::set_admin(&conv.id, &user_to_update, set_admin)?; + + r.success("The user was added to the conversation!") +} + /// Remove a member from a conversation pub fn remove_member(r: &mut HttpRequestHandler) -> RequestResult { let conv_membership = r.post_conv("convID")?; let conv = conversations_helper::get_single(conv_membership.conv_id)?; - let user_to_add = r.post_user_id("userID")?; + let user_to_remove = r.post_user_id("userID")?; if conv.is_managed() { r.bad_request("This conversation is managed, you can not manually change its members!".to_string())?; @@ -158,11 +182,11 @@ pub fn remove_member(r: &mut HttpRequestHandler) -> RequestResult { r.forbidden("You are not allowed to remove members from this conversation!".to_string())?; } - if conv.get_membership(&user_to_add).is_none() { + if conv.get_membership(&user_to_remove).is_none() { r.bad_request("This user is not a member of this conversation!".to_string())?; } - conversations_helper::remove_member(&user_to_add, conv.id, r.user_id_ref()?)?; + conversations_helper::remove_member(&user_to_remove, conv.id, r.user_id_ref()?)?; r.ok() } diff --git a/src/data/conversation.rs b/src/data/conversation.rs index a6997d9..2c209e4 100644 --- a/src/data/conversation.rs +++ b/src/data/conversation.rs @@ -75,6 +75,11 @@ impl Conversation { !self.is_managed() && (self.is_admin(user_id) || self.can_everyone_add_members) } + /// Check out whether a user can mark other admin or not + pub fn can_mark_other_users_admin(&self, user_id: &UserID) -> bool { + !self.is_managed() && self.is_admin(user_id) + } + /// Check out whether a user can remove members from a conversation or not pub fn can_user_remove_members(&self, user_id: &UserID) -> bool { !self.is_managed() && self.is_admin(user_id) diff --git a/src/routes.rs b/src/routes.rs index c731d06..ed6427c 100644 --- a/src/routes.rs +++ b/src/routes.rs @@ -195,6 +195,7 @@ pub fn get_routes() -> Vec { Route::post("/conversations/get_single", Box::new(conversations_controller::get_single)), Route::post("/conversations/updateSettings", Box::new(conversations_controller::update_settings)), Route::post("/conversations/addMember", Box::new(conversations_controller::add_member)), + Route::post("/conversations/setAdmin", Box::new(conversations_controller::set_admin)), Route::post("/conversations/removeMember", Box::new(conversations_controller::remove_member)), Route::post("/conversations/getPrivate", Box::new(conversations_controller::find_private)), Route::post("/conversations/refresh_single", Box::new(conversations_controller::refresh_single)),