Determine whether a user can access a group information or not

src/data/group.rs

@@ -11,7 +11,7 @@ pub enum GroupVisibilityLevel {
 }
 
 #[allow(non_camel_case_types)]
-#[derive(Eq, PartialEq, Hash, Debug)]
+#[derive(Eq, PartialEq, Hash, Debug, PartialOrd)]
 pub enum GroupAccessLevel {
     //Can not even know if the group exists or not
     NO_ACCESS = 0,
@@ -30,4 +30,18 @@ pub enum GroupAccessLevel {
 
     //Can do everything
     ADMIN_ACCESS = 5,
+}
+
+#[cfg(test)]
+mod tests {
+    use crate::data::group::GroupAccessLevel;
+
+    #[test]
+    fn access_level_coherence() {
+        assert!(GroupAccessLevel::NO_ACCESS < GroupAccessLevel::LIMITED_ACCESS);
+        assert!(GroupAccessLevel::LIMITED_ACCESS < GroupAccessLevel::VIEW_ACCESS);
+        assert!(GroupAccessLevel::VIEW_ACCESS < GroupAccessLevel::MEMBER_ACCESS);
+        assert!(GroupAccessLevel::MEMBER_ACCESS < GroupAccessLevel::MODERATOR_ACCESS);
+        assert!(GroupAccessLevel::MODERATOR_ACCESS < GroupAccessLevel::ADMIN_ACCESS);
+    }
 }

src/data/http_request_handler.rs

@@ -467,8 +467,13 @@ impl HttpRequestHandler {
         let group_id = self.post_group_id(name)?;
         let access_level = groups_helper::get_access_level(&group_id, self.user_id_opt())?;
 
-        // TODO : add security checks
-        println!("Curr access level: {:?} / Expected: {:?}", access_level, min_level);
+        if access_level == GroupAccessLevel::NO_ACCESS {
+            self.not_found("Specified group not found!".to_string())?;
+        }
+
+        if access_level < min_level {
+            self.forbidden("You do not have enough rights to perform what you intend to do on this group!".to_string())?;
+        }
 
         Ok(group_id)
     }