1
0
mirror of https://gitlab.com/comunic/comunicapiv3 synced 2024-12-31 16:08:51 +00:00

Determine whether a user can access a group information or not

This commit is contained in:
Pierre HUBERT 2020-06-24 17:57:13 +02:00
parent b89a319cfb
commit ed498a73d6
2 changed files with 22 additions and 3 deletions

View File

@ -11,7 +11,7 @@ pub enum GroupVisibilityLevel {
} }
#[allow(non_camel_case_types)] #[allow(non_camel_case_types)]
#[derive(Eq, PartialEq, Hash, Debug)] #[derive(Eq, PartialEq, Hash, Debug, PartialOrd)]
pub enum GroupAccessLevel { pub enum GroupAccessLevel {
//Can not even know if the group exists or not //Can not even know if the group exists or not
NO_ACCESS = 0, NO_ACCESS = 0,
@ -31,3 +31,17 @@ pub enum GroupAccessLevel {
//Can do everything //Can do everything
ADMIN_ACCESS = 5, ADMIN_ACCESS = 5,
} }
#[cfg(test)]
mod tests {
use crate::data::group::GroupAccessLevel;
#[test]
fn access_level_coherence() {
assert!(GroupAccessLevel::NO_ACCESS < GroupAccessLevel::LIMITED_ACCESS);
assert!(GroupAccessLevel::LIMITED_ACCESS < GroupAccessLevel::VIEW_ACCESS);
assert!(GroupAccessLevel::VIEW_ACCESS < GroupAccessLevel::MEMBER_ACCESS);
assert!(GroupAccessLevel::MEMBER_ACCESS < GroupAccessLevel::MODERATOR_ACCESS);
assert!(GroupAccessLevel::MODERATOR_ACCESS < GroupAccessLevel::ADMIN_ACCESS);
}
}

View File

@ -467,8 +467,13 @@ impl HttpRequestHandler {
let group_id = self.post_group_id(name)?; let group_id = self.post_group_id(name)?;
let access_level = groups_helper::get_access_level(&group_id, self.user_id_opt())?; let access_level = groups_helper::get_access_level(&group_id, self.user_id_opt())?;
// TODO : add security checks if access_level == GroupAccessLevel::NO_ACCESS {
println!("Curr access level: {:?} / Expected: {:?}", access_level, min_level); self.not_found("Specified group not found!".to_string())?;
}
if access_level < min_level {
self.forbidden("You do not have enough rights to perform what you intend to do on this group!".to_string())?;
}
Ok(group_id) Ok(group_id)
} }