mirror of
				https://gitlab.com/comunic/comunicapiv3
				synced 2025-10-25 12:44:43 +00:00 
			
		
		
		
	Determine whether a user can access a group information or not
This commit is contained in:
		| @@ -11,7 +11,7 @@ pub enum GroupVisibilityLevel { | |||||||
| } | } | ||||||
|  |  | ||||||
| #[allow(non_camel_case_types)] | #[allow(non_camel_case_types)] | ||||||
| #[derive(Eq, PartialEq, Hash, Debug)] | #[derive(Eq, PartialEq, Hash, Debug, PartialOrd)] | ||||||
| pub enum GroupAccessLevel { | pub enum GroupAccessLevel { | ||||||
|     //Can not even know if the group exists or not |     //Can not even know if the group exists or not | ||||||
|     NO_ACCESS = 0, |     NO_ACCESS = 0, | ||||||
| @@ -31,3 +31,17 @@ pub enum GroupAccessLevel { | |||||||
|     //Can do everything |     //Can do everything | ||||||
|     ADMIN_ACCESS = 5, |     ADMIN_ACCESS = 5, | ||||||
| } | } | ||||||
|  |  | ||||||
|  | #[cfg(test)] | ||||||
|  | mod tests { | ||||||
|  |     use crate::data::group::GroupAccessLevel; | ||||||
|  |  | ||||||
|  |     #[test] | ||||||
|  |     fn access_level_coherence() { | ||||||
|  |         assert!(GroupAccessLevel::NO_ACCESS < GroupAccessLevel::LIMITED_ACCESS); | ||||||
|  |         assert!(GroupAccessLevel::LIMITED_ACCESS < GroupAccessLevel::VIEW_ACCESS); | ||||||
|  |         assert!(GroupAccessLevel::VIEW_ACCESS < GroupAccessLevel::MEMBER_ACCESS); | ||||||
|  |         assert!(GroupAccessLevel::MEMBER_ACCESS < GroupAccessLevel::MODERATOR_ACCESS); | ||||||
|  |         assert!(GroupAccessLevel::MODERATOR_ACCESS < GroupAccessLevel::ADMIN_ACCESS); | ||||||
|  |     } | ||||||
|  | } | ||||||
| @@ -467,8 +467,13 @@ impl HttpRequestHandler { | |||||||
|         let group_id = self.post_group_id(name)?; |         let group_id = self.post_group_id(name)?; | ||||||
|         let access_level = groups_helper::get_access_level(&group_id, self.user_id_opt())?; |         let access_level = groups_helper::get_access_level(&group_id, self.user_id_opt())?; | ||||||
|  |  | ||||||
|         // TODO : add security checks |         if access_level == GroupAccessLevel::NO_ACCESS { | ||||||
|         println!("Curr access level: {:?} / Expected: {:?}", access_level, min_level); |             self.not_found("Specified group not found!".to_string())?; | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         if access_level < min_level { | ||||||
|  |             self.forbidden("You do not have enough rights to perform what you intend to do on this group!".to_string())?; | ||||||
|  |         } | ||||||
|  |  | ||||||
|         Ok(group_id) |         Ok(group_id) | ||||||
|     } |     } | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user