mirror of
https://gitlab.com/comunic/comunicapiv3
synced 2025-01-01 00:18:50 +00:00
Determine whether a user can access a group information or not
This commit is contained in:
parent
b89a319cfb
commit
ed498a73d6
@ -11,7 +11,7 @@ pub enum GroupVisibilityLevel {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#[allow(non_camel_case_types)]
|
#[allow(non_camel_case_types)]
|
||||||
#[derive(Eq, PartialEq, Hash, Debug)]
|
#[derive(Eq, PartialEq, Hash, Debug, PartialOrd)]
|
||||||
pub enum GroupAccessLevel {
|
pub enum GroupAccessLevel {
|
||||||
//Can not even know if the group exists or not
|
//Can not even know if the group exists or not
|
||||||
NO_ACCESS = 0,
|
NO_ACCESS = 0,
|
||||||
@ -31,3 +31,17 @@ pub enum GroupAccessLevel {
|
|||||||
//Can do everything
|
//Can do everything
|
||||||
ADMIN_ACCESS = 5,
|
ADMIN_ACCESS = 5,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
mod tests {
|
||||||
|
use crate::data::group::GroupAccessLevel;
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn access_level_coherence() {
|
||||||
|
assert!(GroupAccessLevel::NO_ACCESS < GroupAccessLevel::LIMITED_ACCESS);
|
||||||
|
assert!(GroupAccessLevel::LIMITED_ACCESS < GroupAccessLevel::VIEW_ACCESS);
|
||||||
|
assert!(GroupAccessLevel::VIEW_ACCESS < GroupAccessLevel::MEMBER_ACCESS);
|
||||||
|
assert!(GroupAccessLevel::MEMBER_ACCESS < GroupAccessLevel::MODERATOR_ACCESS);
|
||||||
|
assert!(GroupAccessLevel::MODERATOR_ACCESS < GroupAccessLevel::ADMIN_ACCESS);
|
||||||
|
}
|
||||||
|
}
|
@ -467,8 +467,13 @@ impl HttpRequestHandler {
|
|||||||
let group_id = self.post_group_id(name)?;
|
let group_id = self.post_group_id(name)?;
|
||||||
let access_level = groups_helper::get_access_level(&group_id, self.user_id_opt())?;
|
let access_level = groups_helper::get_access_level(&group_id, self.user_id_opt())?;
|
||||||
|
|
||||||
// TODO : add security checks
|
if access_level == GroupAccessLevel::NO_ACCESS {
|
||||||
println!("Curr access level: {:?} / Expected: {:?}", access_level, min_level);
|
self.not_found("Specified group not found!".to_string())?;
|
||||||
|
}
|
||||||
|
|
||||||
|
if access_level < min_level {
|
||||||
|
self.forbidden("You do not have enough rights to perform what you intend to do on this group!".to_string())?;
|
||||||
|
}
|
||||||
|
|
||||||
Ok(group_id)
|
Ok(group_id)
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user