Fixed some permissions

RPGLibrarium · Mar 2, 2022 · c1d6bbd · c1d6bbd
1 parent b589be5
commit c1d6bbd
Show file tree

Hide file tree

Showing 6 changed files with 16 additions and 30 deletions.
diff --git a/src/actions.rs b/src/actions.rs
@@ -511,7 +511,7 @@ pub trait AccountAssertions {
 
 impl AccountAssertions for Option<Account> {
     fn assert_active(self) -> Result<Account, UE> {
-        let account = self.ok_or(UserFacingError::YouShallNotPass)?;
+        let account = self.ok_or(UserFacingError::NotRegistered)?;
         match account.active {
             true => Ok(account),
             false => Err(UE::Deactivated),

diff --git a/src/api/guilds.rs b/src/api/guilds.rs
@@ -98,7 +98,6 @@ pub mod collection {
     ) -> MyResponder {
         let (guild_id, search_id) = *search_ids;
 
-        //TODO: find better roles. s.o.
         authentication.require_scope(GUILDS_READ)?;
         let conn = app.open_database_connection()?;
         let guild = find_guild(&conn, guild_id)?;

diff --git a/src/api/me.rs b/src/api/me.rs
@@ -75,12 +75,11 @@ pub async fn put(
 
 pub mod collection {
     use crate::actions;
-    use crate::actions::{delete_book_owned_by_member, find_book_owned_by_member};
+    use crate::actions::{AccountAssertions, delete_book_owned_by_member, find_book_owned_by_member};
     use crate::api::MyResponder;
     use crate::app::AppState;
     use crate::authentication::scopes::{COLLECTION_MODIFY, COLLECTION_READ};
     use crate::authentication::Claims;
-    use crate::error::UserFacingError;
     use crate::models::{Id, PostOwnedBook};
     use actix_web::{web, HttpResponse};
 
@@ -90,10 +89,7 @@ pub mod collection {
         let external_id = claims.external_account_id()?;
         let conn = app.open_database_connection()?;
         let account = actions::find_current_registered_account(&conn, external_id)?
-            .ok_or(UserFacingError::YouShallNotPass)?;
-        if !account.active {
-            return Err(UserFacingError::Deactivated);
-        }
+            .assert_active()?;
         let books = actions::list_books_owned_by_member(&conn, account)?;
         Ok(HttpResponse::Ok().json(books))
     }
@@ -107,10 +103,7 @@ pub mod collection {
         let external_id = claims.external_account_id()?;
         let conn = app.open_database_connection()?;
         let account = actions::find_current_registered_account(&conn, external_id)?
-            .ok_or(UserFacingError::YouShallNotPass)?;
-        if !account.active {
-            return Err(UserFacingError::Deactivated);
-        }
+            .assert_active()?;
         let created_book =
             actions::create_book_owned_by_member(&conn, account, posted_book.into_inner())?;
         Ok(HttpResponse::Created().json(created_book))
@@ -125,10 +118,7 @@ pub mod collection {
         let external_id = claims.external_account_id()?;
         let conn = app.open_database_connection()?;
         let account = actions::find_current_registered_account(&conn, external_id)?
-            .ok_or(UserFacingError::YouShallNotPass)?;
-        if !account.active {
-            return Err(UserFacingError::Deactivated);
-        }
+            .assert_active()?;
         let book = find_book_owned_by_member(&conn, account, *search_id)?;
         Ok(HttpResponse::Created().json(book))
     }
@@ -142,10 +132,7 @@ pub mod collection {
         let external_id = claims.external_account_id()?;
         let conn = app.open_database_connection()?;
         let account = actions::find_current_registered_account(&conn, external_id)?
-            .ok_or(UserFacingError::YouShallNotPass)?;
-        if !account.active {
-            return Err(UserFacingError::Deactivated);
-        }
+            .assert_active()?;
         delete_book_owned_by_member(&conn, &account, *delete_id)?;
         Ok(HttpResponse::Ok().finish())
     }

diff --git a/src/api/rpg_systems.rs b/src/api/rpg_systems.rs
@@ -46,7 +46,7 @@ pub async fn put(
     write_to_id: web::Path<Id>,
     new_info: web::Json<NewRpgSystem>,
 ) -> MyResponder {
-    authentication.require_scope(RPGSYSTEMS_ADD)?;
+    authentication.require_scope(LIBRARIAN_RPGSYSTEMS_MODIFY)?;
     let conn = app.open_database_connection()?;
     let updated = actions::update_rpg_system(&conn, *write_to_id, new_info.into_inner())?;
     Ok(HttpResponse::Ok().json(updated))
@@ -57,7 +57,7 @@ pub async fn delete(
     authentication: Claims,
     delete_id: web::Path<Id>,
 ) -> MyResponder {
-    authentication.require_scope(RPGSYSTEMS_ADD)?;
+    authentication.require_scope(LIBRARIAN_RPGSYSTEMS_MODIFY)?;
     let conn = app.open_database_connection()?;
     actions::delete_rpgsystem(&conn, *delete_id)?;
     Ok(HttpResponse::Ok().finish())

diff --git a/src/api/titles.rs b/src/api/titles.rs
@@ -3,7 +3,7 @@ use crate::api::MyResponder;
 use crate::app::AppState;
 use crate::authentication::scopes::*;
 use crate::authentication::Claims;
-use crate::models::NewTitle;
+use crate::models::{Id, NewTitle};
 use actix_web::{web, HttpResponse};
 
 pub async fn get_all(app: web::Data<AppState>, authentication: Claims) -> MyResponder {
@@ -27,7 +27,7 @@ pub async fn post(
 pub async fn get_one(
     app: web::Data<AppState>,
     authentication: Claims,
-    search_id: web::Path<i32>,
+    search_id: web::Path<Id>,
 ) -> MyResponder {
     authentication.requires_nothing()?;
     let conn = app.open_database_connection()?;
@@ -38,10 +38,10 @@ pub async fn get_one(
 pub async fn put(
     app: web::Data<AppState>,
     authentication: Claims,
-    write_to_id: web::Path<i32>,
+    write_to_id: web::Path<Id>,
     new_info: web::Json<NewTitle>,
 ) -> MyResponder {
-    authentication.require_scope(TITLES_ADD)?;
+    authentication.require_scope(LIBRARIAN_TITLES_MODIFY)?;
     let conn = app.open_database_connection()?;
     let updated = actions::update_title(&conn, *write_to_id, new_info.into_inner())?;
     Ok(HttpResponse::Ok().json(updated))
@@ -50,9 +50,9 @@ pub async fn put(
 pub async fn delete(
     app: web::Data<AppState>,
     authentication: Claims,
-    delete_id: web::Path<i32>,
+    delete_id: web::Path<Id>,
 ) -> MyResponder {
-    authentication.require_scope(TITLES_ADD)?;
+    authentication.require_scope(LIBRARIAN_TITLES_MODIFY)?;
     let conn = app.open_database_connection()?;
     actions::delete_title(&conn, *delete_id)?;
     Ok(HttpResponse::Ok().finish())

diff --git a/src/api/users.rs b/src/api/users.rs
@@ -3,7 +3,7 @@ use crate::api::MyResponder;
 use crate::app::AppState;
 use crate::authentication::scopes::USERS_READ;
 use crate::authentication::Claims;
-use crate::models::User;
+use crate::models::{Id, User};
 use actix_web::{web, HttpResponse};
 
 pub async fn get_all(app: web::Data<AppState>, authentication: Claims) -> MyResponder {
@@ -17,7 +17,7 @@ pub async fn get_all(app: web::Data<AppState>, authentication: Claims) -> MyResp
 pub async fn get_one(
     app: web::Data<AppState>,
     authentication: Claims,
-    id: web::Path<i32>,
+    id: web::Path<Id>,
 ) -> MyResponder {
     authentication.require_scope(USERS_READ)?;
     let conn = app.open_database_connection()?;