Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 restitux
|
826a3b59c9 |
@@ -47,7 +47,16 @@ struct GetAppsResponse {
|
|||||||
impl crate::backend::Backend {
|
impl crate::backend::Backend {
|
||||||
#[craft(endpoint(status_codes(StatusCode::OK, StatusCode::INTERNAL_SERVER_ERROR)))]
|
#[craft(endpoint(status_codes(StatusCode::OK, StatusCode::INTERNAL_SERVER_ERROR)))]
|
||||||
pub async fn get_apps(self: ::std::sync::Arc<Self>, depot: &mut Depot) -> AppResult<Json<GetAppsResponse>> {
|
pub async fn get_apps(self: ::std::sync::Arc<Self>, depot: &mut Depot) -> AppResult<Json<GetAppsResponse>> {
|
||||||
let user = auth::get_user_from_depot(depot).cloned();
|
let user = match auth::get_user_from_depot(depot) {
|
||||||
|
Some(u) => u.clone(),
|
||||||
|
None => {
|
||||||
|
error!("get_apps reached without authenticated user in depot");
|
||||||
|
return Err(AppError {
|
||||||
|
status_code: StatusCode::UNAUTHORIZED,
|
||||||
|
description: "Not authenticated".to_string(),
|
||||||
|
});
|
||||||
|
}
|
||||||
|
};
|
||||||
let standard_error = Err(AppError {
|
let standard_error = Err(AppError {
|
||||||
status_code: StatusCode::INTERNAL_SERVER_ERROR,
|
status_code: StatusCode::INTERNAL_SERVER_ERROR,
|
||||||
description: "failed to get available apps".to_string(),
|
description: "failed to get available apps".to_string(),
|
||||||
@@ -146,18 +155,16 @@ impl crate::backend::Backend {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Filter apps by user permissions (admins see everything)
|
// Filter apps by user permissions (admins see everything)
|
||||||
if let Some(ref user) = user {
|
if !user.is_admin {
|
||||||
if !user.is_admin {
|
let permissions = self.db.get_permissions(&user.id).unwrap_or_default();
|
||||||
let permissions = self.db.get_permissions(&user.id).unwrap_or_default();
|
for (server_name, apps) in get_apps_resp.apps.iter_mut() {
|
||||||
for (server_name, apps) in get_apps_resp.apps.iter_mut() {
|
apps.retain(|app| {
|
||||||
apps.retain(|app| {
|
permissions.iter().any(|p| {
|
||||||
permissions.iter().any(|p| {
|
p.server == *server_name && p.app_id == app.id as i64
|
||||||
p.server == *server_name && p.app_id == app.id as i64
|
})
|
||||||
})
|
});
|
||||||
});
|
|
||||||
}
|
|
||||||
get_apps_resp.apps.retain(|_, apps| !apps.is_empty());
|
|
||||||
}
|
}
|
||||||
|
get_apps_resp.apps.retain(|_, apps| !apps.is_empty());
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(Json(get_apps_resp))
|
Ok(Json(get_apps_resp))
|
||||||
|
|||||||
@@ -90,20 +90,28 @@ impl crate::backend::Backend {
|
|||||||
});
|
});
|
||||||
|
|
||||||
// Check app permission
|
// Check app permission
|
||||||
if let Some(user) = auth::get_user_from_depot(depot) {
|
let user = match auth::get_user_from_depot(depot) {
|
||||||
if !user.is_admin {
|
Some(u) => u.clone(),
|
||||||
match self.db.check_app_permission(&user.id, &body.server, body.id as i64) {
|
None => {
|
||||||
Ok(true) => {}
|
error!("post_stream_start reached without authenticated user in depot");
|
||||||
Ok(false) => {
|
return Err(AppError {
|
||||||
return Err(AppError {
|
status_code: StatusCode::UNAUTHORIZED,
|
||||||
status_code: StatusCode::FORBIDDEN,
|
description: "Not authenticated".to_string(),
|
||||||
description: "You do not have permission to access this application".to_string(),
|
});
|
||||||
});
|
}
|
||||||
}
|
};
|
||||||
Err(e) => {
|
if !user.is_admin {
|
||||||
error!("Permission check error: {e}");
|
match self.db.check_app_permission(&user.id, &body.server, body.id as i64) {
|
||||||
return standard_error;
|
Ok(true) => {}
|
||||||
}
|
Ok(false) => {
|
||||||
|
return Err(AppError {
|
||||||
|
status_code: StatusCode::FORBIDDEN,
|
||||||
|
description: "You do not have permission to access this application".to_string(),
|
||||||
|
});
|
||||||
|
}
|
||||||
|
Err(e) => {
|
||||||
|
error!("Permission check error: {e}");
|
||||||
|
return standard_error;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user