Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 restitux
|
826a3b59c9 |
@@ -47,7 +47,16 @@ struct GetAppsResponse {
|
||||
impl crate::backend::Backend {
|
||||
#[craft(endpoint(status_codes(StatusCode::OK, StatusCode::INTERNAL_SERVER_ERROR)))]
|
||||
pub async fn get_apps(self: ::std::sync::Arc<Self>, depot: &mut Depot) -> AppResult<Json<GetAppsResponse>> {
|
||||
let user = auth::get_user_from_depot(depot).cloned();
|
||||
let user = match auth::get_user_from_depot(depot) {
|
||||
Some(u) => u.clone(),
|
||||
None => {
|
||||
error!("get_apps reached without authenticated user in depot");
|
||||
return Err(AppError {
|
||||
status_code: StatusCode::UNAUTHORIZED,
|
||||
description: "Not authenticated".to_string(),
|
||||
});
|
||||
}
|
||||
};
|
||||
let standard_error = Err(AppError {
|
||||
status_code: StatusCode::INTERNAL_SERVER_ERROR,
|
||||
description: "failed to get available apps".to_string(),
|
||||
@@ -146,18 +155,16 @@ impl crate::backend::Backend {
|
||||
}
|
||||
|
||||
// Filter apps by user permissions (admins see everything)
|
||||
if let Some(ref user) = user {
|
||||
if !user.is_admin {
|
||||
let permissions = self.db.get_permissions(&user.id).unwrap_or_default();
|
||||
for (server_name, apps) in get_apps_resp.apps.iter_mut() {
|
||||
apps.retain(|app| {
|
||||
permissions.iter().any(|p| {
|
||||
p.server == *server_name && p.app_id == app.id as i64
|
||||
})
|
||||
});
|
||||
}
|
||||
get_apps_resp.apps.retain(|_, apps| !apps.is_empty());
|
||||
if !user.is_admin {
|
||||
let permissions = self.db.get_permissions(&user.id).unwrap_or_default();
|
||||
for (server_name, apps) in get_apps_resp.apps.iter_mut() {
|
||||
apps.retain(|app| {
|
||||
permissions.iter().any(|p| {
|
||||
p.server == *server_name && p.app_id == app.id as i64
|
||||
})
|
||||
});
|
||||
}
|
||||
get_apps_resp.apps.retain(|_, apps| !apps.is_empty());
|
||||
}
|
||||
|
||||
Ok(Json(get_apps_resp))
|
||||
|
||||
@@ -90,20 +90,28 @@ impl crate::backend::Backend {
|
||||
});
|
||||
|
||||
// Check app permission
|
||||
if let Some(user) = auth::get_user_from_depot(depot) {
|
||||
if !user.is_admin {
|
||||
match self.db.check_app_permission(&user.id, &body.server, body.id as i64) {
|
||||
Ok(true) => {}
|
||||
Ok(false) => {
|
||||
return Err(AppError {
|
||||
status_code: StatusCode::FORBIDDEN,
|
||||
description: "You do not have permission to access this application".to_string(),
|
||||
});
|
||||
}
|
||||
Err(e) => {
|
||||
error!("Permission check error: {e}");
|
||||
return standard_error;
|
||||
}
|
||||
let user = match auth::get_user_from_depot(depot) {
|
||||
Some(u) => u.clone(),
|
||||
None => {
|
||||
error!("post_stream_start reached without authenticated user in depot");
|
||||
return Err(AppError {
|
||||
status_code: StatusCode::UNAUTHORIZED,
|
||||
description: "Not authenticated".to_string(),
|
||||
});
|
||||
}
|
||||
};
|
||||
if !user.is_admin {
|
||||
match self.db.check_app_permission(&user.id, &body.server, body.id as i64) {
|
||||
Ok(true) => {}
|
||||
Ok(false) => {
|
||||
return Err(AppError {
|
||||
status_code: StatusCode::FORBIDDEN,
|
||||
description: "You do not have permission to access this application".to_string(),
|
||||
});
|
||||
}
|
||||
Err(e) => {
|
||||
error!("Permission check error: {e}");
|
||||
return standard_error;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user