fix: allow MANAGE_COMMUNITIES user permission to bypass read access

2025-04-13 01:37:39 -04:00 · 2025-04-13 01:37:39 -04:00 · 5d53ceb09c
commit 5d53ceb09c
parent 85bf844e2d
1 changed files with 15 additions and 3 deletions
--- a/crates/app/src/routes/pages/communities.rs
+++ b/crates/app/src/routes/pages/communities.rs
@ -19,8 +19,16 @@ macro_rules! check_permissions {
    ($community:ident, $jar:ident, $data:ident, $user:ident) => {{
        let mut is_member: bool = false;
        let mut can_manage_pins: bool = false;
+        let mut can_manage_communities: bool = false;

        if let Some(ref ua) = $user {
+            if ua
+                .permissions
+                .check(tetratto_core::model::permissions::FinePermission::MANAGE_COMMUNITIES)
+            {
+                can_manage_communities = true;
+            }
+
            if let Ok(membership) = $data
                .0
                .get_membership_by_owner_community(ua.id, $community.id)
@ -44,11 +52,15 @@ macro_rules! check_permissions {

        match $community.read_access {
            CommunityReadAccess::Joined => {
+                if !can_manage_communities {
                    if !is_member {
                        (false, can_manage_pins)
                    } else {
                        (true, can_manage_pins)
                    }
+                } else {
+                    (true, true)
+                }
            }
            _ => (true, can_manage_pins),
        }