t/tetratto
1
0
Fork 0
Code Issues Pull requests Projects Releases 5 Packages Wiki Activity Actions

add: grant scopes for all community endpoints

Browse source
This commit is contained in:
trisua 2025-06-13 12:49:09 -04:00
parent ca8f510a3a
commit c3139ef1d2
10 changed files with 342 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

80
crates/app/src/routes/api/v1/communities/communities.rs
View file

@ -5,10 +5,10 @@ use axum::{
};
use axum_extra::extract::CookieJar;
use tetratto_core::model::{
ApiReturn, Error,
auth::Notification,
communities::{Community, CommunityMembership},
communities_permissions::CommunityPermission,
oauth, ApiReturn, Error,
};
use crate::{
@ -44,7 +44,7 @@ pub async fn create_request(
Json(req): Json<CreateCommunity>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserCreateCommunities) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -73,7 +73,7 @@ pub async fn delete_request(
Path(id): Path<usize>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::CommunityDelete) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -95,7 +95,7 @@ pub async fn update_title_request(
Json(req): Json<UpdateCommunityTitle>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::CommunityManage) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -117,7 +117,7 @@ pub async fn update_context_request(
Json(req): Json<UpdateCommunityContext>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::CommunityManage) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -149,7 +149,7 @@ pub async fn update_read_access_request(
Json(req): Json<UpdateCommunityReadAccess>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::CommunityManage) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -174,7 +174,7 @@ pub async fn update_write_access_request(
Json(req): Json<UpdateCommunityWriteAccess>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::CommunityManage) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -199,7 +199,7 @@ pub async fn update_join_access_request(
Json(req): Json<UpdateCommunityJoinAccess>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::CommunityManage) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -224,7 +224,7 @@ pub async fn update_owner_request(
Json(req): Json<UpdateCommunityOwner>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::CommunityTransferOwnership) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -255,7 +255,7 @@ pub async fn get_membership(
Path((cid, uid)): Path<(usize, usize)>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::CommunityReadMemberships) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -286,7 +286,7 @@ pub async fn create_membership(
Path(id): Path<usize>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserJoinCommunities) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -314,7 +314,7 @@ pub async fn delete_membership(
Path((cid, uid)): Path<(usize, usize)>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserManageMemberships) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -341,7 +341,7 @@ pub async fn update_membership_role(
Json(req): Json<UpdateMembershipRole>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserManageMemberships) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -449,7 +449,7 @@ pub async fn supports_titles_request(
Path(id): Path<usize>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
if get_user_from_token!(jar, data).is_none() {
if get_user_from_token!(jar, data, oauth::AppScope::UserReadCommunities).is_none() {
return Json(Error::NotAllowed.into());
}
@ -468,3 +468,55 @@ pub async fn supports_titles_request(
payload: (),
})
}
pub async fn get_request(
jar: CookieJar,
Extension(data): Extension<State>,
Path(id): Path<usize>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
if get_user_from_token!(jar, data, oauth::AppScope::UserReadCommunities).is_none() {
return Json(Error::NotAllowed.into());
}
match data.get_community_by_id_no_void(id).await {
Ok(c) => Json(ApiReturn {
ok: true,
message: "Success".to_string(),
payload: Some(c),
}),
Err(e) => Json(e.into()),
}
}
pub async fn get_communities_request(
jar: CookieJar,
Extension(data): Extension<State>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserReadCommunities) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
let memberships = match data.get_memberships_by_owner(user.id).await {
Ok(p) => p,
Err(e) => return Json(e.into()),
};
let mut communities: Vec<Community> = Vec::new();
for membership in memberships {
let community = match data.get_community_by_id_no_void(membership.community).await {
Ok(p) => p,
Err(e) => return Json(e.into()),
};
communities.push(community)
}
Json(ApiReturn {
ok: true,
message: "Success".to_string(),
payload: Some(communities),
})
}

87
crates/app/src/routes/api/v1/communities/drafts.rs
View file

@ -1,9 +1,16 @@
use axum::{extract::Path, response::IntoResponse, Extension, Json};
use axum::{
extract::{Path, Query},
response::IntoResponse,
Extension, Json,
};
use axum_extra::extract::CookieJar;
use tetratto_core::model::{communities::PostDraft, ApiReturn, Error};
use tetratto_core::model::{communities::PostDraft, oauth, ApiReturn, Error};
use crate::{
get_user_from_token,
routes::api::v1::{CreatePostDraft, UpdatePostContent},
routes::{
api::v1::{CreatePostDraft, UpdatePostContent},
pages::PaginatedQuery,
},
State,
};
@ -13,7 +20,7 @@ pub async fn create_request(
Json(req): Json<CreatePostDraft>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserCreateDrafts) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -37,7 +44,7 @@ pub async fn delete_request(
Path(id): Path<usize>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserDeleteDrafts) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -59,7 +66,7 @@ pub async fn update_content_request(
Json(req): Json<UpdatePostContent>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserEditDrafts) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -73,3 +80,71 @@ pub async fn update_content_request(
Err(e) => Json(e.into()),
}
}
pub async fn get_request(
jar: CookieJar,
Extension(data): Extension<State>,
Path(id): Path<usize>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserReadDrafts) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
match data.get_draft_by_id(id).await {
Ok(d) => {
if d.owner != user.id {
return Json(Error::NotAllowed.into());
}
Json(ApiReturn {
ok: true,
message: "Success".to_string(),
payload: Some(d),
})
}
Err(e) => Json(e.into()),
}
}
pub async fn get_drafts_request(
jar: CookieJar,
Extension(data): Extension<State>,
Query(props): Query<PaginatedQuery>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserReadDrafts) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
match data.get_drafts_by_user(user.id, 12, props.page).await {
Ok(_) => Json(ApiReturn {
ok: true,
message: "Success".to_string(),
payload: (),
}),
Err(e) => Json(e.into()),
}
}
pub async fn get_all_drafts_request(
jar: CookieJar,
Extension(data): Extension<State>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserReadDrafts) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
match data.get_drafts_by_user_all(user.id).await {
Ok(_) => Json(ApiReturn {
ok: true,
message: "Success".to_string(),
payload: (),
}),
Err(e) => Json(e.into()),
}
}

9
crates/app/src/routes/api/v1/communities/emojis.rs
View file

@ -9,6 +9,7 @@ use crate::{
use axum::{body::Body, extract::Path, response::IntoResponse, Extension, Json};
use axum_extra::extract::CookieJar;
use tetratto_core::model::{
oauth,
uploads::{CustomEmoji, MediaType, MediaUpload},
ApiReturn, Error,
};
@ -88,7 +89,7 @@ pub async fn create_request(
img: Image,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::CommunityCreateEmojis) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -174,7 +175,7 @@ pub async fn update_name_request(
Json(req): Json<UpdateEmojiName>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::CommunityManageEmojis) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -195,7 +196,7 @@ pub async fn delete_request(
Path(id): Path<usize>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::CommunityManageEmojis) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -215,7 +216,7 @@ pub async fn get_my_request(
Extension(data): Extension<State>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserReadEmojis) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};

6
crates/app/src/routes/api/v1/communities/images.rs
View file

@ -2,7 +2,7 @@ use axum::{Extension, Json, body::Body, extract::Path, response::IntoResponse};
use axum_extra::extract::CookieJar;
use pathbufd::{PathBufD, pathd};
use std::fs::exists;
use tetratto_core::model::{ApiReturn, Error, permissions::FinePermission};
use tetratto_core::model::{ApiReturn, Error, permissions::FinePermission, oauth};
use crate::{
State,
@ -110,7 +110,7 @@ pub async fn upload_avatar_request(
) -> impl IntoResponse {
// get user from token
let data = &(data.read().await).0;
let auth_user = match get_user_from_token!(jar, data) {
let auth_user = match get_user_from_token!(jar, data, oauth::AppScope::CommunityManage) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -165,7 +165,7 @@ pub async fn upload_banner_request(
) -> impl IntoResponse {
// get user from token
let data = &(data.read().await).0;
let auth_user = match get_user_from_token!(jar, data) {
let auth_user = match get_user_from_token!(jar, data, oauth::AppScope::CommunityManage) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};

19
crates/app/src/routes/api/v1/communities/posts.rs
View file

@ -8,6 +8,7 @@ use axum_extra::extract::CookieJar;
use tetratto_core::model::{
addr::RemoteAddr,
communities::{Poll, PollVote, Post},
oauth,
permissions::FinePermission,
uploads::{MediaType, MediaUpload},
ApiReturn, Error,
@ -32,7 +33,7 @@ pub async fn create_request(
JsonMultipart(images, req): JsonMultipart<CreatePost>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserCreatePosts) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -188,7 +189,7 @@ pub async fn create_repost_request(
Json(req): Json<CreateRepost>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserCreatePosts) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -220,7 +221,7 @@ pub async fn delete_request(
Path(id): Path<usize>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserDeletePosts) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -241,7 +242,7 @@ pub async fn purge_request(
Path(id): Path<usize>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::ModPurgePosts) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -266,7 +267,7 @@ pub async fn restore_request(
Path(id): Path<usize>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::ModDeletePosts) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -292,7 +293,7 @@ pub async fn update_content_request(
Json(req): Json<UpdatePostContent>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserEditPosts) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -314,7 +315,7 @@ pub async fn update_context_request(
Json(req): Json<UpdatePostContext>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserEditPosts) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -346,7 +347,7 @@ pub async fn vote_request(
Json(req): Json<VoteInPoll>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserVote) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -394,7 +395,7 @@ pub async fn update_is_open_request(
Json(req): Json<UpdatePostIsOpen>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserEditPosts) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};

10
crates/app/src/routes/api/v1/communities/questions.rs
View file

@ -5,7 +5,9 @@ use axum::{
Extension, Json,
};
use axum_extra::extract::CookieJar;
use tetratto_core::model::{addr::RemoteAddr, auth::IpBlock, communities::Question, ApiReturn, Error};
use tetratto_core::model::{
addr::RemoteAddr, auth::IpBlock, communities::Question, ApiReturn, Error, oauth,
};
use crate::{get_user_from_token, routes::api::v1::CreateQuestion, State};
pub async fn create_request(
@ -15,7 +17,7 @@ pub async fn create_request(
Json(req): Json<CreateQuestion>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = get_user_from_token!(jar, data);
let user = get_user_from_token!(jar, data, oauth::AppScope::UserCreateQuestions);
if req.is_global && user.is_none() {
return Json(Error::NotAllowed.into());
@ -75,7 +77,7 @@ pub async fn delete_request(
Path(id): Path<usize>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserDeleteQuestions) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -96,7 +98,7 @@ pub async fn ip_block_request(
Path(id): Path<usize>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserCreateIpBlock) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};