From e092d465867a046b6f96672058182d577cbafdb7 Mon Sep 17 00:00:00 2001 From: trisua Date: Sat, 12 Apr 2025 10:15:47 -0400 Subject: [PATCH] fix: don't allow communities to be renamed to in-use names --- .../app/src/public/html/communities/base.html | 2 +- .../src/public/html/communities/members.html | 2 +- .../routes/api/v1/communities/communities.rs | 2 +- crates/app/src/routes/pages/communities.rs | 6 +-- crates/app/src/routes/pages/mod.rs | 5 +-- crates/core/src/database/communities.rs | 42 ++++++++++++++++++- crates/core/src/model/mod.rs | 2 + 7 files changed, 50 insertions(+), 11 deletions(-) diff --git a/crates/app/src/public/html/communities/base.html b/crates/app/src/public/html/communities/base.html index ebdecf9..35d95be 100644 --- a/crates/app/src/public/html/communities/base.html +++ b/crates/app/src/public/html/communities/base.html @@ -211,7 +211,7 @@ {% endif %} {% endif %} {% if can_manage_community or is_manager %} {{ icon "settings" }} diff --git a/crates/app/src/public/html/communities/members.html b/crates/app/src/public/html/communities/members.html index bcbbac1..560c2bf 100644 --- a/crates/app/src/public/html/communities/members.html +++ b/crates/app/src/public/html/communities/members.html @@ -30,7 +30,7 @@ {% if can_manage_roles %} {{ icon "pencil" }} diff --git a/crates/app/src/routes/api/v1/communities/communities.rs b/crates/app/src/routes/api/v1/communities/communities.rs index a987278..ba4eb89 100644 --- a/crates/app/src/routes/api/v1/communities/communities.rs +++ b/crates/app/src/routes/api/v1/communities/communities.rs @@ -94,7 +94,7 @@ pub async fn update_title_request( None => return Json(Error::NotAllowed.into()), }; - match data.update_community_title(id, user, req.title).await { + match data.update_community_title(id, user, &req.title).await { Ok(_) => Json(ApiReturn { ok: true, message: "Community updated".to_string(), diff --git a/crates/app/src/routes/pages/communities.rs b/crates/app/src/routes/pages/communities.rs index 8976eb6..25f41df 100644 --- a/crates/app/src/routes/pages/communities.rs +++ b/crates/app/src/routes/pages/communities.rs @@ -369,10 +369,10 @@ pub async fn feed_request( )) } -/// `/community/{title}/manage` +/// `/community/{id}/manage` pub async fn settings_request( jar: CookieJar, - Path(title): Path, + Path(id): Path, Extension(data): Extension, ) -> impl IntoResponse { let data = data.read().await; @@ -385,7 +385,7 @@ pub async fn settings_request( } }; - let community = match data.0.get_community_by_title(&title.to_lowercase()).await { + let community = match data.0.get_community_by_id_no_void(id).await { Ok(ua) => ua, Err(e) => return Err(Html(render_error(e, &jar, &data, &Some(user)).await)), }; diff --git a/crates/app/src/routes/pages/mod.rs b/crates/app/src/routes/pages/mod.rs index 2379944..6870af3 100644 --- a/crates/app/src/routes/pages/mod.rs +++ b/crates/app/src/routes/pages/mod.rs @@ -55,10 +55,7 @@ pub fn routes() -> Router { get(communities::create_post_request), ) .route("/community/{title}", get(communities::feed_request)) - .route( - "/community/{title}/manage", - get(communities::settings_request), - ) + .route("/community/{id}/manage", get(communities::settings_request)) .route( "/community/{title}/members", get(communities::members_request), diff --git a/crates/core/src/database/communities.rs b/crates/core/src/database/communities.rs index 84fdf44..238b949 100644 --- a/crates/core/src/database/communities.rs +++ b/crates/core/src/database/communities.rs @@ -355,7 +355,47 @@ impl DataManager { Ok(()) } - auto_method!(update_community_title(String)@get_community_by_id_no_void:MANAGE_COMMUNITIES -> "UPDATE communities SET title = $1 WHERE id = $2" --cache-key-tmpl=cache_clear_community); + pub async fn update_community_title(&self, id: usize, user: User, title: &str) -> Result<()> { + let y = self.get_community_by_id(id).await?; + + if user.id != y.owner { + if !user.permissions.check(FinePermission::MANAGE_COMMUNITIES) { + return Err(Error::NotAllowed); + } else { + self.create_audit_log_entry(crate::model::moderation::AuditLogEntry::new( + user.id, + format!("invoked `update_community_title` with x value `{id}`"), + )) + .await? + } + } + + // check for existing community + if self.get_community_by_title_no_void(title).await.is_ok() { + return Err(Error::TitleInUse); + } + + // ... + let conn = match self.connect().await { + Ok(c) => c, + Err(e) => return Err(Error::DatabaseConnection(e.to_string())), + }; + + let res = execute!( + &conn, + "UPDATE communities SET title = $1 WHERE id = $2", + params![&title, &(id as i64)] + ); + + if let Err(e) = res { + return Err(Error::DatabaseError(e.to_string())); + } + + self.cache_clear_community(&y).await; + + Ok(()) + } + auto_method!(update_community_context(CommunityContext)@get_community_by_id_no_void:MANAGE_COMMUNITIES -> "UPDATE communities SET context = $1 WHERE id = $2" --serde --cache-key-tmpl=cache_clear_community); auto_method!(update_community_read_access(CommunityReadAccess)@get_community_by_id_no_void:MANAGE_COMMUNITIES -> "UPDATE communities SET read_access = $1 WHERE id = $2" --serde --cache-key-tmpl=cache_clear_community); auto_method!(update_community_write_access(CommunityWriteAccess)@get_community_by_id_no_void:MANAGE_COMMUNITIES -> "UPDATE communities SET write_access = $1 WHERE id = $2" --serde --cache-key-tmpl=cache_clear_community); diff --git a/crates/core/src/model/mod.rs b/crates/core/src/model/mod.rs index da5181b..87bf1c3 100644 --- a/crates/core/src/model/mod.rs +++ b/crates/core/src/model/mod.rs @@ -31,6 +31,7 @@ pub enum Error { DataTooLong(String), DataTooShort(String), UsernameInUse, + TitleInUse, Unknown, } @@ -49,6 +50,7 @@ impl ToString for Error { Self::DataTooLong(name) => format!("Given {name} is too long!"), Self::DataTooShort(name) => format!("Given {name} is too short!"), Self::UsernameInUse => "Username in use".to_string(), + Self::TitleInUse => "Title in use".to_string(), _ => format!("An unknown error as occurred: ({:?})", self), } }