Bommels05/Modrinth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix users not being able to see their own unapproved mods

Browse Source
This commit is contained in:
Jai A 2021-03-11 10:32:47 -07:00
parent a13bae2f39
commit 6104150b77
3 changed files with 66 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
sqlx-data.json
View File

@ -5180,6 +5180,26 @@
] ]
} }
}, },
"fdb2a6ea649bb23c69af5c756d6137e216603708ffccd4e9162fb1c9765a56aa": {
"query": "\n SELECT m.id FROM mods m\n INNER JOIN team_members tm ON tm.team_id = m.team_id\n WHERE tm.user_id = $1\n ",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "id",
"type_info": "Int8"
}
],
"parameters": {
"Left": [
"Int8"
]
},
"nullable": [
false
]
}
},
"fe73b6928f13955840e8df248688908fb6d82dd1d35dc803676639a6e0864ed5": { "fe73b6928f13955840e8df248688908fb6d82dd1d35dc803676639a6e0864ed5": {
"query": "\n DELETE FROM downloads\n WHERE date < (CURRENT_DATE - INTERVAL '30 minutes ago')\n ", "query": "\n DELETE FROM downloads\n WHERE date < (CURRENT_DATE - INTERVAL '30 minutes ago')\n ",
"describe": { "describe": {

25
src/database/models/user_item.rs
View File

@ -213,6 +213,31 @@ impl User {
Ok(mods) Ok(mods)
} }
pub async fn get_mods_private<'a, E>(
user_id: UserId,
exec: E,
) -> Result<Vec<ModId>, sqlx::Error>
where
E: sqlx::Executor<'a, Database = sqlx::Postgres> + Copy,
{
use futures::stream::TryStreamExt;
let mods = sqlx::query!(
"
SELECT m.id FROM mods m
INNER JOIN team_members tm ON tm.team_id = m.team_id
WHERE tm.user_id = $1
",
user_id as UserId,
)
.fetch_many(exec)
.try_filter_map(|e| async { Ok(e.right().map(|m| ModId(m.id))) })
.try_collect::<Vec<ModId>>()
.await?;
Ok(mods)
}
pub async fn remove<'a, 'b, E>(id: UserId, exec: E) -> Result<Option<()>, sqlx::error::Error> pub async fn remove<'a, 'b, E>(id: UserId, exec: E) -> Result<Option<()>, sqlx::error::Error>
where where
E: sqlx::Executor<'a, Database = sqlx::Postgres> + Copy, E: sqlx::Executor<'a, Database = sqlx::Postgres> + Copy,

23
src/routes/users.rs
View File

@ -122,10 +122,13 @@ fn convert_user(data: crate::database::models::user_item::User) -> crate::models
#[get("{user_id}/mods")] #[get("{user_id}/mods")]
pub async fn mods_list( pub async fn mods_list(
req: HttpRequest,
info: web::Path<(UserId,)>, info: web::Path<(UserId,)>,
pool: web::Data<PgPool>, pool: web::Data<PgPool>,
) -> Result<HttpResponse, ApiError> { ) -> Result<HttpResponse, ApiError> {
let id = info.into_inner().0.into(); let user = get_user_from_headers(req.headers(), &**pool).await.ok();
let id: crate::database::models::UserId = info.into_inner().0.into();
let user_exists = sqlx::query!( let user_exists = sqlx::query!(
"SELECT EXISTS(SELECT 1 FROM users WHERE id = $1)", "SELECT EXISTS(SELECT 1 FROM users WHERE id = $1)",
@ -137,9 +140,23 @@ pub async fn mods_list(
.exists; .exists;
if user_exists.unwrap_or(false) { if user_exists.unwrap_or(false) {
let mod_data = User::get_mods(id, ModStatus::Approved.as_str(), &**pool) let user_id: UserId = id.into();
let mod_data = if let Some(current_user) = user {
if current_user.role.is_mod() || current_user.id == user_id {
User::get_mods_private(id, &**pool)
.await .await
.map_err(|e| ApiError::DatabaseError(e.into()))?; .map_err(|e| ApiError::DatabaseError(e.into()))?
} else {
User::get_mods(id, ModStatus::Approved.as_str(), &**pool)
.await
.map_err(|e| ApiError::DatabaseError(e.into()))?
}
} else {
User::get_mods(id, ModStatus::Approved.as_str(), &**pool)
.await
.map_err(|e| ApiError::DatabaseError(e.into()))?
};
let response = mod_data let response = mod_data
.into_iter() .into_iter()