diff --git a/.sqlx/query-9c8f3f9503b5bb52e05bbc8a8eee7f640ab7d6b04a59ec111ce8b23e886911de.json b/.sqlx/query-9c8f3f9503b5bb52e05bbc8a8eee7f640ab7d6b04a59ec111ce8b23e886911de.json deleted file mode 100644 index 77c8db510..000000000 --- a/.sqlx/query-9c8f3f9503b5bb52e05bbc8a8eee7f640ab7d6b04a59ec111ce8b23e886911de.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "db_name": "PostgreSQL", - "query": "\n DELETE FROM dependencies WHERE dependent_id = $1\n ", - "describe": { - "columns": [], - "parameters": { - "Left": [ - "Int8" - ] - }, - "nullable": [] - }, - "hash": "9c8f3f9503b5bb52e05bbc8a8eee7f640ab7d6b04a59ec111ce8b23e886911de" -} diff --git a/.sqlx/query-a40e4075ba1bff5b6fde104ed1557ad8d4a75d7d90d481decd222f31685c4981.json b/.sqlx/query-a40e4075ba1bff5b6fde104ed1557ad8d4a75d7d90d481decd222f31685c4981.json new file mode 100644 index 000000000..dd7086e80 --- /dev/null +++ b/.sqlx/query-a40e4075ba1bff5b6fde104ed1557ad8d4a75d7d90d481decd222f31685c4981.json @@ -0,0 +1,14 @@ +{ + "db_name": "PostgreSQL", + "query": "\n DELETE FROM dependencies WHERE dependent_id = $1\n ", + "describe": { + "columns": [], + "parameters": { + "Left": [ + "Int8" + ] + }, + "nullable": [] + }, + "hash": "a40e4075ba1bff5b6fde104ed1557ad8d4a75d7d90d481decd222f31685c4981" +} diff --git a/src/routes/v3/project_creation.rs b/src/routes/v3/project_creation.rs index f6453c354..7570c041c 100644 --- a/src/routes/v3/project_creation.rs +++ b/src/routes/v3/project_creation.rs @@ -12,7 +12,7 @@ use crate::models::pats::Scopes; use crate::models::projects::{ License, Link, MonetizationStatus, ProjectId, ProjectStatus, VersionId, VersionStatus, }; -use crate::models::teams::ProjectPermissions; +use crate::models::teams::{OrganizationPermissions, ProjectPermissions}; use crate::models::threads::ThreadType; use crate::models::users::UserId; use crate::queue::session::AuthQueue; @@ -614,7 +614,30 @@ async fn project_create_inner( let mut members = vec![]; - if project_create_data.organization_id.is_none() { + if let Some(organization_id) = project_create_data.organization_id { + let org = models::Organization::get_id(organization_id.into(), &*pool, &redis) + .await? + .ok_or_else(|| { + CreateError::InvalidInput("Invalid organization ID specified!".to_string()) + })?; + + let team_member = + models::TeamMember::get_from_user_id(org.team_id, current_user.id.into(), &*pool) + .await?; + + let perms = + OrganizationPermissions::get_permissions_by_role(¤t_user.role, &team_member); + + if !perms + .map(|x| x.contains(OrganizationPermissions::ADD_PROJECT)) + .unwrap_or(false) + { + return Err(CreateError::CustomAuthenticationError( + "You do not have the permissions to create projects in this organization!" + .to_string(), + )); + } + } else { members.push(models::team_item::TeamMemberBuilder { user_id: current_user.id.into(), role: crate::models::teams::DEFAULT_ROLE.to_owned(), @@ -626,7 +649,6 @@ async fn project_create_inner( ordering: 0, }) } - let team = models::team_item::TeamBuilder { members }; let team_id = team.insert(&mut *transaction).await?; diff --git a/src/routes/v3/projects.rs b/src/routes/v3/projects.rs index 603db7113..b70c197c3 100644 --- a/src/routes/v3/projects.rs +++ b/src/routes/v3/projects.rs @@ -1,7 +1,7 @@ use std::collections::HashMap; use std::sync::Arc; -use crate::auth::checks::is_visible_project; +use crate::auth::checks::{filter_visible_versions, is_visible_project}; use crate::auth::{filter_visible_projects, get_user_from_headers}; use crate::database::models::notification_item::NotificationBuilder; use crate::database::models::project_item::{GalleryItem, ModCategory}; @@ -1011,14 +1011,10 @@ pub async fn dependency_list( ) .await?; - let mut projects = projects_result - .into_iter() - .map(models::projects::Project::from) - .collect::>(); - let mut versions = versions_result - .into_iter() - .map(models::projects::Version::from) - .collect::>(); + let mut projects = + filter_visible_projects(projects_result, &user_option, &pool, false).await?; + let mut versions = + filter_visible_versions(versions_result, &user_option, &pool, &redis).await?; projects.sort_by(|a, b| b.published.cmp(&a.published)); projects.dedup_by(|a, b| a.id == b.id); diff --git a/src/routes/v3/versions.rs b/src/routes/v3/versions.rs index 01d961421..ab9697b98 100644 --- a/src/routes/v3/versions.rs +++ b/src/routes/v3/versions.rs @@ -354,13 +354,10 @@ pub async fn version_edit_helper( } if let Some(dependencies) = &new_version.dependencies { - // TODO: Re-add this exclusions when modpack also has separate dependency retrieval that was removed from validators - // if let Some(project) = project_item { - // if project.project_type != "modpack" { sqlx::query!( " - DELETE FROM dependencies WHERE dependent_id = $1 - ", + DELETE FROM dependencies WHERE dependent_id = $1 + ", id as database::models::ids::VersionId, ) .execute(&mut *transaction) @@ -378,8 +375,6 @@ pub async fn version_edit_helper( DependencyBuilder::insert_many(builders, version_item.inner.id, &mut transaction) .await?; - // } - // } } if !new_version.fields.is_empty() {