Fix issue in specifying dependencies (#891)

2024-03-18 13:56:06 -07:00 · 2024-03-18 13:56:06 -07:00 · 730913bec4
commit 730913bec4
parent f8f037196e
5 changed files with 46 additions and 33 deletions
--- a/.sqlx/query-9c8f3f9503b5bb52e05bbc8a8eee7f640ab7d6b04a59ec111ce8b23e886911de.json
+++ b/.sqlx/query-9c8f3f9503b5bb52e05bbc8a8eee7f640ab7d6b04a59ec111ce8b23e886911de.json
@ -1,14 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n                            DELETE FROM dependencies WHERE dependent_id = $1\n                            ",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Int8"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "9c8f3f9503b5bb52e05bbc8a8eee7f640ab7d6b04a59ec111ce8b23e886911de"
-}
--- a/.sqlx/query-a40e4075ba1bff5b6fde104ed1557ad8d4a75d7d90d481decd222f31685c4981.json
+++ b/.sqlx/query-a40e4075ba1bff5b6fde104ed1557ad8d4a75d7d90d481decd222f31685c4981.json
@ -0,0 +1,14 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n                    DELETE FROM dependencies WHERE dependent_id = $1\n                    ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Int8"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "a40e4075ba1bff5b6fde104ed1557ad8d4a75d7d90d481decd222f31685c4981"
+}
--- a/src/routes/v3/project_creation.rs
+++ b/src/routes/v3/project_creation.rs
@ -12,7 +12,7 @@ use crate::models::pats::Scopes;
 use crate::models::projects::{
    License, Link, MonetizationStatus, ProjectId, ProjectStatus, VersionId, VersionStatus,
 };
-use crate::models::teams::ProjectPermissions;
+use crate::models::teams::{OrganizationPermissions, ProjectPermissions};
 use crate::models::threads::ThreadType;
 use crate::models::users::UserId;
 use crate::queue::session::AuthQueue;
@ -614,7 +614,30 @@ async fn project_create_inner(

        let mut members = vec![];

-        if project_create_data.organization_id.is_none() {
+        if let Some(organization_id) = project_create_data.organization_id {
+            let org = models::Organization::get_id(organization_id.into(), &*pool, &redis)
+                .await?
+                .ok_or_else(|| {
+                    CreateError::InvalidInput("Invalid organization ID specified!".to_string())
+                })?;
+
+            let team_member =
+                models::TeamMember::get_from_user_id(org.team_id, current_user.id.into(), &*pool)
+                    .await?;
+
+            let perms =
+                OrganizationPermissions::get_permissions_by_role(&current_user.role, &team_member);
+
+            if !perms
+                .map(|x| x.contains(OrganizationPermissions::ADD_PROJECT))
+                .unwrap_or(false)
+            {
+                return Err(CreateError::CustomAuthenticationError(
+                    "You do not have the permissions to create projects in this organization!"
+                        .to_string(),
+                ));
+            }
+        } else {
            members.push(models::team_item::TeamMemberBuilder {
                user_id: current_user.id.into(),
                role: crate::models::teams::DEFAULT_ROLE.to_owned(),
@ -626,7 +649,6 @@ async fn project_create_inner(
                ordering: 0,
            })
        }
-
        let team = models::team_item::TeamBuilder { members };

        let team_id = team.insert(&mut *transaction).await?;
--- a/src/routes/v3/projects.rs
+++ b/src/routes/v3/projects.rs
@ -1,7 +1,7 @@
 use std::collections::HashMap;
 use std::sync::Arc;

-use crate::auth::checks::is_visible_project;
+use crate::auth::checks::{filter_visible_versions, is_visible_project};
 use crate::auth::{filter_visible_projects, get_user_from_headers};
 use crate::database::models::notification_item::NotificationBuilder;
 use crate::database::models::project_item::{GalleryItem, ModCategory};
@ -1011,14 +1011,10 @@ pub async fn dependency_list(
        )
        .await?;

-        let mut projects = projects_result
-            .into_iter()
-            .map(models::projects::Project::from)
-            .collect::<Vec<_>>();
-        let mut versions = versions_result
-            .into_iter()
-            .map(models::projects::Version::from)
-            .collect::<Vec<_>>();
+        let mut projects =
+            filter_visible_projects(projects_result, &user_option, &pool, false).await?;
+        let mut versions =
+            filter_visible_versions(versions_result, &user_option, &pool, &redis).await?;

        projects.sort_by(|a, b| b.published.cmp(&a.published));
        projects.dedup_by(|a, b| a.id == b.id);
--- a/src/routes/v3/versions.rs
+++ b/src/routes/v3/versions.rs
@ -354,9 +354,6 @@ pub async fn version_edit_helper(
            }

            if let Some(dependencies) = &new_version.dependencies {
-                // TODO: Re-add this exclusions when modpack also has separate dependency retrieval that was removed from validators
-                // if let Some(project) = project_item {
-                // if project.project_type != "modpack" {
                sqlx::query!(
                    "
                    DELETE FROM dependencies WHERE dependent_id = $1
@ -378,8 +375,6 @@ pub async fn version_edit_helper(

                DependencyBuilder::insert_many(builders, version_item.inner.id, &mut transaction)
                    .await?;
-                // }
-                // }
            }

            if !new_version.fields.is_empty() {