Reports fixes

2023-05-25 15:27:15 -04:00 · 2023-05-25 15:27:15 -04:00 · 989b704efc
commit 989b704efc
parent 339ac05443
2 changed files with 47 additions and 11 deletions
--- a/src/routes/v2/reports.rs
+++ b/src/routes/v2/reports.rs
@ -12,6 +12,7 @@ use sqlx::PgPool;
 use validator::Validate;

 pub fn config(cfg: &mut web::ServiceConfig) {
+    cfg.service(reports_get);
    cfg.service(reports);
    cfg.service(report_create);
    cfg.service(report_edit);
@ -225,12 +226,43 @@ pub async fn reports(
    let mut reports = Vec::new();

    for x in query_reports {
-        reports.push(to_report(x)?);
+        reports.push(to_report(x));
    }

    Ok(HttpResponse::Ok().json(reports))
 }

+#[derive(Deserialize)]
+pub struct ReportIds {
+    pub ids: String,
+}
+
+#[get("reports")]
+pub async fn reports_get(
+    req: HttpRequest,
+    web::Query(ids): web::Query<ReportIds>,
+    pool: web::Data<PgPool>,
+) -> Result<HttpResponse, ApiError> {
+    let report_ids: Vec<crate::database::models::ids::ReportId> =
+        serde_json::from_str::<Vec<crate::models::ids::ReportId>>(&ids.ids)?
+            .into_iter()
+            .map(|x| x.into())
+            .collect();
+
+    let reports_data =
+        crate::database::models::report_item::Report::get_many(&report_ids, &**pool).await?;
+
+    let user = get_user_from_headers(req.headers(), &**pool).await?;
+
+    let all_reports = reports_data
+        .into_iter()
+        .filter(|x| user.role.is_mod() || x.reporter == user.id.into())
+        .map(to_report)
+        .collect::<Vec<Report>>();
+
+    Ok(HttpResponse::Ok().json(all_reports))
+}
+
 #[get("report/{id}")]
 pub async fn report_get(
    req: HttpRequest,
@ -247,7 +279,7 @@ pub async fn report_get(
            return Ok(HttpResponse::NotFound().body(""));
        }

-        Ok(HttpResponse::Ok().json(to_report(report)?))
+        Ok(HttpResponse::Ok().json(to_report(report)))
    } else {
        Ok(HttpResponse::NotFound().body(""))
    }
@ -358,22 +390,22 @@ pub async fn report_delete(
    }
 }

-fn to_report(x: crate::database::models::report_item::QueryReport) -> Result<Report, ApiError> {
+fn to_report(x: crate::database::models::report_item::QueryReport) -> Report {
    let mut item_id = "".to_string();
    let mut item_type = ItemType::Unknown;

    if let Some(project_id) = x.project_id {
-        item_id = serde_json::to_string::<ProjectId>(&project_id.into())?;
+        item_id = ProjectId::from(project_id).to_string();
        item_type = ItemType::Project;
    } else if let Some(version_id) = x.version_id {
-        item_id = serde_json::to_string::<VersionId>(&version_id.into())?;
+        item_id = VersionId::from(version_id).to_string();
        item_type = ItemType::Version;
    } else if let Some(user_id) = x.user_id {
-        item_id = serde_json::to_string::<UserId>(&user_id.into())?;
+        item_id = UserId::from(user_id).to_string();
        item_type = ItemType::User;
    }

-    Ok(Report {
+    Report {
        id: x.id.into(),
        report_type: x.report_type,
        item_id,
@ -383,5 +415,5 @@ fn to_report(x: crate::database::models::report_item::QueryReport) -> Result<Rep
        created: x.created,
        closed: x.closed,
        thread_id: x.thread_id.map(|x| x.into()),
-    })
+    }
 }
--- a/src/routes/v2/teams.rs
+++ b/src/routes/v2/teams.rs
@ -5,7 +5,7 @@ use crate::models::notifications::NotificationBody;
 use crate::models::teams::{Permissions, TeamId};
 use crate::models::users::UserId;
 use crate::routes::ApiError;
-use crate::util::auth::get_user_from_headers;
+use crate::util::auth::{get_user_from_headers, is_authorized};
 use actix_web::{delete, get, patch, post, web, HttpRequest, HttpResponse};
 use rust_decimal::Decimal;
 use serde::{Deserialize, Serialize};
@ -36,10 +36,14 @@ pub async fn team_members_get_project(
        crate::database::models::Project::get_from_slug_or_project_id(&string, &**pool).await?;

    if let Some(project) = project_data {
-        let members_data = TeamMember::get_from_team_full(project.team_id, &**pool).await?;
-
        let current_user = get_user_from_headers(req.headers(), &**pool).await.ok();

+        if !is_authorized(&project, &current_user, &pool).await? {
+            return Ok(HttpResponse::NotFound().body(""));
+        }
+
+        let members_data = TeamMember::get_from_team_full(project.team_id, &**pool).await?;
+
        if let Some(user) = &current_user {
            let team_member =
                TeamMember::get_from_user_id(project.team_id, user.id.into(), &**pool)