EinsatzOnline
/
EinsatzOnline
1
0
Fork 0
Code Issues 19 Pull Requests Projects 5 Releases Wiki Activity

FIX: allow creating communication target if editing own profile

This commit is contained in:
Keanu D?lle 2022-01-26 20:23:24 +01:00
parent 7ecec5cb1f
commit 376d9e0c11
1 changed files with 21 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/modules/api/members/member_communication.rs
View File

@ -1,19 +1,18 @@
use crate::database::controller::api_communication_targets::{update_communication_target, get_member_communication_types};
use rocket::serde::json::Json;
use rocket::State;
use crate::database::controller::api_communication_targets::{get_member_communication_types, update_communication_target};
use crate::database::controller::groups::get_groups_for_member;
use crate::database::controller::member_communication::{add_communication_target, get_communication_target, remove_communication_target};
use crate::database::model::member_communication::CommunicationTargetCreate;
use crate::helper::check_access::check_access_to_member_or_group;
use crate::helper::session_cookies::model::SessionCookie;
use crate::helper::settings::Settings;
use crate::helper::translate_diesel_error::translate_diesel;
use crate::modules::api::member_management::controller::parser::{parse_member_cookie, parse_uuid_string};
use crate::modules::api::model::api_outcome::{ApiError, ApiErrorWrapper};
use crate::schema::communication_targets;
use rocket::State;
use rocket::serde::json::Json;
use crate::helper::check_access::check_access_to_member_or_group;
use crate::database::controller::groups::get_groups_for_member;
use crate::database::controller::member_communication::{get_communication_target, add_communication_target, remove_communication_target};
use crate::helper::translate_diesel_error::translate_diesel;
use crate::database::model::member_communication::CommunicationTargetCreate;
#[derive(Serialize, Deserialize, Queryable, Clone, AsChangeset)]
#[table_name = "communication_targets"]
pub struct CommunicationTarget {
@ -58,9 +57,18 @@ pub fn api_communication_targets_create(
let caller = parse_member_cookie(cookie.member)?;
let communication_target = communication_target.into_inner();
let groups = get_groups_for_member(settings, communication_target.entity_id).unwrap().into_iter().map(|m|crate::modules::member_management::model::groups::Group::from(m)).collect();
if !check_access_to_member_or_group(settings, communication_target.entity_id, groups, caller.entity_id, crate::permissions::modules::member_management::profile::communication::EDIT.to_string()){
return Err(Json(ApiError::new(401, "Keine Berechtigung, ein Kommunikationsziel hinzuzufügen.".to_string()).to_wrapper()))
let groups = get_groups_for_member(settings, communication_target.entity_id).unwrap().into_iter().map(|m| crate::modules::member_management::model::groups::Group::from(m)).collect();
if communication_target.entity_id != caller.entity_id { //if Member edits own communication target, do not check permissions
if !check_access_to_member_or_group(settings, communication_target.entity_id, groups, caller.entity_id, crate::permissions::modules::member_management::profile::communication::EDIT.to_string()) {
return Err(Json(
ApiError::new(
403,
"Keine Berechtigung, Kommunikationsziel hinzuzufügen!".to_string(),
)
.to_wrapper(),
));
}
}
match add_communication_target(settings, communication_target) {