191 lines
6.5 KiB
Rust
191 lines
6.5 KiB
Rust
use crate::database::controller::groups::{get_group, get_raw_groups};
|
|
use crate::database::controller::groups_permissions::get_group_role_permissions;
|
|
use crate::database::controller::members::check_access_to_resource;
|
|
use crate::database::controller::members_groups::get_member_search_results_in_group;
|
|
use crate::database::model::groups::RawGroup;
|
|
use crate::helper::session_cookies::model::SessionCookie;
|
|
use crate::helper::settings::Settings;
|
|
use crate::helper::translate_diesel_error::translate_diesel;
|
|
use crate::modules::api::groups::create::GroupRolePermission;
|
|
use crate::modules::api::member_management::controller::parser::{parse_member_cookie, parse_uuid_string};
|
|
use crate::modules::api::members::get_member::MemberSearchResult;
|
|
use crate::modules::api::model::api_outcome::{ApiError, ApiErrorWrapper};
|
|
|
|
use rocket::State;
|
|
use rocket::serde::json::Json;
|
|
|
|
#[derive(Serialize, Deserialize, Queryable, Clone)]
|
|
pub struct CallerGroupPermissions {
|
|
pub(crate) permission_groups_core_edit: bool,
|
|
pub(crate) permission_groups_delete: bool,
|
|
pub(crate) permission_groups_members_view: bool,
|
|
pub(crate) permission_groups_members_edit: bool,
|
|
pub(crate) permission_groups_permissions_view: bool,
|
|
pub(crate) permission_groups_permissions_edit: bool,
|
|
}
|
|
|
|
#[derive(Serialize, Deserialize, Queryable, Clone)]
|
|
pub struct DetailedGroup {
|
|
pub(crate) group: RawGroup,
|
|
pub(crate) members: Option<Vec<MemberSearchResult>>,
|
|
pub(crate) group_role_permissions: Option<Vec<GroupRolePermission>>,
|
|
pub(crate) caller_permissions: CallerGroupPermissions,
|
|
}
|
|
|
|
#[derive(Serialize)]
|
|
pub struct GetGroupsResult{
|
|
pub(crate) groups: Vec<RawGroup>
|
|
}
|
|
|
|
/// Api method to get list of groups
|
|
/// Filters:
|
|
/// * with_caller_permission (String): Only show groups where caller has permission x
|
|
#[get("/api/groups?<with_caller_permission>", format = "json")]
|
|
pub fn get_groups(settings: &State<Settings>, cookie: SessionCookie, with_caller_permission: Option<String>) -> Result<Json<GetGroupsResult>, Json<ApiErrorWrapper>>{
|
|
let caller = parse_member_cookie(cookie.member)?;
|
|
if !caller.has_permission(crate::permissions::modules::member_management::groups::VIEW.to_string()) {
|
|
return Err(Json(ApiError::new(403, "Keine Berechtigung, Gruppen abzurufen!".to_string()).to_wrapper()));
|
|
}
|
|
|
|
let groups = match get_raw_groups(settings){
|
|
Ok(groups) => groups,
|
|
Err(e) => return Err(translate_diesel(e))
|
|
};
|
|
|
|
let mut groups_with_permission : Vec<RawGroup> = vec![];
|
|
|
|
for group in groups{
|
|
match &with_caller_permission {
|
|
Some(caller_permission) => {
|
|
if check_access_to_resource(settings, caller.entity_id, group.group_id, &caller_permission){
|
|
groups_with_permission.push(group);
|
|
}
|
|
},
|
|
None => {
|
|
groups_with_permission.push(group);
|
|
}
|
|
}
|
|
}
|
|
|
|
let res = GetGroupsResult{
|
|
groups: groups_with_permission
|
|
};
|
|
|
|
Ok(Json(res))
|
|
|
|
}
|
|
|
|
/// Get detailed group
|
|
#[get("/api/groups/<entity_id>?detailed", format = "json")]
|
|
pub fn read_group_detailed(
|
|
settings: &State<Settings>,
|
|
cookie: SessionCookie,
|
|
entity_id: String,
|
|
) -> Result<Json<DetailedGroup>, Json<ApiErrorWrapper>> {
|
|
let caller = parse_member_cookie(cookie.member)?;
|
|
let entity_id = parse_uuid_string(entity_id)?;
|
|
|
|
if !caller
|
|
.has_permission(crate::permissions::modules::member_management::groups::VIEW.to_string())
|
|
{
|
|
return Err(Json(
|
|
ApiError::new(
|
|
403,
|
|
"Keine Berechtigung auf Gruppen zuzugreifen!".to_string(),
|
|
)
|
|
.to_wrapper(),
|
|
));
|
|
}
|
|
|
|
let caller_permissions = CallerGroupPermissions {
|
|
permission_groups_core_edit: check_access_to_resource(
|
|
&settings,
|
|
caller.entity_id,
|
|
entity_id,
|
|
crate::permissions::modules::member_management::groups::core::EDIT,
|
|
),
|
|
permission_groups_delete: check_access_to_resource(
|
|
&settings,
|
|
caller.entity_id,
|
|
entity_id,
|
|
crate::permissions::modules::member_management::groups::DELETE,
|
|
),
|
|
permission_groups_members_view: check_access_to_resource(
|
|
&settings,
|
|
caller.entity_id,
|
|
entity_id,
|
|
crate::permissions::modules::member_management::groups::members::VIEW,
|
|
),
|
|
permission_groups_members_edit: check_access_to_resource(
|
|
&settings,
|
|
caller.entity_id,
|
|
entity_id,
|
|
crate::permissions::modules::member_management::groups::members::EDIT,
|
|
),
|
|
permission_groups_permissions_view: check_access_to_resource(
|
|
&settings,
|
|
caller.entity_id,
|
|
entity_id,
|
|
crate::permissions::modules::member_management::groups::permissions::VIEW,
|
|
),
|
|
permission_groups_permissions_edit: check_access_to_resource(
|
|
&settings,
|
|
caller.entity_id,
|
|
entity_id,
|
|
crate::permissions::modules::member_management::groups::permissions::EDIT,
|
|
),
|
|
};
|
|
|
|
let group = match get_group(settings, entity_id) {
|
|
Ok(group) => group,
|
|
Err(e) => return Err(translate_diesel(e)),
|
|
};
|
|
|
|
let members = match get_member_search_results_in_group(settings, entity_id, caller.entity_id) {
|
|
Ok(members) => members,
|
|
Err(e) => return Err(translate_diesel(e)),
|
|
};
|
|
|
|
let group_role_permissions = match get_group_role_permissions(settings, group.group_id) {
|
|
Ok(grp) => grp,
|
|
Err(e) => return Err(translate_diesel(e)),
|
|
};
|
|
|
|
let members = if caller_permissions.permission_groups_members_view {
|
|
Some(members)
|
|
} else {
|
|
None
|
|
};
|
|
|
|
let group_role_permissions = if caller_permissions.permission_groups_permissions_view {
|
|
Some(group_role_permissions)
|
|
} else {
|
|
None
|
|
};
|
|
|
|
Ok(Json(DetailedGroup {
|
|
group,
|
|
members,
|
|
group_role_permissions,
|
|
caller_permissions,
|
|
}))
|
|
}
|
|
|
|
/// Get group simple mode (only name, description, entity_id)
|
|
#[get("/api/groups/<entity_id>", format = "json")]
|
|
pub fn read_group_simple(
|
|
settings: &State<Settings>,
|
|
cookie: SessionCookie,
|
|
entity_id: String,
|
|
) -> Result<Json<RawGroup>, Json<ApiErrorWrapper>> {
|
|
let _caller = parse_member_cookie(cookie.member)?;
|
|
let entity_id = parse_uuid_string(entity_id)?;
|
|
|
|
let group = match get_group(settings, entity_id) {
|
|
Ok(group) => group,
|
|
Err(e) => return Err(translate_diesel(e)),
|
|
};
|
|
|
|
Ok(Json(group))
|
|
}
|