EinsatzOnline
/
EinsatzOnline
1
0
Fork 0
Code Issues 19 Pull Requests Projects 5 Releases Wiki Activity
EinsatzOnline/src/modules/api/groups/read.rs

191 lines
6.5 KiB
Rust
Raw Blame History

use crate::database::controller::groups::{get_group, get_raw_groups};
use crate::database::controller::groups_permissions::get_group_role_permissions;
use crate::database::controller::members::check_access_to_resource;
use crate::database::controller::members_groups::get_member_search_results_in_group;
use crate::database::model::groups::RawGroup;
use crate::helper::session_cookies::model::SessionCookie;
use crate::helper::settings::Settings;
use crate::helper::translate_diesel_error::translate_diesel;
use crate::modules::api::groups::create::GroupRolePermission;
use crate::modules::api::member_management::controller::parser::{parse_member_cookie, parse_uuid_string};
use crate::modules::api::members::get_member::MemberSearchResult;
use crate::modules::api::model::api_outcome::{ApiError, ApiErrorWrapper};
use rocket::State;
use rocket::serde::json::Json;
#[derive(Serialize, Deserialize, Queryable, Clone)]
pub struct CallerGroupPermissions {
pub(crate) permission_groups_core_edit: bool,
pub(crate) permission_groups_delete: bool,
pub(crate) permission_groups_members_view: bool,
pub(crate) permission_groups_members_edit: bool,
pub(crate) permission_groups_permissions_view: bool,
pub(crate) permission_groups_permissions_edit: bool,
}
#[derive(Serialize, Deserialize, Queryable, Clone)]
pub struct DetailedGroup {
pub(crate) group: RawGroup,
pub(crate) members: Option<Vec<MemberSearchResult>>,
pub(crate) group_role_permissions: Option<Vec<GroupRolePermission>>,
pub(crate) caller_permissions: CallerGroupPermissions,
}
#[derive(Serialize)]
pub struct GetGroupsResult{
pub(crate) groups: Vec<RawGroup>
}
/// Api method to get list of groups
/// Filters:
/// * with_caller_permission (String): Only show groups where caller has permission x
#[get("/api/groups?<with_caller_permission>", format = "json")]
pub fn get_groups(settings: &State<Settings>, cookie: SessionCookie, with_caller_permission: Option<String>) -> Result<Json<GetGroupsResult>, Json<ApiErrorWrapper>>{
let caller = parse_member_cookie(cookie.member)?;
if !caller.has_permission(crate::permissions::modules::member_management::groups::VIEW.to_string()) {
return Err(Json(ApiError::new(403, "Keine Berechtigung, Gruppen abzurufen!".to_string()).to_wrapper()));
}
let groups = match get_raw_groups(settings){
Ok(groups) => groups,
Err(e) => return Err(translate_diesel(e))
};
let mut groups_with_permission : Vec<RawGroup> = vec![];
for group in groups{
match &with_caller_permission {
Some(caller_permission) => {
if check_access_to_resource(settings, caller.entity_id, group.group_id, &caller_permission){
groups_with_permission.push(group);
}
},
None => {
groups_with_permission.push(group);
}
}
}
let res = GetGroupsResult{
groups: groups_with_permission
};
Ok(Json(res))
}
/// Get detailed group
#[get("/api/groups/<entity_id>?detailed", format = "json")]
pub fn read_group_detailed(
settings: &State<Settings>,
cookie: SessionCookie,
entity_id: String,
) -> Result<Json<DetailedGroup>, Json<ApiErrorWrapper>> {
let caller = parse_member_cookie(cookie.member)?;
let entity_id = parse_uuid_string(entity_id)?;
if !caller
.has_permission(crate::permissions::modules::member_management::groups::VIEW.to_string())
{
return Err(Json(
ApiError::new(
403,
"Keine Berechtigung auf Gruppen zuzugreifen!".to_string(),
)
.to_wrapper(),
));
}
let caller_permissions = CallerGroupPermissions {
permission_groups_core_edit: check_access_to_resource(
&settings,
caller.entity_id,
entity_id,
crate::permissions::modules::member_management::groups::core::EDIT,
),
permission_groups_delete: check_access_to_resource(
&settings,
caller.entity_id,
entity_id,
crate::permissions::modules::member_management::groups::DELETE,
),
permission_groups_members_view: check_access_to_resource(
&settings,
caller.entity_id,
entity_id,
crate::permissions::modules::member_management::groups::members::VIEW,
),
permission_groups_members_edit: check_access_to_resource(
&settings,
caller.entity_id,
entity_id,
crate::permissions::modules::member_management::groups::members::EDIT,
),
permission_groups_permissions_view: check_access_to_resource(
&settings,
caller.entity_id,
entity_id,
crate::permissions::modules::member_management::groups::permissions::VIEW,
),
permission_groups_permissions_edit: check_access_to_resource(
&settings,
caller.entity_id,
entity_id,
crate::permissions::modules::member_management::groups::permissions::EDIT,
),
};
let group = match get_group(settings, entity_id) {
Ok(group) => group,
Err(e) => return Err(translate_diesel(e)),
};
let members = match get_member_search_results_in_group(settings, entity_id, caller.entity_id) {
Ok(members) => members,
Err(e) => return Err(translate_diesel(e)),
};
let group_role_permissions = match get_group_role_permissions(settings, group.group_id) {
Ok(grp) => grp,
Err(e) => return Err(translate_diesel(e)),
};
let members = if caller_permissions.permission_groups_members_view {
Some(members)
} else {
None
};
let group_role_permissions = if caller_permissions.permission_groups_permissions_view {
Some(group_role_permissions)
} else {
None
};
Ok(Json(DetailedGroup {
group,
members,
group_role_permissions,
caller_permissions,
}))
}
/// Get group simple mode (only name, description, entity_id)
#[get("/api/groups/<entity_id>", format = "json")]
pub fn read_group_simple(
settings: &State<Settings>,
cookie: SessionCookie,
entity_id: String,
) -> Result<Json<RawGroup>, Json<ApiErrorWrapper>> {
let _caller = parse_member_cookie(cookie.member)?;
let entity_id = parse_uuid_string(entity_id)?;
let group = match get_group(settings, entity_id) {
Ok(group) => group,
Err(e) => return Err(translate_diesel(e)),
};
Ok(Json(group))
}
Reference in New Issue View Git Blame Copy Permalink