39 lines
1.3 KiB
Rust
39 lines
1.3 KiB
Rust
use rocket::State;
|
|
use crate::helper::settings::Settings;
|
|
use crate::helper::session_cookies::model::SessionCookie;
|
|
use rocket::serde::json::Json;
|
|
use crate::modules::api::model::api_outcome::ApiErrorWrapper;
|
|
use crate::modules::api::member_management::controller::parser::{parse_member_cookie, parse_uuid_string};
|
|
|
|
use crate::database::controller::members::check_access_to_resource;
|
|
|
|
/// Check if caller has permission
|
|
///
|
|
/// # Api Call
|
|
/// * GET
|
|
/// * /api/info/caller/permissions?permission=<permission_string : String>&entity_id=<entity_id: Option<String>>
|
|
///
|
|
/// # Api Result
|
|
/// * Result bool / ApiErrorWrapper
|
|
///
|
|
/// # Required permissions
|
|
/// * None
|
|
#[get("/api/info/caller/permissions?<permission>&<entity_id>", format = "json")]
|
|
pub fn check_caller_has_permission(
|
|
settings: &State<Settings>,
|
|
cookie: SessionCookie,
|
|
permission: String,
|
|
entity_id: Option<String>,
|
|
) -> Result<Json<bool>, Json<ApiErrorWrapper>> {
|
|
let caller = parse_member_cookie(cookie.member)?;
|
|
|
|
match entity_id{
|
|
Some(entity_id) => {
|
|
let entity_id = parse_uuid_string(entity_id)?;
|
|
Ok(Json(check_access_to_resource(settings, caller.entity_id, entity_id, &permission)))
|
|
},
|
|
None => {
|
|
Ok(Json(caller.has_permission(permission)))
|
|
}
|
|
}
|
|
} |