update POST /upload error messages, fix a few other things
This commit is contained in:
parent
ab7b102045
commit
2cd4cf784e
90
src/main.rs
90
src/main.rs
|
@ -227,7 +227,10 @@ async fn api_perms(
|
|||
),
|
||||
None => status::Custom(Status::NotFound, Json(Err("User doesn't exist"))),
|
||||
},
|
||||
false => status::Custom(Status::Unauthorized, Json(Err("You don't have the permission to do this"))),
|
||||
false => status::Custom(
|
||||
Status::Unauthorized,
|
||||
Json(Err("You don't have the permission to do this")),
|
||||
),
|
||||
},
|
||||
None => status::Custom(Status::Unauthorized, Json(Err("Invalid token"))),
|
||||
},
|
||||
|
@ -248,59 +251,58 @@ async fn toggleperms(
|
|||
mut db: Connection<Db>,
|
||||
info: Json<TogglePerms>,
|
||||
cookies: &CookieJar<'_>,
|
||||
) -> String {
|
||||
) -> status::Custom<String> {
|
||||
match cookies.get_private("token") {
|
||||
Some(t) => {
|
||||
match User::get_by_token(&mut db, t).await {
|
||||
Some(user) => {
|
||||
match user.admin {
|
||||
true => {
|
||||
match User::get_by_username(&mut db, &info.username).await {
|
||||
Some(toggled_user) => {
|
||||
if toggled_user.username == user.username
|
||||
&& info.perm == "admin".to_string()
|
||||
{
|
||||
"You can't change your own admin status".to_string()
|
||||
} else {
|
||||
let admin_username = std::env::var("ADMIN_USERNAME")
|
||||
.expect("set ADMIN_USERNAME env var");
|
||||
if toggled_user.username == admin_username {
|
||||
"You can't change the system admin's perms.".to_string()
|
||||
} else {
|
||||
if info.perm == "admin"
|
||||
&& user.username != admin_username
|
||||
{
|
||||
Some(t) => match User::get_by_token(&mut db, t).await {
|
||||
Some(user) => match user.admin {
|
||||
true => match User::get_by_username(&mut db, &info.username).await {
|
||||
Some(toggled_user) => {
|
||||
match toggled_user.username == user.username && info.perm == "admin" {
|
||||
true => status::Custom(
|
||||
Status::Forbidden,
|
||||
"You can't change your own admin status".to_string(),
|
||||
),
|
||||
false => {
|
||||
let admin_username = std::env::var("ADMIN_USERNAME")
|
||||
.expect("set ADMIN_USERNAME env var");
|
||||
match toggled_user.username == admin_username {
|
||||
true => status::Custom(
|
||||
Status::Forbidden,
|
||||
"You can't change the system admin's perms.".to_string(),
|
||||
),
|
||||
false => {
|
||||
match info.perm == "admin"
|
||||
&& user.username != admin_username
|
||||
{
|
||||
true => status::Custom(
|
||||
Status::Forbidden,
|
||||
"You can't change other people's admin status."
|
||||
.to_string()
|
||||
} else {
|
||||
// how deep is this shit
|
||||
// i counted. 12.
|
||||
// NOW we can actually do the thing :D
|
||||
let res = match toggled_user
|
||||
.set_role(&mut db, &info.perm, &info.value)
|
||||
.await
|
||||
{
|
||||
Ok(_) => "Done".to_string(),
|
||||
Err(why) => format!(
|
||||
.to_string(),
|
||||
),
|
||||
false => {
|
||||
match toggled_user.set_role(&mut db,&info.perm,&info.value).await {
|
||||
Ok(_) => status::Custom(Status::Ok, "Done".to_string()),
|
||||
Err(why) => status::Custom(Status::InternalServerError, format!(
|
||||
"Couldn't update the user's role: {why}"
|
||||
),
|
||||
};
|
||||
res
|
||||
)),
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
None => "The user you're trying to toggle perms for doesn't exist."
|
||||
.to_string(),
|
||||
}
|
||||
}
|
||||
false => "You aren't an admin.".to_string(),
|
||||
}
|
||||
}
|
||||
None => "Invalid user".to_string(),
|
||||
}
|
||||
}
|
||||
None => "Not logged in".to_string(),
|
||||
None => status::Custom(
|
||||
Status::NotFound,
|
||||
"The user you're trying to toggle perms for doesn't exist.".to_string(),
|
||||
),
|
||||
},
|
||||
false => status::Custom(Status::Unauthorized, "You aren't an admin.".to_string()),
|
||||
},
|
||||
None => status::Custom(Status::Unauthorized, "Invalid login token".to_string()),
|
||||
},
|
||||
None => status::Custom(Status::Unauthorized, "Not logged in".to_string()),
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -235,7 +235,7 @@ impl Image {
|
|||
VALUES ($1, $2);
|
||||
"#,
|
||||
)
|
||||
.bind(&uuid)
|
||||
.bind(uuid)
|
||||
.bind(user.username),
|
||||
)
|
||||
.await
|
||||
|
@ -263,7 +263,7 @@ impl Image {
|
|||
}
|
||||
}
|
||||
pub async fn is_owned_by(db: &mut Connection<Db>, uuid: &String, username: &String) -> Result<bool, String> {
|
||||
match Image::get_by_uuid(db, &uuid).await {
|
||||
match Image::get_by_uuid(db, uuid).await {
|
||||
Ok(img) => {
|
||||
Ok(&img.owner_name == username)
|
||||
},
|
||||
|
|
Loading…
Reference in New Issue