From 96bc09e8b5ca0da0c42999e4ece0ee1b33302761 Mon Sep 17 00:00:00 2001 From: jude Date: Fri, 16 Jun 2023 10:20:42 +0100 Subject: [PATCH] correct authentication --- web/src/macros.rs | 20 ++++++++++++++++--- web/static/js/main.js | 32 ++++++++++++++++++++----------- web/templates/dashboard.html.tera | 12 ++++++++++++ 3 files changed, 50 insertions(+), 14 deletions(-) diff --git a/web/src/macros.rs b/web/src/macros.rs index 288617c..b16cc4f 100644 --- a/web/src/macros.rs +++ b/web/src/macros.rs @@ -56,14 +56,28 @@ macro_rules! check_authorization { Some(user_id) => { match GuildId($guild).to_guild_cached($ctx) { Some(guild) => { - let member = guild.member($ctx, UserId(user_id)).await; + let member_res = guild.member($ctx, UserId(user_id)).await; - match member { + match member_res { Err(_) => { return Err(json!({"error": "User not in guild"})); } - Ok(_) => {} + Ok(member) => { + let permissions_res = member.permissions($ctx); + + match permissions_res { + Err(_) => { + return Err(json!({"error": "Couldn't fetch permissions"})); + } + + Ok(permissions) => { + if !(permissions.manage_messages() || permissions.manage_guild() || permissions.administrator()) { + return Err(json!({"error": "Incorrect permissions"})); + } + } + } + } } } diff --git a/web/static/js/main.js b/web/static/js/main.js index 2bb3d40..406baa2 100644 --- a/web/static/js/main.js +++ b/web/static/js/main.js @@ -139,12 +139,18 @@ async function fetch_channels(guild_id) { const event = new Event("channelsLoading"); document.dispatchEvent(event); + let hasError = false; + await fetch(`/dashboard/api/guild/${guild_id}/channels`) .then((response) => response.json()) .then((data) => { if (data.error) { if (data.error === "Bot not in guild") { switch_pane("guild-error"); + hasError = true; + } else if (data.error === "Incorrect permissions") { + switch_pane("user-error"); + hasError = true; } else { show_error(data.error); } @@ -156,6 +162,8 @@ async function fetch_channels(guild_id) { const event = new Event("channelsLoaded"); document.dispatchEvent(event); }); + + return hasError; } async function fetch_reminders(guild_id) { @@ -416,19 +424,21 @@ document.addEventListener("guildSwitched", async (e) => { .forEach((el) => el.classList.remove("is-locked")); } - fetch_roles(e.detail.guild_id); - fetch_templates(e.detail.guild_id); - await fetch_channels(e.detail.guild_id); - fetch_reminders(e.detail.guild_id); + let hasError = await fetch_channels(e.detail.guild_id); + if (!hasError) { + fetch_roles(e.detail.guild_id); + fetch_templates(e.detail.guild_id); + fetch_reminders(e.detail.guild_id); - document.querySelectorAll("p.pageTitle").forEach((el) => { - el.textContent = `${e.detail.guild_name} Reminders`; - }); - document.querySelectorAll("select.channel-selector").forEach((el) => { - el.addEventListener("change", (e) => { - update_select(e.target); + document.querySelectorAll("p.pageTitle").forEach((el) => { + el.textContent = `${e.detail.guild_name} Reminders`; }); - }); + document.querySelectorAll("select.channel-selector").forEach((el) => { + el.addEventListener("change", (e) => { + update_select(e.target); + }); + }); + } $loader.classList.add("is-hidden"); }); diff --git a/web/templates/dashboard.html.tera b/web/templates/dashboard.html.tera index 3e459a7..810cb7c 100644 --- a/web/templates/dashboard.html.tera +++ b/web/templates/dashboard.html.tera @@ -334,6 +334,18 @@ +