correct authentication

This commit is contained in:
jude 2023-06-16 10:20:42 +01:00
parent 976fb91ecc
commit 96bc09e8b5
3 changed files with 50 additions and 14 deletions

View File

@ -56,14 +56,28 @@ macro_rules! check_authorization {
Some(user_id) => { Some(user_id) => {
match GuildId($guild).to_guild_cached($ctx) { match GuildId($guild).to_guild_cached($ctx) {
Some(guild) => { Some(guild) => {
let member = guild.member($ctx, UserId(user_id)).await; let member_res = guild.member($ctx, UserId(user_id)).await;
match member { match member_res {
Err(_) => { Err(_) => {
return Err(json!({"error": "User not in guild"})); return Err(json!({"error": "User not in guild"}));
} }
Ok(_) => {} Ok(member) => {
let permissions_res = member.permissions($ctx);
match permissions_res {
Err(_) => {
return Err(json!({"error": "Couldn't fetch permissions"}));
}
Ok(permissions) => {
if !(permissions.manage_messages() || permissions.manage_guild() || permissions.administrator()) {
return Err(json!({"error": "Incorrect permissions"}));
}
}
}
}
} }
} }

View File

@ -139,12 +139,18 @@ async function fetch_channels(guild_id) {
const event = new Event("channelsLoading"); const event = new Event("channelsLoading");
document.dispatchEvent(event); document.dispatchEvent(event);
let hasError = false;
await fetch(`/dashboard/api/guild/${guild_id}/channels`) await fetch(`/dashboard/api/guild/${guild_id}/channels`)
.then((response) => response.json()) .then((response) => response.json())
.then((data) => { .then((data) => {
if (data.error) { if (data.error) {
if (data.error === "Bot not in guild") { if (data.error === "Bot not in guild") {
switch_pane("guild-error"); switch_pane("guild-error");
hasError = true;
} else if (data.error === "Incorrect permissions") {
switch_pane("user-error");
hasError = true;
} else { } else {
show_error(data.error); show_error(data.error);
} }
@ -156,6 +162,8 @@ async function fetch_channels(guild_id) {
const event = new Event("channelsLoaded"); const event = new Event("channelsLoaded");
document.dispatchEvent(event); document.dispatchEvent(event);
}); });
return hasError;
} }
async function fetch_reminders(guild_id) { async function fetch_reminders(guild_id) {
@ -416,9 +424,10 @@ document.addEventListener("guildSwitched", async (e) => {
.forEach((el) => el.classList.remove("is-locked")); .forEach((el) => el.classList.remove("is-locked"));
} }
let hasError = await fetch_channels(e.detail.guild_id);
if (!hasError) {
fetch_roles(e.detail.guild_id); fetch_roles(e.detail.guild_id);
fetch_templates(e.detail.guild_id); fetch_templates(e.detail.guild_id);
await fetch_channels(e.detail.guild_id);
fetch_reminders(e.detail.guild_id); fetch_reminders(e.detail.guild_id);
document.querySelectorAll("p.pageTitle").forEach((el) => { document.querySelectorAll("p.pageTitle").forEach((el) => {
@ -429,6 +438,7 @@ document.addEventListener("guildSwitched", async (e) => {
update_select(e.target); update_select(e.target);
}); });
}); });
}
$loader.classList.add("is-hidden"); $loader.classList.add("is-hidden");
}); });

View File

@ -334,6 +334,18 @@
</div> </div>
</div> </div>
</section> </section>
<section id="user-error" class="is-hidden hero is-fullheight">
<div class="hero-body">
<div class="container has-text-centered">
<p class="title">
You do not have permissions for this server
</p>
<p class="subtitle">
Ask an admin to grant you the "Manage Messages" permission.
</p>
</div>
</div>
</section>
</div> </div>
<!-- /main content --> <!-- /main content -->
</div> </div>