gorb/backend
4
0
Fork 1
Code Issues 1 Pull requests 1 Projects Releases Packages 1 Wiki Activity Actions

Compare commits

base: gorb:419f37b108075eab5c67ad03c51bbfd8dc7e4a42
Branches Tags
gorb:main
gorb:wip/federation-impl
gorb:wip/local-data-folder
gorb:wip/invite-deletion
..
compare: gorb:95c942eee419c89a4dad069f307ca366890ebaaa
Branches Tags
gorb:main
gorb:wip/federation-impl
gorb:wip/local-data-folder
gorb:wip/invite-deletion

2 commits
419f37b108 ... 95c942eee4

Author SHA1 Message Date
Radical
95c942eee4 feat: use permission system
All checks were successful
ci/woodpecker/push/build-and-publish Pipeline was successful
Details
ci/woodpecker/push/publish-docs Pipeline was successful
Details
2025-06-06 17:49:06 +02:00
Radical
0588541876 feat: move ownership to member column instead of table column 2025-06-06 17:20:02 +02:00
12 changed files with 167 additions and 87 deletions
Download patch file Download diff file Expand all files Collapse all files

14
migrations/2025-06-06-145916_guild_ownership_changes/down.sql Normal file
View file

@ -0,0 +1,14 @@
-- This file should undo anything in `up.sql`
ALTER TABLE guilds
ADD COLUMN owner_uuid UUID REFERENCES users(uuid);
UPDATE guilds g
SET owner_uuid = gm.user_uuid
FROM guild_members gm
WHERE gm.guild_uuid = g.uuid AND gm.is_owner = TRUE;
ALTER TABLE guilds
ALTER COLUMN owner_uuid SET NOT NULL;
ALTER TABLE guild_members
DROP COLUMN is_owner;

14
migrations/2025-06-06-145916_guild_ownership_changes/up.sql Normal file
View file

@ -0,0 +1,14 @@
-- Your SQL goes here
ALTER TABLE guild_members
ADD COLUMN is_owner BOOLEAN NOT NULL DEFAULT false;
UPDATE guild_members gm
SET is_owner = true
FROM guilds g
WHERE gm.guild_uuid = g.uuid AND gm.user_uuid = g.owner_uuid;
CREATE UNIQUE INDEX one_owner_per_guild ON guild_members (guild_uuid)
WHERE is_owner;
ALTER TABLE guilds
DROP COLUMN owner_uuid;

14
src/api/v1/channels/uuid/mod.rs
View file

@ -4,11 +4,7 @@ pub mod messages;
pub mod socket; pub mod socket;
use crate::{ use crate::{
Data, api::v1::auth::check_access_token, error::Error, objects::{Channel, Member, Permissions}, utils::{get_auth_header, global_checks}, Data
api::v1::auth::check_access_token,
error::Error,
objects::{Channel, Member},
utils::{get_auth_header, global_checks},
}; };
use actix_web::{HttpRequest, HttpResponse, delete, get, patch, web}; use actix_web::{HttpRequest, HttpResponse, delete, get, patch, web};
use serde::Deserialize; use serde::Deserialize;
@ -59,7 +55,9 @@ pub async fn delete(
let channel = Channel::fetch_one(&data, channel_uuid).await?; let channel = Channel::fetch_one(&data, channel_uuid).await?;
Member::check_membership(&mut conn, uuid, channel.guild_uuid).await?; let member = Member::check_membership(&mut conn, uuid, channel.guild_uuid).await?;
member.check_permission(&data, Permissions::DeleteChannel).await?;
channel.delete(&data).await?; channel.delete(&data).await?;
@ -125,7 +123,9 @@ pub async fn patch(
let mut channel = Channel::fetch_one(&data, channel_uuid).await?; let mut channel = Channel::fetch_one(&data, channel_uuid).await?;
Member::check_membership(&mut conn, uuid, channel.guild_uuid).await?; let member = Member::check_membership(&mut conn, uuid, channel.guild_uuid).await?;
member.check_permission(&data, Permissions::ManageChannel).await?;
if let Some(new_name) = &new_info.name { if let Some(new_name) = &new_info.name {
channel.set_name(&data, new_name.to_string()).await?; channel.set_name(&data, new_name.to_string()).await?;

10
src/api/v1/guilds/uuid/channels.rs
View file

@ -1,9 +1,5 @@
use crate::{ use crate::{
Data, api::v1::auth::check_access_token, error::Error, objects::{Channel, Member, Permissions}, utils::{get_auth_header, global_checks, order_by_is_above}, Data
api::v1::auth::check_access_token,
error::Error,
objects::{Channel, Member},
utils::{get_auth_header, global_checks, order_by_is_above},
}; };
use ::uuid::Uuid; use ::uuid::Uuid;
use actix_web::{HttpRequest, HttpResponse, get, post, web}; use actix_web::{HttpRequest, HttpResponse, get, post, web};
@ -74,9 +70,9 @@ pub async fn create(
global_checks(&data, uuid).await?; global_checks(&data, uuid).await?;
Member::check_membership(&mut conn, uuid, guild_uuid).await?; let member = Member::check_membership(&mut conn, uuid, guild_uuid).await?;
// FIXME: Logic to check permissions, should probably be done in utils.rs member.check_permission(&data, Permissions::CreateChannel).await?;
let channel = Channel::new( let channel = Channel::new(
data.clone(), data.clone(),

10
src/api/v1/guilds/uuid/icon.rs
View file

@ -5,11 +5,7 @@ use futures_util::StreamExt as _;
use uuid::Uuid; use uuid::Uuid;
use crate::{ use crate::{
Data, api::v1::auth::check_access_token, error::Error, objects::{Guild, Member, Permissions}, utils::{get_auth_header, global_checks}, Data
api::v1::auth::check_access_token,
error::Error,
objects::{Guild, Member},
utils::{get_auth_header, global_checks},
}; };
/// `PUT /api/v1/guilds/{uuid}/icon` Icon upload /// `PUT /api/v1/guilds/{uuid}/icon` Icon upload
@ -36,7 +32,9 @@ pub async fn upload(
global_checks(&data, uuid).await?; global_checks(&data, uuid).await?;
Member::check_membership(&mut conn, uuid, guild_uuid).await?; let member = Member::check_membership(&mut conn, uuid, guild_uuid).await?;
member.check_permission(&data, Permissions::ManageServer).await?;
let mut guild = Guild::fetch_one(&mut conn, guild_uuid).await?; let mut guild = Guild::fetch_one(&mut conn, guild_uuid).await?;

10
src/api/v1/guilds/uuid/invites/mod.rs
View file

@ -3,11 +3,7 @@ use serde::Deserialize;
use uuid::Uuid; use uuid::Uuid;
use crate::{ use crate::{
Data, api::v1::auth::check_access_token, error::Error, objects::{Guild, Member, Permissions}, utils::{get_auth_header, global_checks}, Data
api::v1::auth::check_access_token,
error::Error,
objects::{Guild, Member},
utils::{get_auth_header, global_checks},
}; };
#[derive(Deserialize)] #[derive(Deserialize)]
@ -61,7 +57,9 @@ pub async fn create(
global_checks(&data, uuid).await?; global_checks(&data, uuid).await?;
Member::check_membership(&mut conn, uuid, guild_uuid).await?; let member = Member::check_membership(&mut conn, uuid, guild_uuid).await?;
member.check_permission(&data, Permissions::CreateInvite).await?;
let guild = Guild::fetch_one(&mut conn, guild_uuid).await?; let guild = Guild::fetch_one(&mut conn, guild_uuid).await?;

10
src/api/v1/guilds/uuid/roles/mod.rs
View file

@ -3,11 +3,7 @@ use actix_web::{HttpRequest, HttpResponse, get, post, web};
use serde::Deserialize; use serde::Deserialize;
use crate::{ use crate::{
Data, api::v1::auth::check_access_token, error::Error, objects::{Member, Permissions, Role}, utils::{get_auth_header, global_checks, order_by_is_above}, Data
api::v1::auth::check_access_token,
error::Error,
objects::{Member, Role},
utils::{get_auth_header, global_checks, order_by_is_above},
}; };
pub mod uuid; pub mod uuid;
@ -70,9 +66,9 @@ pub async fn create(
global_checks(&data, uuid).await?; global_checks(&data, uuid).await?;
Member::check_membership(&mut conn, uuid, guild_uuid).await?; let member = Member::check_membership(&mut conn, uuid, guild_uuid).await?;
// FIXME: Logic to check permissions, should probably be done in utils.rs member.check_permission(&data, Permissions::CreateRole).await?;
let role = Role::new(&mut conn, guild_uuid, role_info.name.clone()).await?; let role = Role::new(&mut conn, guild_uuid, role_info.name.clone()).await?;

6
src/objects/guild.rs
View file

@ -26,7 +26,6 @@ pub struct GuildBuilder {
name: String, name: String,
description: Option<String>, description: Option<String>,
icon: Option<String>, icon: Option<String>,
owner_uuid: Uuid,
} }
impl GuildBuilder { impl GuildBuilder {
@ -40,7 +39,6 @@ impl GuildBuilder {
name: self.name, name: self.name,
description: self.description, description: self.description,
icon: self.icon.and_then(|i| i.parse().ok()), icon: self.icon.and_then(|i| i.parse().ok()),
owner_uuid: self.owner_uuid,
roles, roles,
member_count, member_count,
}) })
@ -53,7 +51,6 @@ pub struct Guild {
name: String, name: String,
description: Option<String>, description: Option<String>,
icon: Option<Url>, icon: Option<Url>,
owner_uuid: Uuid,
pub roles: Vec<Role>, pub roles: Vec<Role>,
member_count: i64, member_count: i64,
} }
@ -110,7 +107,6 @@ impl Guild {
name: name.clone(), name: name.clone(),
description: None, description: None,
icon: None, icon: None,
owner_uuid,
}; };
insert_into(guilds::table) insert_into(guilds::table)
@ -125,6 +121,7 @@ impl Guild {
nickname: None, nickname: None,
user_uuid: owner_uuid, user_uuid: owner_uuid,
guild_uuid, guild_uuid,
is_owner: true,
}; };
insert_into(guild_members::table) insert_into(guild_members::table)
@ -137,7 +134,6 @@ impl Guild {
name, name,
description: None, description: None,
icon: None, icon: None,
owner_uuid,
roles: vec![], roles: vec![],
member_count: 1, member_count: 1,
}) })

26
src/objects/member.rs
View file

@ -5,7 +5,7 @@ use diesel_async::RunQueryDsl;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use uuid::Uuid; use uuid::Uuid;
use crate::{Conn, Data, error::Error, schema::guild_members}; use crate::{error::Error, objects::{Permissions, Role}, schema::guild_members, Conn, Data};
use super::{User, load_or_empty}; use super::{User, load_or_empty};
@ -17,10 +17,11 @@ pub struct MemberBuilder {
pub nickname: Option<String>, pub nickname: Option<String>,
pub user_uuid: Uuid, pub user_uuid: Uuid,
pub guild_uuid: Uuid, pub guild_uuid: Uuid,
pub is_owner: bool,
} }
impl MemberBuilder { impl MemberBuilder {
async fn build(&self, data: &Data) -> Result<Member, Error> { pub async fn build(&self, data: &Data) -> Result<Member, Error> {
let user = User::fetch_one(data, self.user_uuid).await?; let user = User::fetch_one(data, self.user_uuid).await?;
Ok(Member { Ok(Member {
@ -28,9 +29,22 @@ impl MemberBuilder {
nickname: self.nickname.clone(), nickname: self.nickname.clone(),
user_uuid: self.user_uuid, user_uuid: self.user_uuid,
guild_uuid: self.guild_uuid, guild_uuid: self.guild_uuid,
is_owner: self.is_owner,
user, user,
}) })
} }
pub async fn check_permission(&self, data: &Data, permission: Permissions) -> Result<(), Error> {
if !self.is_owner {
let roles = Role::fetch_from_member(&data, self.uuid).await?;
let allowed = roles.iter().any(|r| r.permissions & permission as i64 != 0);
if !allowed {
return Err(Error::Forbidden("Not allowed".to_string()))
}
}
Ok(())
}
} }
#[derive(Serialize, Deserialize)] #[derive(Serialize, Deserialize)]
@ -39,6 +53,7 @@ pub struct Member {
pub nickname: Option<String>, pub nickname: Option<String>,
pub user_uuid: Uuid, pub user_uuid: Uuid,
pub guild_uuid: Uuid, pub guild_uuid: Uuid,
pub is_owner: bool,
user: User, user: User,
} }
@ -58,16 +73,16 @@ impl Member {
conn: &mut Conn, conn: &mut Conn,
user_uuid: Uuid, user_uuid: Uuid,
guild_uuid: Uuid, guild_uuid: Uuid,
) -> Result<(), Error> { ) -> Result<MemberBuilder, Error> {
use guild_members::dsl; use guild_members::dsl;
dsl::guild_members let member_builder = dsl::guild_members
.filter(dsl::user_uuid.eq(user_uuid)) .filter(dsl::user_uuid.eq(user_uuid))
.filter(dsl::guild_uuid.eq(guild_uuid)) .filter(dsl::guild_uuid.eq(guild_uuid))
.select(MemberBuilder::as_select()) .select(MemberBuilder::as_select())
.get_result(conn) .get_result(conn)
.await?; .await?;
Ok(()) Ok(member_builder)
} }
pub async fn fetch_one(data: &Data, user_uuid: Uuid, guild_uuid: Uuid) -> Result<Self, Error> { pub async fn fetch_one(data: &Data, user_uuid: Uuid, guild_uuid: Uuid) -> Result<Self, Error> {
@ -113,6 +128,7 @@ impl Member {
guild_uuid, guild_uuid,
user_uuid, user_uuid,
nickname: None, nickname: None,
is_owner: false,
}; };
insert_into(guild_members::table) insert_into(guild_members::table)

39
src/objects/mod.rs
View file

@ -27,6 +27,7 @@ pub use member::Member;
pub use message::Message; pub use message::Message;
pub use password_reset_token::PasswordResetToken; pub use password_reset_token::PasswordResetToken;
pub use role::Role; pub use role::Role;
pub use role::Permissions;
pub use user::User; pub use user::User;
use crate::error::Error; use crate::error::Error;
@ -111,44 +112,6 @@ impl MailClient {
} }
} }
#[derive(Clone, Copy)]
pub enum Permissions {
SendMessage = 1,
CreateChannel = 2,
DeleteChannel = 4,
ManageChannel = 8,
CreateRole = 16,
DeleteRole = 32,
ManageRole = 64,
CreateInvite = 128,
ManageInvite = 256,
ManageServer = 512,
ManageMember = 1024,
}
impl Permissions {
pub fn fetch_permissions(permissions: i64) -> Vec<Self> {
let all_perms = vec![
Self::SendMessage,
Self::CreateChannel,
Self::DeleteChannel,
Self::ManageChannel,
Self::CreateRole,
Self::DeleteRole,
Self::ManageRole,
Self::CreateInvite,
Self::ManageInvite,
Self::ManageServer,
Self::ManageMember,
];
all_perms
.into_iter()
.filter(|p| permissions & (*p as i64) != 0)
.collect()
}
}
#[derive(Deserialize)] #[derive(Deserialize)]
pub struct StartAmountQuery { pub struct StartAmountQuery {
pub start: Option<i64>, pub start: Option<i64>,

98
src/objects/role.rs
View file

@ -3,14 +3,14 @@ use diesel::{
update, update,
}; };
use diesel_async::RunQueryDsl; use diesel_async::RunQueryDsl;
use serde::Serialize; use serde::{Deserialize, Serialize};
use uuid::Uuid; use uuid::Uuid;
use crate::{Conn, error::Error, schema::roles, utils::order_by_is_above}; use crate::{error::Error, schema::{role_members, roles}, utils::order_by_is_above, Conn, Data};
use super::{HasIsAbove, HasUuid, load_or_empty}; use super::{HasIsAbove, HasUuid, load_or_empty};
#[derive(Serialize, Clone, Queryable, Selectable, Insertable)] #[derive(Deserialize, Serialize, Clone, Queryable, Selectable, Insertable)]
#[diesel(table_name = roles)] #[diesel(table_name = roles)]
#[diesel(check_for_backend(diesel::pg::Pg))] #[diesel(check_for_backend(diesel::pg::Pg))]
pub struct Role { pub struct Role {
@ -19,7 +19,28 @@ pub struct Role {
name: String, name: String,
color: i32, color: i32,
is_above: Option<Uuid>, is_above: Option<Uuid>,
permissions: i64, pub permissions: i64,
}
#[derive(Serialize, Clone, Queryable, Selectable, Insertable)]
#[diesel(table_name = role_members)]
#[diesel(check_for_backend(diesel::pg::Pg))]
pub struct RoleMember {
role_uuid: Uuid,
member_uuid: Uuid,
}
impl RoleMember {
async fn fetch_role(&self, conn: &mut Conn) -> Result<Role, Error> {
use roles::dsl;
let role: Role = dsl::roles
.filter(dsl::uuid.eq(self.role_uuid))
.select(Role::as_select())
.get_result(conn)
.await?;
Ok(role)
}
} }
impl HasUuid for Role { impl HasUuid for Role {
@ -48,6 +69,33 @@ impl Role {
Ok(roles) Ok(roles)
} }
pub async fn fetch_from_member(data: &Data, member_uuid: Uuid) -> Result<Vec<Self>, Error> {
if let Ok(roles) = data.get_cache_key(format!("{}_roles", member_uuid)).await {
return Ok(serde_json::from_str(&roles)?)
}
let mut conn = data.pool.get().await?;
use role_members::dsl;
let role_memberships: Vec<RoleMember> = load_or_empty(
dsl::role_members
.filter(dsl::member_uuid.eq(member_uuid))
.select(RoleMember::as_select())
.load(&mut conn)
.await,
)?;
let mut roles = vec![];
for membership in role_memberships {
roles.push(membership.fetch_role(&mut conn).await?);
}
data.set_cache_key(format!("{}_roles", member_uuid), roles.clone(), 300).await?;
Ok(roles)
}
pub async fn fetch_one(conn: &mut Conn, role_uuid: Uuid) -> Result<Self, Error> { pub async fn fetch_one(conn: &mut Conn, role_uuid: Uuid) -> Result<Self, Error> {
use roles::dsl; use roles::dsl;
let role: Role = dsl::roles let role: Role = dsl::roles
@ -59,6 +107,10 @@ impl Role {
Ok(role) Ok(role)
} }
pub async fn fetch_permissions(&self) -> Vec<Permissions> {
Permissions::fetch_permissions(self.permissions.clone())
}
pub async fn new(conn: &mut Conn, guild_uuid: Uuid, name: String) -> Result<Self, Error> { pub async fn new(conn: &mut Conn, guild_uuid: Uuid, name: String) -> Result<Self, Error> {
let role_uuid = Uuid::now_v7(); let role_uuid = Uuid::now_v7();
@ -94,3 +146,41 @@ impl Role {
Ok(new_role) Ok(new_role)
} }
} }
#[derive(Clone, Copy, PartialEq, Eq)]
pub enum Permissions {
SendMessage = 1,
CreateChannel = 2,
DeleteChannel = 4,
ManageChannel = 8,
CreateRole = 16,
DeleteRole = 32,
ManageRole = 64,
CreateInvite = 128,
ManageInvite = 256,
ManageServer = 512,
ManageMember = 1024,
}
impl Permissions {
pub fn fetch_permissions(permissions: i64) -> Vec<Self> {
let all_perms = vec![
Self::SendMessage,
Self::CreateChannel,
Self::DeleteChannel,
Self::ManageChannel,
Self::CreateRole,
Self::DeleteRole,
Self::ManageRole,
Self::CreateInvite,
Self::ManageInvite,
Self::ManageServer,
Self::ManageMember,
];
all_perms
.into_iter()
.filter(|p| permissions & (*p as i64) != 0)
.collect()
}
}

3
src/schema.rs
View file

@ -38,13 +38,13 @@ diesel::table! {
user_uuid -> Uuid, user_uuid -> Uuid,
#[max_length = 100] #[max_length = 100]
nickname -> Nullable<Varchar>, nickname -> Nullable<Varchar>,
is_owner -> Bool,
} }
} }
diesel::table! { diesel::table! {
guilds (uuid) { guilds (uuid) {
uuid -> Uuid, uuid -> Uuid,
owner_uuid -> Uuid,
#[max_length = 100] #[max_length = 100]
name -> Varchar, name -> Varchar,
#[max_length = 300] #[max_length = 300]
@ -139,7 +139,6 @@ diesel::joinable!(channel_permissions -> channels (channel_uuid));
diesel::joinable!(channels -> guilds (guild_uuid)); diesel::joinable!(channels -> guilds (guild_uuid));
diesel::joinable!(guild_members -> guilds (guild_uuid)); diesel::joinable!(guild_members -> guilds (guild_uuid));
diesel::joinable!(guild_members -> users (user_uuid)); diesel::joinable!(guild_members -> users (user_uuid));
diesel::joinable!(guilds -> users (owner_uuid));
diesel::joinable!(instance_permissions -> users (uuid)); diesel::joinable!(instance_permissions -> users (uuid));
diesel::joinable!(invites -> guilds (guild_uuid)); diesel::joinable!(invites -> guilds (guild_uuid));
diesel::joinable!(invites -> users (user_uuid)); diesel::joinable!(invites -> users (user_uuid));