crtxcr
/
qswiki
1
0
Fork 0
Code Issues 21 Pull Requests 1 Releases Activity

Compare commits

base: crtxcr:9088154372f91cf6ef6db745732d5dea83314bfe
Branches Tags
crtxcr:master
crtxcr:next
crtxcr:WIP/cpp20
crtxcr:feature/markdown
...
compare: crtxcr:f08e235d0329b34db961f5e44029e795038ae1d0
Branches Tags
crtxcr:master
crtxcr:next
crtxcr:WIP/cpp20
crtxcr:feature/markdown

2 Commits
9088154372 ... f08e235d03

Author SHA1 Message Date
Albert S. f08e235d03 HandlerPageEdit: Use clearForPage() before setting Permissions 2023-08-11 09:22:04 +02:00
Albert S. 8998fb8793 PermissionsDao: Add clearForPage() 2023-08-11 09:21:02 +02:00
4 changed files with 33 additions and 8 deletions
Show Stats Expand all files Collapse all files

2
database/permissionsdao.h
View File

@ -9,6 +9,8 @@ class PermissionsDao
PermissionsDao();
virtual std::optional<Permissions> find(std::string pagename, std::string username) = 0;
virtual void save(std::string pagename, std::string username, Permissions perms) = 0;
virtual void clearForPage(std::string pagename) = 0;
virtual ~PermissionsDao() = default;
};

13
database/permissionsdaosqlite.cpp
View File

@ -59,3 +59,16 @@ void PermissionsDaoSqlite::save(std::string pagename, std::string username, Perm
throwFrom(e);
}
}
void PermissionsDaoSqlite::clearForPage(std::string pagename)
{
try
{
auto stmt = *db << "DELETE FROM permissions WHERE page = (SELECT id FROM page WHERE name = ?)" << pagename;
stmt.execute();
}
catch(sqlite::sqlite_exception &e)
{
throwFrom(e);
}
}

1
database/permissionsdaosqlite.h
View File

@ -10,6 +10,7 @@ class PermissionsDaoSqlite : public PermissionsDao, protected SqliteDao
std::optional<Permissions> find(std::string pagename, std::string username) override;
virtual void save(std::string pagename, std::string username, Permissions perms) override;
virtual void clearForPage(std::string pagename) override;
using SqliteDao::SqliteDao;
};

25
handlers/handlerpageedit.cpp
View File

@ -95,6 +95,9 @@ Response HandlerPageEdit::handleRequest(PageDao &pageDao, std::string pagename,
pagename = rename;
}
std::vector<std::pair<std::string, Permissions>> collectedPermissions;
auto permissionDao = this->database->createPermissionsDao();
for(const std::string &perm : perms)
{
auto splitted = utils::split(perm, '|');
@ -102,23 +105,29 @@ Response HandlerPageEdit::handleRequest(PageDao &pageDao, std::string pagename,
{
return this->errorResponse("Invalid command", "permissions command is misformated");
}
auto permissionDao = this->database->createPermissionsDao();
auto currentPermission = permissionDao->find(pagename, splitted[0]);
Permissions newPermissions = Permissions{splitted[1]};
if(!currentPermission || newPermissions != currentPermission.value())
{
if(this->userSession->user.permissions.canSetPagePerms())
{
permissionDao->save(pagename, splitted[0], newPermissions);
}
else
if(!this->userSession->user.permissions.canSetPagePerms())
{
this->database->rollbackTransaction();
return errorResponse("Invalid permissions",
"You don't have permission to change page permissions");
return errorResponse("Permission denied",
"You don't have permission to change permissions. Don't touch the "
"permission commands");
}
}
collectedPermissions.emplace_back(splitted[0], newPermissions);
}
if(this->userSession->user.permissions.canSetPagePerms())
{
permissionDao->clearForPage(pagename);
for(auto &perms : collectedPermissions)
{
permissionDao->save(pagename, perms.first, perms.second);
}
}
page.current_revision = current_revision;