Compare commits
2 Commits
9088154372
...
f08e235d03
Author | SHA1 | Date | |
---|---|---|---|
f08e235d03 | |||
8998fb8793 |
@ -9,6 +9,8 @@ class PermissionsDao
|
|||||||
PermissionsDao();
|
PermissionsDao();
|
||||||
virtual std::optional<Permissions> find(std::string pagename, std::string username) = 0;
|
virtual std::optional<Permissions> find(std::string pagename, std::string username) = 0;
|
||||||
virtual void save(std::string pagename, std::string username, Permissions perms) = 0;
|
virtual void save(std::string pagename, std::string username, Permissions perms) = 0;
|
||||||
|
virtual void clearForPage(std::string pagename) = 0;
|
||||||
|
|
||||||
virtual ~PermissionsDao() = default;
|
virtual ~PermissionsDao() = default;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -59,3 +59,16 @@ void PermissionsDaoSqlite::save(std::string pagename, std::string username, Perm
|
|||||||
throwFrom(e);
|
throwFrom(e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void PermissionsDaoSqlite::clearForPage(std::string pagename)
|
||||||
|
{
|
||||||
|
try
|
||||||
|
{
|
||||||
|
auto stmt = *db << "DELETE FROM permissions WHERE page = (SELECT id FROM page WHERE name = ?)" << pagename;
|
||||||
|
stmt.execute();
|
||||||
|
}
|
||||||
|
catch(sqlite::sqlite_exception &e)
|
||||||
|
{
|
||||||
|
throwFrom(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@ -10,6 +10,7 @@ class PermissionsDaoSqlite : public PermissionsDao, protected SqliteDao
|
|||||||
|
|
||||||
std::optional<Permissions> find(std::string pagename, std::string username) override;
|
std::optional<Permissions> find(std::string pagename, std::string username) override;
|
||||||
virtual void save(std::string pagename, std::string username, Permissions perms) override;
|
virtual void save(std::string pagename, std::string username, Permissions perms) override;
|
||||||
|
virtual void clearForPage(std::string pagename) override;
|
||||||
using SqliteDao::SqliteDao;
|
using SqliteDao::SqliteDao;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -95,6 +95,9 @@ Response HandlerPageEdit::handleRequest(PageDao &pageDao, std::string pagename,
|
|||||||
pagename = rename;
|
pagename = rename;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
std::vector<std::pair<std::string, Permissions>> collectedPermissions;
|
||||||
|
|
||||||
|
auto permissionDao = this->database->createPermissionsDao();
|
||||||
for(const std::string &perm : perms)
|
for(const std::string &perm : perms)
|
||||||
{
|
{
|
||||||
auto splitted = utils::split(perm, '|');
|
auto splitted = utils::split(perm, '|');
|
||||||
@ -102,23 +105,29 @@ Response HandlerPageEdit::handleRequest(PageDao &pageDao, std::string pagename,
|
|||||||
{
|
{
|
||||||
return this->errorResponse("Invalid command", "permissions command is misformated");
|
return this->errorResponse("Invalid command", "permissions command is misformated");
|
||||||
}
|
}
|
||||||
auto permissionDao = this->database->createPermissionsDao();
|
|
||||||
auto currentPermission = permissionDao->find(pagename, splitted[0]);
|
auto currentPermission = permissionDao->find(pagename, splitted[0]);
|
||||||
|
|
||||||
Permissions newPermissions = Permissions{splitted[1]};
|
Permissions newPermissions = Permissions{splitted[1]};
|
||||||
if(!currentPermission || newPermissions != currentPermission.value())
|
if(!currentPermission || newPermissions != currentPermission.value())
|
||||||
{
|
{
|
||||||
if(this->userSession->user.permissions.canSetPagePerms())
|
if(!this->userSession->user.permissions.canSetPagePerms())
|
||||||
{
|
|
||||||
permissionDao->save(pagename, splitted[0], newPermissions);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
{
|
||||||
this->database->rollbackTransaction();
|
this->database->rollbackTransaction();
|
||||||
return errorResponse("Invalid permissions",
|
return errorResponse("Permission denied",
|
||||||
"You don't have permission to change page permissions");
|
"You don't have permission to change permissions. Don't touch the "
|
||||||
|
"permission commands");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
collectedPermissions.emplace_back(splitted[0], newPermissions);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(this->userSession->user.permissions.canSetPagePerms())
|
||||||
|
{
|
||||||
|
permissionDao->clearForPage(pagename);
|
||||||
|
for(auto &perms : collectedPermissions)
|
||||||
|
{
|
||||||
|
permissionDao->save(pagename, perms.first, perms.second);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
page.current_revision = current_revision;
|
page.current_revision = current_revision;
|
||||||
|
Loading…
Reference in New Issue
Block a user