Compare commits
2 Commits
9088154372
...
f08e235d03
Author | SHA1 | Date | |
---|---|---|---|
f08e235d03 | |||
8998fb8793 |
@ -9,6 +9,8 @@ class PermissionsDao
|
||||
PermissionsDao();
|
||||
virtual std::optional<Permissions> find(std::string pagename, std::string username) = 0;
|
||||
virtual void save(std::string pagename, std::string username, Permissions perms) = 0;
|
||||
virtual void clearForPage(std::string pagename) = 0;
|
||||
|
||||
virtual ~PermissionsDao() = default;
|
||||
};
|
||||
|
||||
|
@ -59,3 +59,16 @@ void PermissionsDaoSqlite::save(std::string pagename, std::string username, Perm
|
||||
throwFrom(e);
|
||||
}
|
||||
}
|
||||
|
||||
void PermissionsDaoSqlite::clearForPage(std::string pagename)
|
||||
{
|
||||
try
|
||||
{
|
||||
auto stmt = *db << "DELETE FROM permissions WHERE page = (SELECT id FROM page WHERE name = ?)" << pagename;
|
||||
stmt.execute();
|
||||
}
|
||||
catch(sqlite::sqlite_exception &e)
|
||||
{
|
||||
throwFrom(e);
|
||||
}
|
||||
}
|
||||
|
@ -10,6 +10,7 @@ class PermissionsDaoSqlite : public PermissionsDao, protected SqliteDao
|
||||
|
||||
std::optional<Permissions> find(std::string pagename, std::string username) override;
|
||||
virtual void save(std::string pagename, std::string username, Permissions perms) override;
|
||||
virtual void clearForPage(std::string pagename) override;
|
||||
using SqliteDao::SqliteDao;
|
||||
};
|
||||
|
||||
|
@ -95,6 +95,9 @@ Response HandlerPageEdit::handleRequest(PageDao &pageDao, std::string pagename,
|
||||
pagename = rename;
|
||||
}
|
||||
|
||||
std::vector<std::pair<std::string, Permissions>> collectedPermissions;
|
||||
|
||||
auto permissionDao = this->database->createPermissionsDao();
|
||||
for(const std::string &perm : perms)
|
||||
{
|
||||
auto splitted = utils::split(perm, '|');
|
||||
@ -102,23 +105,29 @@ Response HandlerPageEdit::handleRequest(PageDao &pageDao, std::string pagename,
|
||||
{
|
||||
return this->errorResponse("Invalid command", "permissions command is misformated");
|
||||
}
|
||||
auto permissionDao = this->database->createPermissionsDao();
|
||||
auto currentPermission = permissionDao->find(pagename, splitted[0]);
|
||||
|
||||
Permissions newPermissions = Permissions{splitted[1]};
|
||||
if(!currentPermission || newPermissions != currentPermission.value())
|
||||
{
|
||||
if(this->userSession->user.permissions.canSetPagePerms())
|
||||
{
|
||||
permissionDao->save(pagename, splitted[0], newPermissions);
|
||||
}
|
||||
else
|
||||
if(!this->userSession->user.permissions.canSetPagePerms())
|
||||
{
|
||||
this->database->rollbackTransaction();
|
||||
return errorResponse("Invalid permissions",
|
||||
"You don't have permission to change page permissions");
|
||||
return errorResponse("Permission denied",
|
||||
"You don't have permission to change permissions. Don't touch the "
|
||||
"permission commands");
|
||||
}
|
||||
}
|
||||
collectedPermissions.emplace_back(splitted[0], newPermissions);
|
||||
}
|
||||
|
||||
if(this->userSession->user.permissions.canSetPagePerms())
|
||||
{
|
||||
permissionDao->clearForPage(pagename);
|
||||
for(auto &perms : collectedPermissions)
|
||||
{
|
||||
permissionDao->save(pagename, perms.first, perms.second);
|
||||
}
|
||||
}
|
||||
|
||||
page.current_revision = current_revision;
|
||||
|
Loading…
Reference in New Issue
Block a user