From 0ac84da902b3d007103bced8bde2580a92ef4841 Mon Sep 17 00:00:00 2001 From: jusax23 Date: Wed, 29 Mar 2023 13:12:28 +0200 Subject: [PATCH] room right usage fix --- src/api/acts/roomContent.ts | 91 +++++++++++++++++++++++++++++++------ src/server/permissions.ts | 2 +- 2 files changed, 78 insertions(+), 15 deletions(-) diff --git a/src/api/acts/roomContent.ts b/src/api/acts/roomContent.ts index f78e3af..8c391e6 100644 --- a/src/api/acts/roomContent.ts +++ b/src/api/acts/roomContent.ts @@ -3,6 +3,7 @@ import { checkSelfTag } from "../../server/outbagURL.js"; import { Act, Client, STATE } from "../user.js"; import { db, listCategories, listItems, listProducts } from "../../sys/db.js"; import { isCategoryInRoom, isItemInRoom, isProductInRoom, isRoomDataFull } from "../helper.js" +import { ROOM_RIGHTS } from "../../server/permissions.js"; export const getCategories: Act = { state: STATE.client | STATE.remote, @@ -58,7 +59,7 @@ export const addCategory: Act = { aws(resp.state, resp.data); return; } - let roomID = await client.isInRoom(data.room); + let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.LIST_CAT_PROD); if (roomID == -1) { aws("error", "existence"); return; @@ -103,7 +104,7 @@ export const changeCategory: Act = { aws(resp.state, resp.data); return; } - let roomID = await client.isInRoom(data.room); + let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.LIST_CAT_PROD); if (roomID == -1) { aws("error", "existence"); return; @@ -137,7 +138,7 @@ export const changeCategoryWeights: Act = { aws(resp.state, resp.data); return; } - let roomID = await client.isInRoom(data.room); + let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.LIST_CAT_PROD); if (roomID == -1) { aws("error", "existence"); return; @@ -175,7 +176,7 @@ export const deleteCategory: Act = { aws(resp.state, resp.data); return; } - let roomID = await client.isInRoom(data.room); + let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.LIST_CAT_PROD); if (roomID == -1) { aws("error", "existence"); return; @@ -256,7 +257,7 @@ export const addProduct: Act = { aws(resp.state, resp.data); return; } - let roomID = await client.isInRoom(data.room); + let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.LIST_CAT_PROD); if (roomID == -1) { aws("error", "existence"); return; @@ -312,7 +313,7 @@ export const changeProduct: Act = { aws(resp.state, resp.data); return; } - let roomID = await client.isInRoom(data.room); + let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.LIST_CAT_PROD); if (roomID == -1) { aws("error", "existence"); return; @@ -351,16 +352,17 @@ export const deleteProduct: Act = { aws(resp.state, resp.data); return; } - let roomID = await client.isInRoom(data.room); + let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.LIST_CAT_PROD); if (roomID == -1) { aws("error", "existence"); return; } - if (!isCategoryInRoom(roomID, data.listCatID)) return void aws("error", "existence"); if (!isProductInRoom(roomID, data.listProdID)) return void aws("error", "existence"); let req = await remove(listProducts) - .where(eq(listProducts.listProdID, data.listProdID)) - .query(db); + .where(and( + eq(listProducts.listProdID, data.listProdID), + eq(listProducts.roomID, roomID), + )).query(db); if (req.affectedRows > 0) aws("ok", ""); else aws("error", "existence"); } @@ -418,7 +420,7 @@ export const addItem: Act = { data: { room: "string", server: "string", - state: "numer", + state: "number", title: "string-256", description: "string-4096", listCatID: "number", //-1 = no parent @@ -433,7 +435,7 @@ export const addItem: Act = { aws(resp.state, resp.data); return; } - let roomID = await client.isInRoom(data.room); + let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.ADD_ARTICLES); if (roomID == -1) { aws("error", "existence"); return; @@ -474,7 +476,7 @@ export const changeItem: Act = { room: "string", server: "string", listItemID: "number", - state: "numer", + state: "number", // 0 = added; 1 = in cart; 2 = bourght title: "string-256", description: "string-4096", listCatID: "number", //-1 = no parent @@ -489,7 +491,7 @@ export const changeItem: Act = { aws(resp.state, resp.data); return; } - let roomID = await client.isInRoom(data.room); + let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.ADD_ARTICLES); if (roomID == -1) { aws("error", "existence"); return; @@ -510,4 +512,65 @@ export const changeItem: Act = { if (req.affectedRows > 0) aws("ok", ""); else aws("error", "existence"); } +}; + +export const changeItemState: Act = { + state: STATE.client | STATE.remote, + right: 0, + data: { + room: "string", + server: "string", + listItemID: "number", + state: "number", + }, + func: async (client: Client, data: any, aws: (code: string, data: any) => void) => { + if (!checkSelfTag(data.server)) { + if (client.state != STATE.client) return void aws("error", "right"); + let resp = await client.pass(data.server, "changeItemState", data); + aws(resp.state, resp.data); + return; + } + let roomID = await client.isInRoom(data.room); + if (roomID == -1) { + aws("error", "existence"); + return; + } + if (!isItemInRoom(roomID, data.listItemID)) return void aws("error", "existence"); + let req = await update(listItems) + .set(listItems.state, data.state) + .where(eq(listItems.listItemID, data.listItemID)) + .query(db); + if (req.affectedRows > 0) aws("ok", ""); + else aws("error", "existence"); + } +}; + +export const deleteItem: Act = { + state: STATE.client | STATE.remote, + right: 0, + data: { + room: "string", + server: "string", + listItemID: "number" + }, + func: async (client: Client, data: any, aws: (code: string, data: any) => void) => { + if (!checkSelfTag(data.server)) { + if (client.state != STATE.client) return void aws("error", "right"); + let resp = await client.pass(data.server, "deleteItem", data); + aws(resp.state, resp.data); + return; + } + let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.REMOVE_ARTICLES); + if (roomID == -1) { + aws("error", "existence"); + return; + } + let req = await remove(listItems) + .where(and( + eq(listItems.listItemID, data.listItemID), + eq(listItems.roomID, roomID) + )).query(db); + if (req.affectedRows > 0) aws("ok", ""); + else aws("error", "existence"); + } }; \ No newline at end of file diff --git a/src/server/permissions.ts b/src/server/permissions.ts index 2dbbf61..a06d768 100644 --- a/src/server/permissions.ts +++ b/src/server/permissions.ts @@ -18,7 +18,7 @@ export const PERMISSIONS = { export const ROOM_RIGHTS = { //when changing, look in main (db defaults) ADD_ARTICLES: 0b0000001, //change or add articles REMOVE_ARTICLES: 0b0000010, - LIST_GROUPS_ITEMS: 0b0000100, //edit room intern listGroups and listItems + LIST_CAT_PROD: 0b0000100, //edit room intern listGroups and listItems CHANGE_META: 0b0001000, OTA: 0b0010000, //edit otas MANAGE_MEMBERS: 0b0100000,