room right usage fix

This commit is contained in:
jusax23 2023-03-29 13:12:28 +02:00
parent ce7012de3a
commit 0ac84da902
Signed by: jusax23
GPG key ID: 499E2AA870C1CD41
2 changed files with 78 additions and 15 deletions

View file

@ -3,6 +3,7 @@ import { checkSelfTag } from "../../server/outbagURL.js";
import { Act, Client, STATE } from "../user.js"; import { Act, Client, STATE } from "../user.js";
import { db, listCategories, listItems, listProducts } from "../../sys/db.js"; import { db, listCategories, listItems, listProducts } from "../../sys/db.js";
import { isCategoryInRoom, isItemInRoom, isProductInRoom, isRoomDataFull } from "../helper.js" import { isCategoryInRoom, isItemInRoom, isProductInRoom, isRoomDataFull } from "../helper.js"
import { ROOM_RIGHTS } from "../../server/permissions.js";
export const getCategories: Act = { export const getCategories: Act = {
state: STATE.client | STATE.remote, state: STATE.client | STATE.remote,
@ -58,7 +59,7 @@ export const addCategory: Act = {
aws(resp.state, resp.data); aws(resp.state, resp.data);
return; return;
} }
let roomID = await client.isInRoom(data.room); let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.LIST_CAT_PROD);
if (roomID == -1) { if (roomID == -1) {
aws("error", "existence"); aws("error", "existence");
return; return;
@ -103,7 +104,7 @@ export const changeCategory: Act = {
aws(resp.state, resp.data); aws(resp.state, resp.data);
return; return;
} }
let roomID = await client.isInRoom(data.room); let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.LIST_CAT_PROD);
if (roomID == -1) { if (roomID == -1) {
aws("error", "existence"); aws("error", "existence");
return; return;
@ -137,7 +138,7 @@ export const changeCategoryWeights: Act = {
aws(resp.state, resp.data); aws(resp.state, resp.data);
return; return;
} }
let roomID = await client.isInRoom(data.room); let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.LIST_CAT_PROD);
if (roomID == -1) { if (roomID == -1) {
aws("error", "existence"); aws("error", "existence");
return; return;
@ -175,7 +176,7 @@ export const deleteCategory: Act = {
aws(resp.state, resp.data); aws(resp.state, resp.data);
return; return;
} }
let roomID = await client.isInRoom(data.room); let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.LIST_CAT_PROD);
if (roomID == -1) { if (roomID == -1) {
aws("error", "existence"); aws("error", "existence");
return; return;
@ -256,7 +257,7 @@ export const addProduct: Act = {
aws(resp.state, resp.data); aws(resp.state, resp.data);
return; return;
} }
let roomID = await client.isInRoom(data.room); let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.LIST_CAT_PROD);
if (roomID == -1) { if (roomID == -1) {
aws("error", "existence"); aws("error", "existence");
return; return;
@ -312,7 +313,7 @@ export const changeProduct: Act = {
aws(resp.state, resp.data); aws(resp.state, resp.data);
return; return;
} }
let roomID = await client.isInRoom(data.room); let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.LIST_CAT_PROD);
if (roomID == -1) { if (roomID == -1) {
aws("error", "existence"); aws("error", "existence");
return; return;
@ -351,16 +352,17 @@ export const deleteProduct: Act = {
aws(resp.state, resp.data); aws(resp.state, resp.data);
return; return;
} }
let roomID = await client.isInRoom(data.room); let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.LIST_CAT_PROD);
if (roomID == -1) { if (roomID == -1) {
aws("error", "existence"); aws("error", "existence");
return; return;
} }
if (!isCategoryInRoom(roomID, data.listCatID)) return void aws("error", "existence");
if (!isProductInRoom(roomID, data.listProdID)) return void aws("error", "existence"); if (!isProductInRoom(roomID, data.listProdID)) return void aws("error", "existence");
let req = await remove(listProducts) let req = await remove(listProducts)
.where(eq(listProducts.listProdID, data.listProdID)) .where(and(
.query(db); eq(listProducts.listProdID, data.listProdID),
eq(listProducts.roomID, roomID),
)).query(db);
if (req.affectedRows > 0) aws("ok", ""); if (req.affectedRows > 0) aws("ok", "");
else aws("error", "existence"); else aws("error", "existence");
} }
@ -418,7 +420,7 @@ export const addItem: Act = {
data: { data: {
room: "string", room: "string",
server: "string", server: "string",
state: "numer", state: "number",
title: "string-256", title: "string-256",
description: "string-4096", description: "string-4096",
listCatID: "number", //-1 = no parent listCatID: "number", //-1 = no parent
@ -433,7 +435,7 @@ export const addItem: Act = {
aws(resp.state, resp.data); aws(resp.state, resp.data);
return; return;
} }
let roomID = await client.isInRoom(data.room); let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.ADD_ARTICLES);
if (roomID == -1) { if (roomID == -1) {
aws("error", "existence"); aws("error", "existence");
return; return;
@ -474,7 +476,7 @@ export const changeItem: Act = {
room: "string", room: "string",
server: "string", server: "string",
listItemID: "number", listItemID: "number",
state: "numer", state: "number", // 0 = added; 1 = in cart; 2 = bourght
title: "string-256", title: "string-256",
description: "string-4096", description: "string-4096",
listCatID: "number", //-1 = no parent listCatID: "number", //-1 = no parent
@ -489,7 +491,7 @@ export const changeItem: Act = {
aws(resp.state, resp.data); aws(resp.state, resp.data);
return; return;
} }
let roomID = await client.isInRoom(data.room); let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.ADD_ARTICLES);
if (roomID == -1) { if (roomID == -1) {
aws("error", "existence"); aws("error", "existence");
return; return;
@ -511,3 +513,64 @@ export const changeItem: Act = {
else aws("error", "existence"); else aws("error", "existence");
} }
}; };
export const changeItemState: Act = {
state: STATE.client | STATE.remote,
right: 0,
data: {
room: "string",
server: "string",
listItemID: "number",
state: "number",
},
func: async (client: Client, data: any, aws: (code: string, data: any) => void) => {
if (!checkSelfTag(data.server)) {
if (client.state != STATE.client) return void aws("error", "right");
let resp = await client.pass(data.server, "changeItemState", data);
aws(resp.state, resp.data);
return;
}
let roomID = await client.isInRoom(data.room);
if (roomID == -1) {
aws("error", "existence");
return;
}
if (!isItemInRoom(roomID, data.listItemID)) return void aws("error", "existence");
let req = await update(listItems)
.set(listItems.state, data.state)
.where(eq(listItems.listItemID, data.listItemID))
.query(db);
if (req.affectedRows > 0) aws("ok", "");
else aws("error", "existence");
}
};
export const deleteItem: Act = {
state: STATE.client | STATE.remote,
right: 0,
data: {
room: "string",
server: "string",
listItemID: "number"
},
func: async (client: Client, data: any, aws: (code: string, data: any) => void) => {
if (!checkSelfTag(data.server)) {
if (client.state != STATE.client) return void aws("error", "right");
let resp = await client.pass(data.server, "deleteItem", data);
aws(resp.state, resp.data);
return;
}
let roomID = await client.isRoomAdmin(data.room, ROOM_RIGHTS.REMOVE_ARTICLES);
if (roomID == -1) {
aws("error", "existence");
return;
}
let req = await remove(listItems)
.where(and(
eq(listItems.listItemID, data.listItemID),
eq(listItems.roomID, roomID)
)).query(db);
if (req.affectedRows > 0) aws("ok", "");
else aws("error", "existence");
}
};

View file

@ -18,7 +18,7 @@ export const PERMISSIONS = {
export const ROOM_RIGHTS = { //when changing, look in main (db defaults) export const ROOM_RIGHTS = { //when changing, look in main (db defaults)
ADD_ARTICLES: 0b0000001, //change or add articles ADD_ARTICLES: 0b0000001, //change or add articles
REMOVE_ARTICLES: 0b0000010, REMOVE_ARTICLES: 0b0000010,
LIST_GROUPS_ITEMS: 0b0000100, //edit room intern listGroups and listItems LIST_CAT_PROD: 0b0000100, //edit room intern listGroups and listItems
CHANGE_META: 0b0001000, CHANGE_META: 0b0001000,
OTA: 0b0010000, //edit otas OTA: 0b0010000, //edit otas
MANAGE_MEMBERS: 0b0100000, MANAGE_MEMBERS: 0b0100000,