From 31349a47d3fa12ed15f409654d0af2c0ba0645d2 Mon Sep 17 00:00:00 2001 From: "Shane A. Faulkner" Date: Sat, 14 Jul 2018 01:09:20 -0500 Subject: [PATCH] Very dirty addition of missing api's --- src/api/core/ciphers.rs | 43 +++++++++++++++++++++++++++++++++++++++++ src/api/core/mod.rs | 3 +++ 2 files changed, 46 insertions(+) diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs index 29f9e8c6..30aab620 100644 --- a/src/api/core/ciphers.rs +++ b/src/api/core/ciphers.rs @@ -415,6 +415,32 @@ fn post_attachment(uuid: String, data: Data, content_type: &ContentType, headers Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn))) } +#[post("/ciphers//attachment-admin", format = "multipart/form-data", data = "")] +fn post_attachment_admin(uuid: String, data: Data, content_type: &ContentType, headers: Headers, conn: DbConn) -> JsonResult { + post_attachment(uuid, data, content_type, headers, conn) +} + +#[post("/ciphers//attachment//share", format = "multipart/form-data", data = "")] +fn post_attachment_share(uuid: String, attachment_id: String, data: Data, content_type: &ContentType, headers: Headers, conn: DbConn) -> JsonResult { + + let cipher = match Cipher::find_by_uuid(&uuid, &conn) { + Some(cipher) => cipher, + None => err!("Cipher doesn't exist") + }; + + if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) { + err!("Cipher is not write accessible") + }; + + try!(_delete_cipher_attachment_by_uuid(&uuid, &attachment_id, &conn)); + post_attachment(uuid, data, content_type, headers, conn) +} + +#[post("/ciphers//attachment//delete-admin")] +fn delete_attachment_post_admin(uuid: String, attachment_id: String, headers: Headers, conn: DbConn) -> EmptyResult { + delete_attachment(uuid, attachment_id, headers, conn) +} + #[post("/ciphers//attachment//delete")] fn delete_attachment_post(uuid: String, attachment_id: String, headers: Headers, conn: DbConn) -> EmptyResult { delete_attachment(uuid, attachment_id, headers, conn) @@ -578,3 +604,20 @@ fn _delete_cipher_by_uuid(uuid: &str, headers: &Headers, conn: &DbConn) -> Empty Err(_) => err!("Failed deleting cipher") } } + +fn _delete_cipher_attachment_by_uuid(uuid: &str, attachment_id: &str, conn: &DbConn) -> EmptyResult { + let attachment = match Attachment::find_by_id(&attachment_id, &conn) { + Some(attachment) => attachment, + None => err!("Attachment doesn't exist") + }; + + if attachment.cipher_uuid != uuid { + err!("Attachment from other cipher") + } + + // Delete attachment + match attachment.delete(&conn) { + Ok(()) => Ok(()), + Err(_) => err!("Deleting attachement failed") + } +} diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs index 89df7a1f..513319bc 100644 --- a/src/api/core/mod.rs +++ b/src/api/core/mod.rs @@ -34,7 +34,10 @@ pub fn routes() -> Vec { post_ciphers_admin, post_ciphers_import, post_attachment, + post_attachment_admin, + post_attachment_share, delete_attachment_post, + delete_attachment_post_admin, delete_attachment, post_cipher_admin, post_cipher_share,