From 85ecd001a5c752683b58a460c9130599940d9769 Mon Sep 17 00:00:00 2001 From: Miroslav Prasil Date: Mon, 28 May 2018 17:26:02 +0100 Subject: [PATCH] Fix user invitation --- src/api/core/organizations.rs | 40 ++++++++++++++++++++++------------- src/db/models/collection.rs | 25 +++++++++++++--------- 2 files changed, 40 insertions(+), 25 deletions(-) diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 5271345c..f6426052 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -166,10 +166,6 @@ fn post_organization_collections(org_id: String, headers: Headers, data: Json, - accessAll: bool, + accessAll: Option, } #[post("/organizations//users/invite", data = "")] @@ -346,16 +342,23 @@ fn send_invite(org_id: String, data: Json, headers: Headers, conn: D None => () } - let mut new_user = UserOrganization::new(user.uuid, org_id.clone()); - - new_user.access_all = data.accessAll; + let mut new_user = UserOrganization::new(user.uuid.clone(), org_id.clone()); + let access_all = data.accessAll.unwrap_or(false); + new_user.access_all = access_all; new_user.type_ = new_type; // If no accessAll, add the collections received - if !data.accessAll { - for collection in data.collections.iter() { - // TODO: Check that collection is in org - CollectionUser::save(&headers.user.uuid, &collection.id, collection.readOnly, &conn); + if !access_all { + for col in data.collections.iter() { + match Collection::find_by_uuid_and_org(&col.id, &org_id, &conn) { + None => err!("Collection not found in Organization"), + Some(collection) => { + match CollectionUser::save(&user.uuid, &collection.uuid, col.readOnly, &conn) { + Ok(()) => (), + Err(_) => err!("Failed saving collection access for user") + } + } + } } } @@ -486,9 +489,16 @@ fn edit_user(org_id: String, user_id: String, data: Json, headers: // If no accessAll, add the collections received if !data.accessAll { - for collection in data.collections.iter() { - // TODO: Check that collection is in org - CollectionUser::save(&user_to_edit.user_uuid, &collection.id, collection.readOnly, &conn); + for col in data.collections.iter() { + match Collection::find_by_uuid_and_org(&col.id, &org_id, &conn) { + None => err!("Collection not found in Organization"), + Some(collection) => { + match CollectionUser::save(&user_to_edit.user_uuid, &collection.uuid, col.readOnly, &conn) { + Ok(()) => (), + Err(_) => err!("Failed saving collection access for user") + } + } + } } } diff --git a/src/db/models/collection.rs b/src/db/models/collection.rs index ecc704e7..c2c49769 100644 --- a/src/db/models/collection.rs +++ b/src/db/models/collection.rs @@ -102,6 +102,14 @@ impl Collection { .load::(&**conn).expect("Error loading collections") } + pub fn find_by_uuid_and_org(uuid: &str, org_uuid: &str, conn: &DbConn) -> Option { + collections::table + .filter(collections::uuid.eq(uuid)) + .filter(collections::org_uuid.eq(org_uuid)) + .select(collections::all_columns) + .first::(&**conn).ok() + } + pub fn find_by_uuid_and_user(uuid: &str, user_uuid: &str, conn: &DbConn) -> Option { collections::table .left_join(users_collections::table.on( @@ -171,16 +179,13 @@ impl CollectionUser { .load::(&**conn).expect("Error loading users_collections") } - pub fn save(user_uuid: &str, collection_uuid: &str, read_only:bool, conn: &DbConn) -> bool { - match diesel::replace_into(users_collections::table) - .values(( - users_collections::user_uuid.eq(user_uuid), - users_collections::collection_uuid.eq(collection_uuid), - users_collections::read_only.eq(read_only), - )).execute(&**conn) { - Ok(1) => true, // One row inserted - _ => false, - } + pub fn save(user_uuid: &str, collection_uuid: &str, read_only:bool, conn: &DbConn) -> QueryResult<()> { + diesel::replace_into(users_collections::table) + .values(( + users_collections::user_uuid.eq(user_uuid), + users_collections::collection_uuid.eq(collection_uuid), + users_collections::read_only.eq(read_only), + )).execute(&**conn).and(Ok(())) } pub fn delete(user_uuid: &str, collection_uuid: &str, conn: &DbConn) -> bool {