From 56cad93e0fecd2d42a321e761c2124d2c64d0847 Mon Sep 17 00:00:00 2001 From: Stefan Melmuk Date: Sat, 18 Mar 2023 20:52:55 +0100 Subject: [PATCH] add endpoint to bulk delete collections --- src/api/core/organizations.rs | 61 ++++++++++++++++++++++++++++------- src/auth.rs | 40 ++++++++++++++++++----- 2 files changed, 81 insertions(+), 20 deletions(-) diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 172c7f90..556da3dd 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -39,6 +39,7 @@ pub fn routes() -> Vec { put_organization_collection_update, delete_organization_collection, post_organization_collection_delete, + bulk_delete_organization_collections, get_org_details, get_org_users, send_invite, @@ -538,28 +539,27 @@ async fn post_organization_collection_delete_user( delete_organization_collection_user(org_id, col_id, org_user_id, headers, conn).await } -#[delete("/organizations//collections/")] -async fn delete_organization_collection( - org_id: String, - col_id: String, - headers: ManagerHeaders, - mut conn: DbConn, +async fn _delete_organization_collection( + org_id: &str, + col_id: &str, + headers: &ManagerHeaders, + conn: &mut DbConn, ) -> EmptyResult { - match Collection::find_by_uuid(&col_id, &mut conn).await { + match Collection::find_by_uuid(col_id, conn).await { None => err!("Collection not found"), Some(collection) => { if collection.org_uuid == org_id { log_event( EventType::CollectionDeleted as i32, &collection.uuid, - org_id, + org_id.to_string(), headers.user.uuid.clone(), headers.device.atype, &headers.ip.ip, - &mut conn, + conn, ) .await; - collection.delete(&mut conn).await + collection.delete(conn).await } else { err!("Collection and Organization id do not match") } @@ -567,6 +567,16 @@ async fn delete_organization_collection( } } +#[delete("/organizations//collections/")] +async fn delete_organization_collection( + org_id: String, + col_id: String, + headers: ManagerHeaders, + mut conn: DbConn, +) -> EmptyResult { + _delete_organization_collection(&org_id, &col_id, &headers, &mut conn).await +} + #[derive(Deserialize, Debug)] #[allow(non_snake_case, dead_code)] struct DeleteCollectionData { @@ -580,9 +590,36 @@ async fn post_organization_collection_delete( col_id: String, headers: ManagerHeaders, _data: JsonUpcase, - conn: DbConn, + mut conn: DbConn, +) -> EmptyResult { + _delete_organization_collection(&org_id, &col_id, &headers, &mut conn).await +} + +#[derive(Deserialize, Debug)] +#[allow(non_snake_case)] +struct BulkCollectionIds { + Ids: Vec, + OrganizationId: String, +} + +#[delete("/organizations//collections", data = "")] +async fn bulk_delete_organization_collections( + org_id: &str, + headers: ManagerHeadersLoose, + data: JsonUpcase, + mut conn: DbConn, ) -> EmptyResult { - delete_organization_collection(org_id, col_id, headers, conn).await + let data: BulkCollectionIds = data.into_inner().data; + assert!(org_id == data.OrganizationId); + + let collections = data.Ids; + + let headers = ManagerHeaders::from_loose(headers, &collections, &mut conn).await?; + + for col_id in collections { + _delete_organization_collection(org_id, &col_id, &headers, &mut conn).await? + } + Ok(()) } #[get("/organizations//collections//details")] diff --git a/src/auth.rs b/src/auth.rs index e5779dd6..b1b68af5 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -598,14 +598,7 @@ impl<'r> FromRequest<'r> for ManagerHeaders { _ => err_handler!("Error getting DB"), }; - if !headers.org_user.has_full_access() - && !Collection::has_access_by_collection_and_user_uuid( - &col_id, - &headers.org_user.user_uuid, - &mut conn, - ) - .await - { + if !can_access_collection(&headers.org_user, &col_id, &mut conn).await { err_handler!("The current user isn't a manager for this collection") } } @@ -642,6 +635,7 @@ pub struct ManagerHeadersLoose { pub host: String, pub device: Device, pub user: User, + pub org_user: UserOrganization, pub org_user_type: UserOrgType, pub ip: ClientIp, } @@ -657,6 +651,7 @@ impl<'r> FromRequest<'r> for ManagerHeadersLoose { host: headers.host, device: headers.device, user: headers.user, + org_user: headers.org_user, org_user_type: headers.org_user_type, ip: headers.ip, }) @@ -676,6 +671,35 @@ impl From for Headers { } } } +async fn can_access_collection(org_user: &UserOrganization, col_id: &str, conn: &mut DbConn) -> bool { + org_user.has_full_access() + || Collection::has_access_by_collection_and_user_uuid(col_id, &org_user.user_uuid, conn).await +} + +impl ManagerHeaders { + pub async fn from_loose( + h: ManagerHeadersLoose, + collections: &Vec, + conn: &mut DbConn, + ) -> Result { + for col_id in collections { + if uuid::Uuid::parse_str(col_id).is_err() { + err!("Collection Id is malformed!"); + } + if !can_access_collection(&h.org_user, col_id, conn).await { + err!("You don't have access to all collections!"); + } + } + + Ok(ManagerHeaders { + host: h.host, + device: h.device, + user: h.user, + org_user_type: h.org_user_type, + ip: h.ip, + }) + } +} pub struct OwnerHeaders { pub host: String,