From 383629ab1c0e2dacf20e1bce3caab10c3add04c3 Mon Sep 17 00:00:00 2001 From: khorshuheng Date: Wed, 16 Oct 2024 15:10:31 +0800 Subject: [PATCH] chore: simplify not enough permission error --- libs/app-error/src/lib.rs | 4 +- libs/database/src/workspace.rs | 5 +- .../src/collab/storage.rs | 20 ++---- src/api/access_request.rs | 2 - src/api/workspace.rs | 64 +++---------------- src/biz/access_request/ops.rs | 12 +--- src/biz/collab/access_control.rs | 10 +-- src/biz/workspace/access_control.rs | 10 +-- 8 files changed, 19 insertions(+), 108 deletions(-) diff --git a/libs/app-error/src/lib.rs b/libs/app-error/src/lib.rs index 5b682555..ceba24c9 100644 --- a/libs/app-error/src/lib.rs +++ b/libs/app-error/src/lib.rs @@ -64,8 +64,8 @@ pub enum AppError { #[error("Not Logged In:{0}")] NotLoggedIn(String), - #[error("{user}: do not have permissions to {action}")] - NotEnoughPermissions { user: String, action: String }, + #[error("User does not have permissions to execute this action")] + NotEnoughPermissions, #[error("s3 response error:{0}")] S3ResponseError(String), diff --git a/libs/database/src/workspace.rs b/libs/database/src/workspace.rs index 56a31bc5..ba120e06 100644 --- a/libs/database/src/workspace.rs +++ b/libs/database/src/workspace.rs @@ -517,10 +517,7 @@ pub async fn delete_workspace_members( .unwrap_or(false); if is_owner { - return Err(AppError::NotEnoughPermissions { - user: member_email.to_string(), - action: format!("delete member from workspace {}", workspace_id), - }); + return Err(AppError::NotEnoughPermissions); } sqlx::query!( diff --git a/services/appflowy-collaborate/src/collab/storage.rs b/services/appflowy-collaborate/src/collab/storage.rs index 43660945..39f546c7 100644 --- a/services/appflowy-collaborate/src/collab/storage.rs +++ b/services/appflowy-collaborate/src/collab/storage.rs @@ -92,10 +92,7 @@ where .await?; if !can_write_workspace { - return Err(AppError::NotEnoughPermissions { - user: uid.to_string(), - action: format!("write workspace:{}", workspace_id), - }); + return Err(AppError::NotEnoughPermissions); } Ok(()) } @@ -113,10 +110,7 @@ where .await?; if !can_write { - return Err(AppError::NotEnoughPermissions { - user: uid.to_string(), - action: format!("update collab:{}", object_id), - }); + return Err(AppError::NotEnoughPermissions); } Ok(()) } @@ -375,10 +369,7 @@ where .await?; if !can_read { - return Err(AppError::NotEnoughPermissions { - user: uid.to_string(), - action: format!("read collab:{}", params.object_id), - }); + return Err(AppError::NotEnoughPermissions); } }, GetCollabOrigin::Server => {}, @@ -470,10 +461,7 @@ where .enforce_delete(workspace_id, uid, object_id) .await? { - return Err(AppError::NotEnoughPermissions { - user: uid.to_string(), - action: format!("delete collab:{}", object_id), - }); + return Err(AppError::NotEnoughPermissions); } self.cache.delete_collab(object_id).await?; Ok(()) diff --git a/src/api/access_request.rs b/src/api/access_request.rs index ec0fa2a9..2723afaa 100644 --- a/src/api/access_request.rs +++ b/src/api/access_request.rs @@ -42,7 +42,6 @@ async fn get_access_request_handler( &state.pg_pool, state.collab_access_control_storage.clone(), access_request_id, - *uuid, uid, ) .await?; @@ -105,7 +104,6 @@ async fn post_approve_access_request_handler( &appflowy_web_url, access_request_id, uid, - *uuid, is_approved, ) .await?; diff --git a/src/api/workspace.rs b/src/api/workspace.rs index 0a82efbf..ce943fcb 100644 --- a/src/api/workspace.rs +++ b/src/api/workspace.rs @@ -273,13 +273,7 @@ async fn delete_workspace_handler( .enforce_role(&uid, &workspace_id.to_string(), AFRole::Owner) .await?; if !has_access { - return Err( - AppError::NotEnoughPermissions { - user: user_uuid.to_string(), - action: "delete workspace".to_string(), - } - .into(), - ); + return Err(AppError::NotEnoughPermissions.into()); } workspace::ops::delete_workspace_for_user( state.pg_pool.clone(), @@ -319,13 +313,7 @@ async fn post_workspace_invite_handler( .enforce_role(&uid, &workspace_id.to_string(), AFRole::Owner) .await?; if !has_access { - return Err( - AppError::NotEnoughPermissions { - user: user_uuid.to_string(), - action: "invite workspace member".to_string(), - } - .into(), - ); + return Err(AppError::NotEnoughPermissions.into()); } let invited_members = payload.into_inner(); @@ -401,13 +389,7 @@ async fn get_workspace_settings_handler( .enforce_action(&uid, &workspace_id.to_string(), Action::Read) .await?; if !has_access { - return Err( - AppError::NotEnoughPermissions { - user: user_uuid.to_string(), - action: "read workspace setting".to_string(), - } - .into(), - ); + return Err(AppError::NotEnoughPermissions.into()); } let settings = workspace::ops::get_workspace_settings(&state.pg_pool, &workspace_id).await?; Ok(AppResponse::Ok().with_data(settings).into()) @@ -428,13 +410,7 @@ async fn post_workspace_settings_handler( .enforce_action(&uid, &workspace_id.to_string(), Action::Write) .await?; if !has_access { - return Err( - AppError::NotEnoughPermissions { - user: user_uuid.to_string(), - action: "update workspace setting".to_string(), - } - .into(), - ); + return Err(AppError::NotEnoughPermissions.into()); } let settings = workspace::ops::update_workspace_settings(&state.pg_pool, &workspace_id, data).await?; @@ -453,13 +429,7 @@ async fn get_workspace_members_handler( .enforce_action(&uid, &workspace_id.to_string(), Action::Read) .await?; if !has_access { - return Err( - AppError::NotEnoughPermissions { - user: user_uuid.to_string(), - action: "get workspace members".to_string(), - } - .into(), - ); + return Err(AppError::NotEnoughPermissions.into()); } let members = workspace::ops::get_workspace_members(&state.pg_pool, &workspace_id) .await? @@ -488,13 +458,7 @@ async fn remove_workspace_member_handler( .enforce_role(&uid, &workspace_id.to_string(), AFRole::Owner) .await?; if !has_access { - return Err( - AppError::NotEnoughPermissions { - user: user_uuid.to_string(), - action: "remove workspace member".to_string(), - } - .into(), - ); + return Err(AppError::NotEnoughPermissions.into()); } let member_emails = payload @@ -527,13 +491,7 @@ async fn get_workspace_member_handler( .enforce_action(&uid, &workspace_id.to_string(), Action::Read) .await?; if !has_access { - return Err( - AppError::NotEnoughPermissions { - user: user_uuid.to_string(), - action: "get workspace member".to_string(), - } - .into(), - ); + return Err(AppError::NotEnoughPermissions.into()); } let member_row = workspace::ops::get_workspace_member(&user_uuid_to_retrieved, &state.pg_pool, &workspace_id) @@ -590,13 +548,7 @@ async fn update_workspace_member_handler( .enforce_role(&uid, &workspace_id.to_string(), AFRole::Owner) .await?; if !has_access { - return Err( - AppError::NotEnoughPermissions { - user: user_uuid.to_string(), - action: "update workspace member".to_string(), - } - .into(), - ); + return Err(AppError::NotEnoughPermissions.into()); } let changeset = payload.into_inner(); diff --git a/src/biz/access_request/ops.rs b/src/biz/access_request/ops.rs index 6e8f7dfc..4d48f13e 100644 --- a/src/biz/access_request/ops.rs +++ b/src/biz/access_request/ops.rs @@ -74,16 +74,12 @@ pub async fn get_access_request( pg_pool: &PgPool, collab_storage: Arc, access_request_id: Uuid, - user_uuid: Uuid, user_uid: i64, ) -> Result { let access_request_with_view_id = select_access_request_by_request_id(pg_pool, access_request_id).await?; if access_request_with_view_id.workspace.owner_uid != user_uid { - return Err(AppError::NotEnoughPermissions { - user: user_uuid.to_string(), - action: "get access request".to_string(), - }); + return Err(AppError::NotEnoughPermissions); } let folder = get_latest_collab_folder( collab_storage, @@ -125,7 +121,6 @@ pub async fn approve_or_reject_access_request( appflowy_web_url: &str, request_id: Uuid, uid: i64, - user_uuid: Uuid, is_approved: bool, ) -> Result<(), AppError> { let access_request = select_access_request_by_request_id(pg_pool, request_id).await?; @@ -137,10 +132,7 @@ pub async fn approve_or_reject_access_request( ) .await?; if !has_access { - return Err(AppError::NotEnoughPermissions { - user: user_uuid.to_string(), - action: "approve access request".to_string(), - }); + return Err(AppError::NotEnoughPermissions); } let mut txn = pg_pool.begin().await.context("approving request")?; diff --git a/src/biz/collab/access_control.rs b/src/biz/collab/access_control.rs index 7c8d3754..a7a0650e 100644 --- a/src/biz/collab/access_control.rs +++ b/src/biz/collab/access_control.rs @@ -119,15 +119,7 @@ impl MiddlewareAccessControl for CollabMiddlewareAccessControl { if result { Ok(()) } else { - Err(AppError::NotEnoughPermissions { - user: uid.to_string(), - action: format!( - "access collab:{} with url:{}, method:{}", - oid, - path.as_str(), - method - ), - }) + Err(AppError::NotEnoughPermissions) } } } diff --git a/src/biz/workspace/access_control.rs b/src/biz/workspace/access_control.rs index 6a345776..88019c9f 100644 --- a/src/biz/workspace/access_control.rs +++ b/src/biz/workspace/access_control.rs @@ -142,15 +142,7 @@ impl MiddlewareAccessControl for WorkspaceMiddlewareAccessControl { if result { Ok(()) } else { - Err(AppError::NotEnoughPermissions { - user: uid.to_string(), - action: format!( - "access workspace:{} with given url:{}, method: {}", - resource_id, - path.as_str(), - method, - ), - }) + Err(AppError::NotEnoughPermissions) } } }