chore: simplify not enough permission error

This commit is contained in:
khorshuheng 2024-10-16 15:10:31 +08:00
parent 34a7fd3633
commit 383629ab1c
8 changed files with 19 additions and 108 deletions

View File

@ -64,8 +64,8 @@ pub enum AppError {
#[error("Not Logged In:{0}")] #[error("Not Logged In:{0}")]
NotLoggedIn(String), NotLoggedIn(String),
#[error("{user}: do not have permissions to {action}")] #[error("User does not have permissions to execute this action")]
NotEnoughPermissions { user: String, action: String }, NotEnoughPermissions,
#[error("s3 response error:{0}")] #[error("s3 response error:{0}")]
S3ResponseError(String), S3ResponseError(String),

View File

@ -517,10 +517,7 @@ pub async fn delete_workspace_members(
.unwrap_or(false); .unwrap_or(false);
if is_owner { if is_owner {
return Err(AppError::NotEnoughPermissions { return Err(AppError::NotEnoughPermissions);
user: member_email.to_string(),
action: format!("delete member from workspace {}", workspace_id),
});
} }
sqlx::query!( sqlx::query!(

View File

@ -92,10 +92,7 @@ where
.await?; .await?;
if !can_write_workspace { if !can_write_workspace {
return Err(AppError::NotEnoughPermissions { return Err(AppError::NotEnoughPermissions);
user: uid.to_string(),
action: format!("write workspace:{}", workspace_id),
});
} }
Ok(()) Ok(())
} }
@ -113,10 +110,7 @@ where
.await?; .await?;
if !can_write { if !can_write {
return Err(AppError::NotEnoughPermissions { return Err(AppError::NotEnoughPermissions);
user: uid.to_string(),
action: format!("update collab:{}", object_id),
});
} }
Ok(()) Ok(())
} }
@ -375,10 +369,7 @@ where
.await?; .await?;
if !can_read { if !can_read {
return Err(AppError::NotEnoughPermissions { return Err(AppError::NotEnoughPermissions);
user: uid.to_string(),
action: format!("read collab:{}", params.object_id),
});
} }
}, },
GetCollabOrigin::Server => {}, GetCollabOrigin::Server => {},
@ -470,10 +461,7 @@ where
.enforce_delete(workspace_id, uid, object_id) .enforce_delete(workspace_id, uid, object_id)
.await? .await?
{ {
return Err(AppError::NotEnoughPermissions { return Err(AppError::NotEnoughPermissions);
user: uid.to_string(),
action: format!("delete collab:{}", object_id),
});
} }
self.cache.delete_collab(object_id).await?; self.cache.delete_collab(object_id).await?;
Ok(()) Ok(())

View File

@ -42,7 +42,6 @@ async fn get_access_request_handler(
&state.pg_pool, &state.pg_pool,
state.collab_access_control_storage.clone(), state.collab_access_control_storage.clone(),
access_request_id, access_request_id,
*uuid,
uid, uid,
) )
.await?; .await?;
@ -105,7 +104,6 @@ async fn post_approve_access_request_handler(
&appflowy_web_url, &appflowy_web_url,
access_request_id, access_request_id,
uid, uid,
*uuid,
is_approved, is_approved,
) )
.await?; .await?;

View File

@ -273,13 +273,7 @@ async fn delete_workspace_handler(
.enforce_role(&uid, &workspace_id.to_string(), AFRole::Owner) .enforce_role(&uid, &workspace_id.to_string(), AFRole::Owner)
.await?; .await?;
if !has_access { if !has_access {
return Err( return Err(AppError::NotEnoughPermissions.into());
AppError::NotEnoughPermissions {
user: user_uuid.to_string(),
action: "delete workspace".to_string(),
}
.into(),
);
} }
workspace::ops::delete_workspace_for_user( workspace::ops::delete_workspace_for_user(
state.pg_pool.clone(), state.pg_pool.clone(),
@ -319,13 +313,7 @@ async fn post_workspace_invite_handler(
.enforce_role(&uid, &workspace_id.to_string(), AFRole::Owner) .enforce_role(&uid, &workspace_id.to_string(), AFRole::Owner)
.await?; .await?;
if !has_access { if !has_access {
return Err( return Err(AppError::NotEnoughPermissions.into());
AppError::NotEnoughPermissions {
user: user_uuid.to_string(),
action: "invite workspace member".to_string(),
}
.into(),
);
} }
let invited_members = payload.into_inner(); let invited_members = payload.into_inner();
@ -401,13 +389,7 @@ async fn get_workspace_settings_handler(
.enforce_action(&uid, &workspace_id.to_string(), Action::Read) .enforce_action(&uid, &workspace_id.to_string(), Action::Read)
.await?; .await?;
if !has_access { if !has_access {
return Err( return Err(AppError::NotEnoughPermissions.into());
AppError::NotEnoughPermissions {
user: user_uuid.to_string(),
action: "read workspace setting".to_string(),
}
.into(),
);
} }
let settings = workspace::ops::get_workspace_settings(&state.pg_pool, &workspace_id).await?; let settings = workspace::ops::get_workspace_settings(&state.pg_pool, &workspace_id).await?;
Ok(AppResponse::Ok().with_data(settings).into()) Ok(AppResponse::Ok().with_data(settings).into())
@ -428,13 +410,7 @@ async fn post_workspace_settings_handler(
.enforce_action(&uid, &workspace_id.to_string(), Action::Write) .enforce_action(&uid, &workspace_id.to_string(), Action::Write)
.await?; .await?;
if !has_access { if !has_access {
return Err( return Err(AppError::NotEnoughPermissions.into());
AppError::NotEnoughPermissions {
user: user_uuid.to_string(),
action: "update workspace setting".to_string(),
}
.into(),
);
} }
let settings = let settings =
workspace::ops::update_workspace_settings(&state.pg_pool, &workspace_id, data).await?; workspace::ops::update_workspace_settings(&state.pg_pool, &workspace_id, data).await?;
@ -453,13 +429,7 @@ async fn get_workspace_members_handler(
.enforce_action(&uid, &workspace_id.to_string(), Action::Read) .enforce_action(&uid, &workspace_id.to_string(), Action::Read)
.await?; .await?;
if !has_access { if !has_access {
return Err( return Err(AppError::NotEnoughPermissions.into());
AppError::NotEnoughPermissions {
user: user_uuid.to_string(),
action: "get workspace members".to_string(),
}
.into(),
);
} }
let members = workspace::ops::get_workspace_members(&state.pg_pool, &workspace_id) let members = workspace::ops::get_workspace_members(&state.pg_pool, &workspace_id)
.await? .await?
@ -488,13 +458,7 @@ async fn remove_workspace_member_handler(
.enforce_role(&uid, &workspace_id.to_string(), AFRole::Owner) .enforce_role(&uid, &workspace_id.to_string(), AFRole::Owner)
.await?; .await?;
if !has_access { if !has_access {
return Err( return Err(AppError::NotEnoughPermissions.into());
AppError::NotEnoughPermissions {
user: user_uuid.to_string(),
action: "remove workspace member".to_string(),
}
.into(),
);
} }
let member_emails = payload let member_emails = payload
@ -527,13 +491,7 @@ async fn get_workspace_member_handler(
.enforce_action(&uid, &workspace_id.to_string(), Action::Read) .enforce_action(&uid, &workspace_id.to_string(), Action::Read)
.await?; .await?;
if !has_access { if !has_access {
return Err( return Err(AppError::NotEnoughPermissions.into());
AppError::NotEnoughPermissions {
user: user_uuid.to_string(),
action: "get workspace member".to_string(),
}
.into(),
);
} }
let member_row = let member_row =
workspace::ops::get_workspace_member(&user_uuid_to_retrieved, &state.pg_pool, &workspace_id) workspace::ops::get_workspace_member(&user_uuid_to_retrieved, &state.pg_pool, &workspace_id)
@ -590,13 +548,7 @@ async fn update_workspace_member_handler(
.enforce_role(&uid, &workspace_id.to_string(), AFRole::Owner) .enforce_role(&uid, &workspace_id.to_string(), AFRole::Owner)
.await?; .await?;
if !has_access { if !has_access {
return Err( return Err(AppError::NotEnoughPermissions.into());
AppError::NotEnoughPermissions {
user: user_uuid.to_string(),
action: "update workspace member".to_string(),
}
.into(),
);
} }
let changeset = payload.into_inner(); let changeset = payload.into_inner();

View File

@ -74,16 +74,12 @@ pub async fn get_access_request(
pg_pool: &PgPool, pg_pool: &PgPool,
collab_storage: Arc<CollabAccessControlStorage>, collab_storage: Arc<CollabAccessControlStorage>,
access_request_id: Uuid, access_request_id: Uuid,
user_uuid: Uuid,
user_uid: i64, user_uid: i64,
) -> Result<AccessRequest, AppError> { ) -> Result<AccessRequest, AppError> {
let access_request_with_view_id = let access_request_with_view_id =
select_access_request_by_request_id(pg_pool, access_request_id).await?; select_access_request_by_request_id(pg_pool, access_request_id).await?;
if access_request_with_view_id.workspace.owner_uid != user_uid { if access_request_with_view_id.workspace.owner_uid != user_uid {
return Err(AppError::NotEnoughPermissions { return Err(AppError::NotEnoughPermissions);
user: user_uuid.to_string(),
action: "get access request".to_string(),
});
} }
let folder = get_latest_collab_folder( let folder = get_latest_collab_folder(
collab_storage, collab_storage,
@ -125,7 +121,6 @@ pub async fn approve_or_reject_access_request(
appflowy_web_url: &str, appflowy_web_url: &str,
request_id: Uuid, request_id: Uuid,
uid: i64, uid: i64,
user_uuid: Uuid,
is_approved: bool, is_approved: bool,
) -> Result<(), AppError> { ) -> Result<(), AppError> {
let access_request = select_access_request_by_request_id(pg_pool, request_id).await?; let access_request = select_access_request_by_request_id(pg_pool, request_id).await?;
@ -137,10 +132,7 @@ pub async fn approve_or_reject_access_request(
) )
.await?; .await?;
if !has_access { if !has_access {
return Err(AppError::NotEnoughPermissions { return Err(AppError::NotEnoughPermissions);
user: user_uuid.to_string(),
action: "approve access request".to_string(),
});
} }
let mut txn = pg_pool.begin().await.context("approving request")?; let mut txn = pg_pool.begin().await.context("approving request")?;

View File

@ -119,15 +119,7 @@ impl MiddlewareAccessControl for CollabMiddlewareAccessControl {
if result { if result {
Ok(()) Ok(())
} else { } else {
Err(AppError::NotEnoughPermissions { Err(AppError::NotEnoughPermissions)
user: uid.to_string(),
action: format!(
"access collab:{} with url:{}, method:{}",
oid,
path.as_str(),
method
),
})
} }
} }
} }

View File

@ -142,15 +142,7 @@ impl MiddlewareAccessControl for WorkspaceMiddlewareAccessControl {
if result { if result {
Ok(()) Ok(())
} else { } else {
Err(AppError::NotEnoughPermissions { Err(AppError::NotEnoughPermissions)
user: uid.to_string(),
action: format!(
"access workspace:{} with given url:{}, method: {}",
resource_id,
path.as_str(),
method,
),
})
} }
} }
} }