feat: add access control

2025-06-16 09:39:09 +00:00 · 2021-07-18 01:57:03 -04:00 · 2021-07-18 01:57:03 -04:00 · 3f45153b66
commit 3f45153b66
parent 9c07ff0e54
47 changed files with 1084 additions and 164 deletions
--- a/packages/api/handlers/get-picker-data.ts
+++ b/packages/api/handlers/get-picker-data.ts
@ -1,6 +1,8 @@
+import { memberPassesAccessControl } from '@roleypoly/api/utils/access-control';
+import { accessControlViolation } from '@roleypoly/api/utils/responses';
 import { DiscordUser, GuildSlug, PresentableGuild, SessionData } from '@roleypoly/types';
 import { respond, withSession } from '../utils/api-tools';
-import { getGuild, getGuildData, getGuildMemberRoles } from '../utils/guild';
+import { getGuild, getGuildData, getGuildMember } from '../utils/guild';

 const fail = () => respond({ error: 'guild not found' }, { status: 404 });

@ -30,24 +32,28 @@ export const GetPickerData = withSession(
        return fail();
      }

-      const memberRolesP = getGuildMemberRoles({
+      const memberP = getGuildMember({
        serverID: guildID,
        userID,
      });

      const guildDataP = getGuildData(guildID);

-      const [guildData, memberRoles] = await Promise.all([guildDataP, memberRolesP]);
-      if (!memberRoles) {
+      const [guildData, member] = await Promise.all([guildDataP, memberP]);
+      if (!member) {
        return fail();
      }

+      if (!memberPassesAccessControl(checkGuild, member, guildData.accessControl)) {
+        return accessControlViolation();
+      }
+
      const presentableGuild: PresentableGuild = {
        id: guildID,
        guild: checkGuild,
        roles: guild.roles,
        member: {
-          roles: memberRoles,
+          roles: member.roles,
        },
        data: guildData,
      };
--- a/packages/api/handlers/update-roles.ts
+++ b/packages/api/handlers/update-roles.ts
@ -1,3 +1,5 @@
+import { memberPassesAccessControl } from '@roleypoly/api/utils/access-control';
+import { accessControlViolation } from '@roleypoly/api/utils/responses';
 import {
  GuildData,
  Member,
@ -14,8 +16,8 @@ import { botToken } from '../utils/config';
 import {
  getGuild,
  getGuildData,
-  getGuildMemberRoles,
-  updateGuildMemberRoles,
+  getGuildMember,
+  updateGuildMember,
 } from '../utils/guild';

 const notFound = () => respond({ error: 'guild not found' }, { status: 404 });
@ -45,18 +47,24 @@ export const UpdateRoles = withSession(
        return notFound();
      }

-      const guildMemberRoles = await getGuildMemberRoles(
+      const guildMember = await getGuildMember(
        { serverID: guildID, userID },
        { skipCachePull: true }
      );
-      if (!guildMemberRoles) {
+      if (!guildMember) {
        return notFound();
      }

+      const guildData = await getGuildData(guildID);
+
+      if (!memberPassesAccessControl(guildCheck, guildMember, guildData.accessControl)) {
+        return accessControlViolation();
+      }
+
      const newRoles = calculateNewRoles({
-        currentRoles: guildMemberRoles,
+        currentRoles: guildMember.roles,
        guildRoles: guild.roles,
-        guildData: await getGuildData(guildID),
+        guildData,
        updateRequest,
      });

@ -84,7 +92,8 @@ export const UpdateRoles = withSession(
        roles: patchMemberRoles.roles,
      };

-      await updateGuildMemberRoles({ serverID: guildID, userID }, patchMemberRoles.roles);
+      // Delete the cache by re-pulling... might be dangerous :)
+      await updateGuildMember({ serverID: guildID, userID });

      return respond(updatedMember);
    }