backend/service/
map_access_control.rs

1#[cfg(feature = "access_control")]
2use actix_http::StatusCode;
3
4#[cfg(feature = "access_control")]
5use crate::model::entity::Map;
6use crate::{
7    config::{auth::user_info::UserInfo, data::SharedPool},
8    error::ServiceError,
9};
10
11/// Check if the current user is owner of the map or has the role admin.
12///
13/// # Errors
14/// If the connection to the database could not be established.
15/// If the user is neither contributer nor owner of the map.
16#[cfg(feature = "access_control")]
17pub async fn check_permissions(
18    map_id: i32,
19    pool: &SharedPool,
20    user_info: UserInfo,
21) -> Result<(), ServiceError> {
22    let mut conn = pool.get().await?;
23    let result = Map::find_by_id(map_id, &mut conn).await?;
24    if result.created_by == user_info.id || user_info.is_admin() {
25        Ok(())
26    } else {
27        Err(ServiceError::new(StatusCode::NOT_FOUND, "Map not found"))
28    }
29}
30
31/// Return Ok if the feature `access_control` is disabled.
32/// # Errors
33/// Should not error.
34#[cfg(not(feature = "access_control"))]
35pub async fn check_permissions(
36    _map_id: i32,
37    _pool: &SharedPool,
38    _user_info: UserInfo,
39) -> Result<(), ServiceError> {
40    Ok(())
41}
backend/service/map_access_control.rs

backend/service/
map_access_control.rs
