add team checks
parent
2f934b1049
commit
e090d98db0
|
@ -84,7 +84,7 @@ final class Team(
|
|||
)
|
||||
|
||||
private def usersExport(teamId: String, me: Option[lila.user.User], req: RequestHeader) = {
|
||||
api.team(teamId) flatMap {
|
||||
api teamEnabled teamId flatMap {
|
||||
_ ?? { team =>
|
||||
val canView: Fu[Boolean] =
|
||||
if (team.publicMembers) fuccess(true)
|
||||
|
@ -108,7 +108,7 @@ final class Team(
|
|||
|
||||
def tournaments(teamId: String) =
|
||||
Open { implicit ctx =>
|
||||
env.team.teamRepo.enabled(teamId) flatMap {
|
||||
api teamEnabled teamId flatMap {
|
||||
_ ?? { team =>
|
||||
env.teamInfo.tournaments(team, 30, 30) map { tours =>
|
||||
Ok(html.team.tournaments.page(team, tours))
|
||||
|
@ -119,14 +119,14 @@ final class Team(
|
|||
|
||||
def edit(id: String) =
|
||||
Auth { implicit ctx => _ =>
|
||||
WithOwnedTeam(id) { team =>
|
||||
WithOwnedTeamEnabled(id) { team =>
|
||||
fuccess(html.team.form.edit(team, forms edit team))
|
||||
}
|
||||
}
|
||||
|
||||
def update(id: String) =
|
||||
AuthBody { implicit ctx => me =>
|
||||
WithOwnedTeam(id) { team =>
|
||||
WithOwnedTeamEnabled(id) { team =>
|
||||
implicit val req = ctx.body
|
||||
forms
|
||||
.edit(team)
|
||||
|
@ -140,7 +140,7 @@ final class Team(
|
|||
|
||||
def kickForm(id: String) =
|
||||
Auth { implicit ctx => me =>
|
||||
WithOwnedTeam(id) { team =>
|
||||
WithOwnedTeamEnabled(id) { team =>
|
||||
env.team.memberRepo userIdsByTeam team.id map { userIds =>
|
||||
html.team.admin.kick(team, userIds.filter(me.id !=))
|
||||
}
|
||||
|
@ -149,7 +149,7 @@ final class Team(
|
|||
|
||||
def kick(id: String) =
|
||||
AuthBody { implicit ctx => me =>
|
||||
WithOwnedTeam(id) { team =>
|
||||
WithOwnedTeamEnabled(id) { team =>
|
||||
implicit val req = ctx.body
|
||||
forms.selectMember.bindFromRequest().value ?? { api.kick(team, _, me) } inject Redirect(
|
||||
routes.Team.kickForm(team.id)
|
||||
|
@ -158,7 +158,7 @@ final class Team(
|
|||
}
|
||||
def kickUser(teamId: String, userId: String) =
|
||||
Scoped(_.Team.Write) { _ => me =>
|
||||
api team teamId flatMap {
|
||||
api teamEnabled teamId flatMap {
|
||||
_ ?? { team =>
|
||||
if (team leaders me.id) api.kick(team, userId, me) inject jsonOkResult
|
||||
else Forbidden(jsonError("Not your team")).fuccess
|
||||
|
@ -168,14 +168,14 @@ final class Team(
|
|||
|
||||
def leadersForm(id: String) =
|
||||
Auth { implicit ctx => _ =>
|
||||
WithOwnedTeam(id) { team =>
|
||||
WithOwnedTeamEnabled(id) { team =>
|
||||
Ok(html.team.admin.leaders(team, forms leaders team)).fuccess
|
||||
}
|
||||
}
|
||||
|
||||
def leaders(id: String) =
|
||||
AuthBody { implicit ctx => me =>
|
||||
WithOwnedTeam(id) { team =>
|
||||
WithOwnedTeamEnabled(id) { team =>
|
||||
implicit val req = ctx.body
|
||||
forms.leaders(team).bindFromRequest().value ?? {
|
||||
api.setLeaders(team, _, me, isGranted(_.ManageTeam))
|
||||
|
@ -256,7 +256,7 @@ final class Team(
|
|||
AuthOrScopedBody(_.Team.Write)(
|
||||
auth = implicit ctx =>
|
||||
me =>
|
||||
api.team(id) flatMap {
|
||||
api.teamEnabled(id) flatMap {
|
||||
_ ?? { team =>
|
||||
api hasJoinedTooManyTeams me flatMap { tooMany =>
|
||||
if (tooMany)
|
||||
|
@ -428,7 +428,7 @@ final class Team(
|
|||
|
||||
def pmAll(id: String) =
|
||||
Auth { implicit ctx => _ =>
|
||||
WithOwnedTeam(id) { team =>
|
||||
WithOwnedTeamEnabled(id) { team =>
|
||||
env.tournament.api
|
||||
.visibleByTeam(team.id, 0, 20)
|
||||
.dmap(_.next)
|
||||
|
@ -442,7 +442,7 @@ final class Team(
|
|||
AuthOrScopedBody(_.Team.Write)(
|
||||
auth = implicit ctx =>
|
||||
me =>
|
||||
WithOwnedTeam(id) { team =>
|
||||
WithOwnedTeamEnabled(id) { team =>
|
||||
doPmAll(team, me)(ctx.body).fold(
|
||||
err =>
|
||||
env.tournament.api
|
||||
|
@ -456,7 +456,7 @@ final class Team(
|
|||
},
|
||||
scoped = implicit req =>
|
||||
me =>
|
||||
api team id flatMap {
|
||||
api teamEnabled id flatMap {
|
||||
_.filter(_ leaders me.id) ?? { team =>
|
||||
doPmAll(team, me).fold(
|
||||
err => BadRequest(errorsAsJson(err)(reqLang)).fuccess,
|
||||
|
@ -482,7 +482,7 @@ final class Team(
|
|||
def apiShow(id: String) =
|
||||
Open { ctx =>
|
||||
JsonOptionOk {
|
||||
api team id flatMap {
|
||||
api teamEnabled id flatMap {
|
||||
_ ?? { team =>
|
||||
for {
|
||||
joined <- ctx.userId.?? { api.belongsTo(id, _) }
|
||||
|
@ -565,4 +565,12 @@ You received this because you are subscribed to messages of the team $url."""
|
|||
if (ctx.userId.exists(team.leaders.contains) || isGranted(_.ManageTeam)) f(team)
|
||||
else renderTeam(team) map { Forbidden(_) }
|
||||
}
|
||||
|
||||
private def WithOwnedTeamEnabled(
|
||||
teamId: String
|
||||
)(f: TeamModel => Fu[Result])(implicit ctx: Context): Fu[Result] =
|
||||
WithOwnedTeam(teamId) { team =>
|
||||
if (team.enabled) f(team)
|
||||
else notFound
|
||||
}
|
||||
}
|
||||
|
|
|
@ -34,6 +34,8 @@ final class TeamApi(
|
|||
|
||||
def team(id: Team.ID) = teamRepo byId id
|
||||
|
||||
def teamEnabled(id: Team.ID) = teamRepo enabled id
|
||||
|
||||
def leaderTeam(id: Team.ID) = teamRepo.coll.byId[LeaderTeam](id, $doc("name" -> true))
|
||||
|
||||
def lightsByLeader = teamRepo.lightsByLeader _
|
||||
|
@ -143,7 +145,7 @@ final class TeamApi(
|
|||
|
||||
def requestable(teamId: Team.ID, user: User): Fu[Option[Team]] =
|
||||
for {
|
||||
teamOption <- teamRepo.coll.byId[Team](teamId)
|
||||
teamOption <- teamEnabled(teamId)
|
||||
able <- teamOption.??(requestable(_, user))
|
||||
} yield teamOption ifTrue able
|
||||
|
||||
|
|
Loading…
Reference in New Issue