add team checks
parent
2f934b1049
commit
e090d98db0
|
@ -84,7 +84,7 @@ final class Team(
|
||||||
)
|
)
|
||||||
|
|
||||||
private def usersExport(teamId: String, me: Option[lila.user.User], req: RequestHeader) = {
|
private def usersExport(teamId: String, me: Option[lila.user.User], req: RequestHeader) = {
|
||||||
api.team(teamId) flatMap {
|
api teamEnabled teamId flatMap {
|
||||||
_ ?? { team =>
|
_ ?? { team =>
|
||||||
val canView: Fu[Boolean] =
|
val canView: Fu[Boolean] =
|
||||||
if (team.publicMembers) fuccess(true)
|
if (team.publicMembers) fuccess(true)
|
||||||
|
@ -108,7 +108,7 @@ final class Team(
|
||||||
|
|
||||||
def tournaments(teamId: String) =
|
def tournaments(teamId: String) =
|
||||||
Open { implicit ctx =>
|
Open { implicit ctx =>
|
||||||
env.team.teamRepo.enabled(teamId) flatMap {
|
api teamEnabled teamId flatMap {
|
||||||
_ ?? { team =>
|
_ ?? { team =>
|
||||||
env.teamInfo.tournaments(team, 30, 30) map { tours =>
|
env.teamInfo.tournaments(team, 30, 30) map { tours =>
|
||||||
Ok(html.team.tournaments.page(team, tours))
|
Ok(html.team.tournaments.page(team, tours))
|
||||||
|
@ -119,14 +119,14 @@ final class Team(
|
||||||
|
|
||||||
def edit(id: String) =
|
def edit(id: String) =
|
||||||
Auth { implicit ctx => _ =>
|
Auth { implicit ctx => _ =>
|
||||||
WithOwnedTeam(id) { team =>
|
WithOwnedTeamEnabled(id) { team =>
|
||||||
fuccess(html.team.form.edit(team, forms edit team))
|
fuccess(html.team.form.edit(team, forms edit team))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
def update(id: String) =
|
def update(id: String) =
|
||||||
AuthBody { implicit ctx => me =>
|
AuthBody { implicit ctx => me =>
|
||||||
WithOwnedTeam(id) { team =>
|
WithOwnedTeamEnabled(id) { team =>
|
||||||
implicit val req = ctx.body
|
implicit val req = ctx.body
|
||||||
forms
|
forms
|
||||||
.edit(team)
|
.edit(team)
|
||||||
|
@ -140,7 +140,7 @@ final class Team(
|
||||||
|
|
||||||
def kickForm(id: String) =
|
def kickForm(id: String) =
|
||||||
Auth { implicit ctx => me =>
|
Auth { implicit ctx => me =>
|
||||||
WithOwnedTeam(id) { team =>
|
WithOwnedTeamEnabled(id) { team =>
|
||||||
env.team.memberRepo userIdsByTeam team.id map { userIds =>
|
env.team.memberRepo userIdsByTeam team.id map { userIds =>
|
||||||
html.team.admin.kick(team, userIds.filter(me.id !=))
|
html.team.admin.kick(team, userIds.filter(me.id !=))
|
||||||
}
|
}
|
||||||
|
@ -149,7 +149,7 @@ final class Team(
|
||||||
|
|
||||||
def kick(id: String) =
|
def kick(id: String) =
|
||||||
AuthBody { implicit ctx => me =>
|
AuthBody { implicit ctx => me =>
|
||||||
WithOwnedTeam(id) { team =>
|
WithOwnedTeamEnabled(id) { team =>
|
||||||
implicit val req = ctx.body
|
implicit val req = ctx.body
|
||||||
forms.selectMember.bindFromRequest().value ?? { api.kick(team, _, me) } inject Redirect(
|
forms.selectMember.bindFromRequest().value ?? { api.kick(team, _, me) } inject Redirect(
|
||||||
routes.Team.kickForm(team.id)
|
routes.Team.kickForm(team.id)
|
||||||
|
@ -158,7 +158,7 @@ final class Team(
|
||||||
}
|
}
|
||||||
def kickUser(teamId: String, userId: String) =
|
def kickUser(teamId: String, userId: String) =
|
||||||
Scoped(_.Team.Write) { _ => me =>
|
Scoped(_.Team.Write) { _ => me =>
|
||||||
api team teamId flatMap {
|
api teamEnabled teamId flatMap {
|
||||||
_ ?? { team =>
|
_ ?? { team =>
|
||||||
if (team leaders me.id) api.kick(team, userId, me) inject jsonOkResult
|
if (team leaders me.id) api.kick(team, userId, me) inject jsonOkResult
|
||||||
else Forbidden(jsonError("Not your team")).fuccess
|
else Forbidden(jsonError("Not your team")).fuccess
|
||||||
|
@ -168,14 +168,14 @@ final class Team(
|
||||||
|
|
||||||
def leadersForm(id: String) =
|
def leadersForm(id: String) =
|
||||||
Auth { implicit ctx => _ =>
|
Auth { implicit ctx => _ =>
|
||||||
WithOwnedTeam(id) { team =>
|
WithOwnedTeamEnabled(id) { team =>
|
||||||
Ok(html.team.admin.leaders(team, forms leaders team)).fuccess
|
Ok(html.team.admin.leaders(team, forms leaders team)).fuccess
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
def leaders(id: String) =
|
def leaders(id: String) =
|
||||||
AuthBody { implicit ctx => me =>
|
AuthBody { implicit ctx => me =>
|
||||||
WithOwnedTeam(id) { team =>
|
WithOwnedTeamEnabled(id) { team =>
|
||||||
implicit val req = ctx.body
|
implicit val req = ctx.body
|
||||||
forms.leaders(team).bindFromRequest().value ?? {
|
forms.leaders(team).bindFromRequest().value ?? {
|
||||||
api.setLeaders(team, _, me, isGranted(_.ManageTeam))
|
api.setLeaders(team, _, me, isGranted(_.ManageTeam))
|
||||||
|
@ -256,7 +256,7 @@ final class Team(
|
||||||
AuthOrScopedBody(_.Team.Write)(
|
AuthOrScopedBody(_.Team.Write)(
|
||||||
auth = implicit ctx =>
|
auth = implicit ctx =>
|
||||||
me =>
|
me =>
|
||||||
api.team(id) flatMap {
|
api.teamEnabled(id) flatMap {
|
||||||
_ ?? { team =>
|
_ ?? { team =>
|
||||||
api hasJoinedTooManyTeams me flatMap { tooMany =>
|
api hasJoinedTooManyTeams me flatMap { tooMany =>
|
||||||
if (tooMany)
|
if (tooMany)
|
||||||
|
@ -428,7 +428,7 @@ final class Team(
|
||||||
|
|
||||||
def pmAll(id: String) =
|
def pmAll(id: String) =
|
||||||
Auth { implicit ctx => _ =>
|
Auth { implicit ctx => _ =>
|
||||||
WithOwnedTeam(id) { team =>
|
WithOwnedTeamEnabled(id) { team =>
|
||||||
env.tournament.api
|
env.tournament.api
|
||||||
.visibleByTeam(team.id, 0, 20)
|
.visibleByTeam(team.id, 0, 20)
|
||||||
.dmap(_.next)
|
.dmap(_.next)
|
||||||
|
@ -442,7 +442,7 @@ final class Team(
|
||||||
AuthOrScopedBody(_.Team.Write)(
|
AuthOrScopedBody(_.Team.Write)(
|
||||||
auth = implicit ctx =>
|
auth = implicit ctx =>
|
||||||
me =>
|
me =>
|
||||||
WithOwnedTeam(id) { team =>
|
WithOwnedTeamEnabled(id) { team =>
|
||||||
doPmAll(team, me)(ctx.body).fold(
|
doPmAll(team, me)(ctx.body).fold(
|
||||||
err =>
|
err =>
|
||||||
env.tournament.api
|
env.tournament.api
|
||||||
|
@ -456,7 +456,7 @@ final class Team(
|
||||||
},
|
},
|
||||||
scoped = implicit req =>
|
scoped = implicit req =>
|
||||||
me =>
|
me =>
|
||||||
api team id flatMap {
|
api teamEnabled id flatMap {
|
||||||
_.filter(_ leaders me.id) ?? { team =>
|
_.filter(_ leaders me.id) ?? { team =>
|
||||||
doPmAll(team, me).fold(
|
doPmAll(team, me).fold(
|
||||||
err => BadRequest(errorsAsJson(err)(reqLang)).fuccess,
|
err => BadRequest(errorsAsJson(err)(reqLang)).fuccess,
|
||||||
|
@ -482,7 +482,7 @@ final class Team(
|
||||||
def apiShow(id: String) =
|
def apiShow(id: String) =
|
||||||
Open { ctx =>
|
Open { ctx =>
|
||||||
JsonOptionOk {
|
JsonOptionOk {
|
||||||
api team id flatMap {
|
api teamEnabled id flatMap {
|
||||||
_ ?? { team =>
|
_ ?? { team =>
|
||||||
for {
|
for {
|
||||||
joined <- ctx.userId.?? { api.belongsTo(id, _) }
|
joined <- ctx.userId.?? { api.belongsTo(id, _) }
|
||||||
|
@ -565,4 +565,12 @@ You received this because you are subscribed to messages of the team $url."""
|
||||||
if (ctx.userId.exists(team.leaders.contains) || isGranted(_.ManageTeam)) f(team)
|
if (ctx.userId.exists(team.leaders.contains) || isGranted(_.ManageTeam)) f(team)
|
||||||
else renderTeam(team) map { Forbidden(_) }
|
else renderTeam(team) map { Forbidden(_) }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private def WithOwnedTeamEnabled(
|
||||||
|
teamId: String
|
||||||
|
)(f: TeamModel => Fu[Result])(implicit ctx: Context): Fu[Result] =
|
||||||
|
WithOwnedTeam(teamId) { team =>
|
||||||
|
if (team.enabled) f(team)
|
||||||
|
else notFound
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,6 +34,8 @@ final class TeamApi(
|
||||||
|
|
||||||
def team(id: Team.ID) = teamRepo byId id
|
def team(id: Team.ID) = teamRepo byId id
|
||||||
|
|
||||||
|
def teamEnabled(id: Team.ID) = teamRepo enabled id
|
||||||
|
|
||||||
def leaderTeam(id: Team.ID) = teamRepo.coll.byId[LeaderTeam](id, $doc("name" -> true))
|
def leaderTeam(id: Team.ID) = teamRepo.coll.byId[LeaderTeam](id, $doc("name" -> true))
|
||||||
|
|
||||||
def lightsByLeader = teamRepo.lightsByLeader _
|
def lightsByLeader = teamRepo.lightsByLeader _
|
||||||
|
@ -143,7 +145,7 @@ final class TeamApi(
|
||||||
|
|
||||||
def requestable(teamId: Team.ID, user: User): Fu[Option[Team]] =
|
def requestable(teamId: Team.ID, user: User): Fu[Option[Team]] =
|
||||||
for {
|
for {
|
||||||
teamOption <- teamRepo.coll.byId[Team](teamId)
|
teamOption <- teamEnabled(teamId)
|
||||||
able <- teamOption.??(requestable(_, user))
|
able <- teamOption.??(requestable(_, user))
|
||||||
} yield teamOption ifTrue able
|
} yield teamOption ifTrue able
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue