New privileges on API (allowed column only)
This commit is contained in:
Nyo
parent
244186cf4e
commit
39f6b2bbcf
|
|
@ -40,7 +40,7 @@ func getUserX(c *gin.Context, db *sql.DB, orderBy string, limit int) {
|
|||
FROM scores
|
||||
LEFT JOIN beatmaps ON beatmaps.beatmap_md5 = scores.beatmap_md5
|
||||
LEFT JOIN users ON scores.userid = users.id
|
||||
WHERE %s AND scores.play_mode = ? AND users.allowed = '1'
|
||||
WHERE %s AND scores.play_mode = ? AND users.privileges & 1 > 0
|
||||
%s
|
||||
LIMIT %d`, whereClause, orderBy, limit,
|
||||
)
|
||||
|
|
|
|||
|
|
@ -169,7 +169,7 @@ func addFriend(md common.MethodData, u int) common.CodeMessager {
|
|||
|
||||
// userExists makes sure an user exists.
|
||||
func userExists(md common.MethodData, u int) (r bool) {
|
||||
err := md.DB.QueryRow("SELECT EXISTS(SELECT 1 FROM users WHERE id = ? AND users.allowed='1')", u).Scan(&r)
|
||||
err := md.DB.QueryRow("SELECT EXISTS(SELECT 1 FROM users WHERE id = ? AND users.privileges & 1 > 0)", u).Scan(&r)
|
||||
if err != nil && err != sql.ErrNoRows {
|
||||
md.Err(err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ INNER JOIN users_stats ON users_stats.id = leaderboard_%[1]s.user
|
|||
// LeaderboardGET gets the leaderboard.
|
||||
func LeaderboardGET(md common.MethodData) common.CodeMessager {
|
||||
m := getMode(md.C.Query("mode"))
|
||||
query := fmt.Sprintf(lbUserQuery, m, `WHERE users.allowed = '1' ORDER BY leaderboard_`+m+`.position `+
|
||||
query := fmt.Sprintf(lbUserQuery, m, `WHERE users.privileges & 1 > 0 ORDER BY leaderboard_`+m+`.position `+
|
||||
common.Paginate(md.C.Query("p"), md.C.Query("l"), 100))
|
||||
rows, err := md.DB.Query(query)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -21,10 +21,21 @@ func UserManageSetAllowedPOST(md common.MethodData) common.CodeMessager {
|
|||
return common.SimpleResponse(400, "Allowed status must be between 0 and 2")
|
||||
}
|
||||
var banDatetime int64
|
||||
var privileges int32
|
||||
var newPrivileges int32
|
||||
err := md.DB.QueryRow("SELECT privileges FROM users WHERE id = ?", data.UserID).Scan(&privileges)
|
||||
if err != nil {
|
||||
md.Err(err)
|
||||
return Err500
|
||||
}
|
||||
if data.Allowed == 0 {
|
||||
banDatetime = time.Now().Unix()
|
||||
newPrivileges = privileges &^(common.UserPrivilegeNormal | common.UserPrivilegePublic)
|
||||
} else {
|
||||
banDatetime = 0
|
||||
newPrivileges = privileges | (common.UserPrivilegeNormal | common.UserPrivilegePublic)
|
||||
}
|
||||
_, err := md.DB.Exec("UPDATE users SET allowed = ?, ban_datetime = ? WHERE id = ?", data.Allowed, banDatetime, data.UserID)
|
||||
_, err = md.DB.Exec("UPDATE users SET privileges = ?, ban_datetime = ? WHERE id = ?", newPrivileges, banDatetime, data.UserID)
|
||||
if err != nil {
|
||||
md.Err(err)
|
||||
return Err500
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ func TokenNewPOST(md common.MethodData) common.CodeMessager {
|
|||
}
|
||||
|
||||
var q *sql.Row
|
||||
const base = "SELECT id, username, rank, password_md5, password_version, allowed FROM users "
|
||||
const base = "SELECT id, username, rank, password_md5, password_version, privileges FROM users "
|
||||
if data.UserID != 0 {
|
||||
q = md.DB.QueryRow(base+"WHERE id = ? LIMIT 1", data.UserID)
|
||||
} else {
|
||||
|
|
@ -61,10 +61,10 @@ func TokenNewPOST(md common.MethodData) common.CodeMessager {
|
|||
rank int
|
||||
pw string
|
||||
pwVersion int
|
||||
allowed int
|
||||
privileges int
|
||||
)
|
||||
|
||||
err = q.Scan(&r.ID, &r.Username, &rank, &pw, &pwVersion, &allowed)
|
||||
err = q.Scan(&r.ID, &r.Username, &rank, &pw, &pwVersion, &privileges)
|
||||
switch {
|
||||
case err == sql.ErrNoRows:
|
||||
return common.SimpleResponse(404, "No user with that username/id was found.")
|
||||
|
|
@ -88,7 +88,7 @@ func TokenNewPOST(md common.MethodData) common.CodeMessager {
|
|||
md.Err(err)
|
||||
return Err500
|
||||
}
|
||||
if allowed == 0 {
|
||||
if (privileges & 0) == 0 {
|
||||
r.Code = 200
|
||||
r.Message = "That user is banned."
|
||||
r.Banned = true
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ SELECT users.id, users.username, register_datetime, rank,
|
|||
FROM users
|
||||
LEFT JOIN users_stats
|
||||
ON users.id=users_stats.id
|
||||
WHERE ` + whereClause + ` AND users.allowed='1'
|
||||
WHERE ` + whereClause + ` AND users.privileges & 1 > 0
|
||||
LIMIT 1`
|
||||
return userPuts(md, md.DB.QueryRow(query, param))
|
||||
}
|
||||
|
|
@ -110,10 +110,10 @@ type whatIDResponse struct {
|
|||
func UserWhatsTheIDGET(md common.MethodData) common.CodeMessager {
|
||||
var (
|
||||
r whatIDResponse
|
||||
allowed int
|
||||
privileges int
|
||||
)
|
||||
err := md.DB.QueryRow("SELECT id, allowed FROM users WHERE username = ? LIMIT 1", md.C.Query("name")).Scan(&r.ID, &allowed)
|
||||
if err != nil || (allowed != 1 && !md.User.Privileges.HasPrivilegeViewUserAdvanced()) {
|
||||
err := md.DB.QueryRow("SELECT id, privileges FROM users WHERE username = ? LIMIT 1", md.C.Query("name")).Scan(&r.ID, &privileges)
|
||||
if err != nil || ( (privileges & common.UserPrivilegePublic) == 0 && !md.User.Privileges.HasPrivilegeViewUserAdvanced()) {
|
||||
return common.SimpleResponse(404, "That user could not be found!")
|
||||
}
|
||||
r.Code = 200
|
||||
|
|
@ -185,7 +185,7 @@ LEFT JOIN leaderboard_ctb
|
|||
ON users.id=leaderboard_ctb.user
|
||||
LEFT JOIN leaderboard_mania
|
||||
ON users.id=leaderboard_mania.user
|
||||
WHERE ` + whereClause + ` AND users.allowed = '1'
|
||||
WHERE ` + whereClause + ` AND users.privileges & 1 > 0
|
||||
LIMIT 1
|
||||
`
|
||||
// Fuck.
|
||||
|
|
@ -304,7 +304,7 @@ func UserLookupGET(md common.MethodData) common.CodeMessager {
|
|||
return common.SimpleResponse(400, "please provide an username to start searching")
|
||||
}
|
||||
name = "%" + name + "%"
|
||||
rows, err := md.DB.Query("SELECT users.id, users.username FROM users WHERE username LIKE ? AND allowed = '1' LIMIT 25", name)
|
||||
rows, err := md.DB.Query("SELECT users.id, users.username FROM users WHERE username LIKE ? AND privileges & 1 > 0 LIMIT 25", name)
|
||||
if err != nil {
|
||||
md.Err(err)
|
||||
return Err500
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ func UserScoresBestGET(md common.MethodData) common.CodeMessager {
|
|||
scores.completed = '3'
|
||||
AND %s
|
||||
%s
|
||||
AND users.allowed = '1'
|
||||
AND users.privileges & 1 > 0
|
||||
ORDER BY scores.pp DESC, scores.score DESC %s`,
|
||||
wc, mc, common.Paginate(md.C.Query("p"), md.C.Query("l"), 100),
|
||||
), param)
|
||||
|
|
@ -89,7 +89,7 @@ func UserScoresRecentGET(md common.MethodData) common.CodeMessager {
|
|||
`WHERE
|
||||
%s
|
||||
%s
|
||||
AND users.allowed = '1'
|
||||
AND users.privileges & 1 > 0
|
||||
ORDER BY scores.time DESC %s`,
|
||||
wc, genModeClause(md), common.Paginate(md.C.Query("p"), md.C.Query("l"), 100),
|
||||
), param)
|
||||
|
|
|
|||
24
common/user_privileges.go
Normal file
24
common/user_privileges.go
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
package common
|
||||
|
||||
const (
|
||||
UserPrivilegePublic = 1 << iota
|
||||
UserPrivilegeNormal
|
||||
UserPrivilegeDonor
|
||||
AdminPrivilegeAccessRAP
|
||||
AdminPrivilegeManageUsers
|
||||
AdminPrivilegeBanUsers
|
||||
AdminPrivilegeSilenceUsers
|
||||
AdminPrivilegeWipeUsers
|
||||
AdminPrivilegeManageBeatmap
|
||||
AdminPrivilegeManageServer
|
||||
AdminPrivilegeManageSetting
|
||||
AdminPrivilegeManageBetaKey
|
||||
AdminPrivilegeManageReport
|
||||
AdminPrivilegeManageDocs
|
||||
AdminPrivilegeManageBadges
|
||||
AdminPrivilegeViewRAPLogs
|
||||
AdminPrivilegeManagePrivilege
|
||||
AdminPrivilegeSendAlerts
|
||||
AdminPrivilegeChatMod
|
||||
AdminPrivilegeKickUsers
|
||||
)
|
||||
Loading…
Reference in New Issue
Block a user