EZPPFarm/ripple-api
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Allow users with AdminManageUsers to see banned users

Browse Source 
Also:
- General code refactoring
- Allow banned/restricted users to see their scores etc
- common.MethodData now contains UserPrivileges
- UserPrivileges have now their own type
- Implement md.HasQuery, to know if there's a GET querystring parameter or not
This commit is contained in:
Howl
2016-08-27 12:04:12 +02:00
parent 476cd385f8
commit e4d27f8d6b
18 changed files with 130 additions and 159 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/v1/user.go
View File

@@ -36,7 +36,7 @@ SELECT users.id, users.username, register_datetime, privileges,
FROM users
LEFT JOIN users_stats
ON users.id=users_stats.id
WHERE ` + whereClause + ` AND users.privileges & 1 > 0
WHERE ` + whereClause + ` AND ` + md.User.OnlyUserPublic(true) + `
LIMIT 1`
return userPuts(md, md.DB.QueryRowx(query, param))
}
@@ -92,10 +92,11 @@ type whatIDResponse struct {
func UserWhatsTheIDGET(md common.MethodData) common.CodeMessager {
var (
r whatIDResponse
privileges int
privileges uint64
)
err := md.DB.QueryRow("SELECT id, privileges FROM users WHERE username = ? LIMIT 1", md.Query("name")).Scan(&r.ID, &privileges)
if err != nil || ((privileges&common.UserPrivilegePublic) == 0 && !md.User.Privileges.HasPrivilegeViewUserAdvanced()) {
if err != nil || ((privileges&uint64(common.UserPrivilegePublic)) == 0 &&
(md.User.UserPrivileges&common.AdminPrivilegeManageUsers == 0)) {
return common.SimpleResponse(404, "That user could not be found!")
}
r.Code = 200
@@ -167,7 +168,7 @@ LEFT JOIN leaderboard_ctb
ON users.id=leaderboard_ctb.user
LEFT JOIN leaderboard_mania
ON users.id=leaderboard_mania.user
WHERE ` + whereClause + ` AND users.privileges & 1 > 0
WHERE ` + whereClause + ` AND ` + md.User.OnlyUserPublic(true) + `
LIMIT 1
`
// Fuck.
@@ -278,7 +279,8 @@ func UserLookupGET(md common.MethodData) common.CodeMessager {
return common.SimpleResponse(400, "please provide an username to start searching")
}
name = "%" + name + "%"
rows, err := md.DB.Query("SELECT users.id, users.username FROM users WHERE username LIKE ? AND privileges & 1 > 0 LIMIT 25", name)
rows, err := md.DB.Query("SELECT users.id, users.username FROM users WHERE username LIKE ? AND "+
md.User.OnlyUserPublic(true)+" LIMIT 25", name)
if err != nil {
md.Err(err)
return Err500