Enabled unused variable warning again, fixed some possible bugs where we didn't check some parameters, and explicitly marked all unused parameters (mostly orgheaders)

This commit is contained in:
Daniel García 2018-05-30 22:30:45 +02:00
parent cbe73a31ea
commit 1a4b1a8254
6 changed files with 41 additions and 20 deletions

View File

@ -65,7 +65,7 @@ fn profile(headers: Headers, conn: DbConn) -> JsonResult {
} }
#[get("/users/<uuid>/public-key")] #[get("/users/<uuid>/public-key")]
fn get_public_keys(uuid: String, headers: Headers, conn: DbConn) -> JsonResult { fn get_public_keys(uuid: String, _headers: Headers, conn: DbConn) -> JsonResult {
let user = match User::find_by_uuid(&uuid, &conn) { let user = match User::find_by_uuid(&uuid, &conn) {
Some(user) => user, Some(user) => user,
None => err!("User doesn't exist") None => err!("User doesn't exist")

View File

@ -104,12 +104,14 @@ use api::{JsonResult, EmptyResult};
use auth::Headers; use auth::Headers;
#[put("/devices/identifier/<uuid>/clear-token")] #[put("/devices/identifier/<uuid>/clear-token")]
fn clear_device_token(uuid: String, conn: DbConn) -> JsonResult { fn clear_device_token(uuid: String, _conn: DbConn) -> JsonResult {
println!("{}", uuid);
err!("Not implemented") err!("Not implemented")
} }
#[put("/devices/identifier/<uuid>/token")] #[put("/devices/identifier/<uuid>/token")]
fn put_device_token(uuid: String, conn: DbConn) -> JsonResult { fn put_device_token(uuid: String, _conn: DbConn) -> JsonResult {
println!("{}", uuid);
err!("Not implemented") err!("Not implemented")
} }

View File

@ -16,7 +16,8 @@ struct OrgData {
collectionName: String, collectionName: String,
key: String, key: String,
name: String, name: String,
planType: String, #[serde(rename = "planType")]
_planType: String, // Ignored, always use the same plan
} }
#[derive(Deserialize, Debug)] #[derive(Deserialize, Debug)]
@ -73,7 +74,7 @@ fn delete_organization(org_id: String, data: Json<PasswordData>, headers: OwnerH
} }
#[get("/organizations/<org_id>")] #[get("/organizations/<org_id>")]
fn get_organization(org_id: String, headers: OwnerHeaders, conn: DbConn) -> JsonResult { fn get_organization(org_id: String, _headers: OwnerHeaders, conn: DbConn) -> JsonResult {
match Organization::find_by_uuid(&org_id, &conn) { match Organization::find_by_uuid(&org_id, &conn) {
Some(organization) => Ok(Json(organization.to_json())), Some(organization) => Ok(Json(organization.to_json())),
None => err!("Can't find organization details") None => err!("Can't find organization details")
@ -81,7 +82,7 @@ fn get_organization(org_id: String, headers: OwnerHeaders, conn: DbConn) -> Json
} }
#[post("/organizations/<org_id>", data = "<data>")] #[post("/organizations/<org_id>", data = "<data>")]
fn post_organization(org_id: String, headers: OwnerHeaders, data: Json<OrganizationUpdateData>, conn: DbConn) -> JsonResult { fn post_organization(org_id: String, _headers: OwnerHeaders, data: Json<OrganizationUpdateData>, conn: DbConn) -> JsonResult {
let data: OrganizationUpdateData = data.into_inner(); let data: OrganizationUpdateData = data.into_inner();
let mut org = match Organization::find_by_uuid(&org_id, &conn) { let mut org = match Organization::find_by_uuid(&org_id, &conn) {
@ -112,7 +113,7 @@ fn get_user_collections(headers: Headers, conn: DbConn) -> JsonResult {
} }
#[get("/organizations/<org_id>/collections")] #[get("/organizations/<org_id>/collections")]
fn get_org_collections(org_id: String, headers: AdminHeaders, conn: DbConn) -> JsonResult { fn get_org_collections(org_id: String, _headers: AdminHeaders, conn: DbConn) -> JsonResult {
Ok(Json(json!({ Ok(Json(json!({
"Data": "Data":
Collection::find_by_organization(&org_id, &conn) Collection::find_by_organization(&org_id, &conn)
@ -125,7 +126,7 @@ fn get_org_collections(org_id: String, headers: AdminHeaders, conn: DbConn) -> J
} }
#[post("/organizations/<org_id>/collections", data = "<data>")] #[post("/organizations/<org_id>/collections", data = "<data>")]
fn post_organization_collections(org_id: String, headers: AdminHeaders, data: Json<NewCollectionData>, conn: DbConn) -> JsonResult { fn post_organization_collections(org_id: String, _headers: AdminHeaders, data: Json<NewCollectionData>, conn: DbConn) -> JsonResult {
let data: NewCollectionData = data.into_inner(); let data: NewCollectionData = data.into_inner();
let org = match Organization::find_by_uuid(&org_id, &conn) { let org = match Organization::find_by_uuid(&org_id, &conn) {
@ -141,7 +142,7 @@ fn post_organization_collections(org_id: String, headers: AdminHeaders, data: Js
} }
#[post("/organizations/<org_id>/collections/<col_id>", data = "<data>")] #[post("/organizations/<org_id>/collections/<col_id>", data = "<data>")]
fn post_organization_collection_update(org_id: String, col_id: String, headers: AdminHeaders, data: Json<NewCollectionData>, conn: DbConn) -> JsonResult { fn post_organization_collection_update(org_id: String, col_id: String, _headers: AdminHeaders, data: Json<NewCollectionData>, conn: DbConn) -> JsonResult {
let data: NewCollectionData = data.into_inner(); let data: NewCollectionData = data.into_inner();
let org = match Organization::find_by_uuid(&org_id, &conn) { let org = match Organization::find_by_uuid(&org_id, &conn) {
@ -154,6 +155,10 @@ fn post_organization_collection_update(org_id: String, col_id: String, headers:
None => err!("Collection not found") None => err!("Collection not found")
}; };
if collection.org_uuid != org.uuid {
err!("Collection is not owned by organization");
}
collection.name = data.name.clone(); collection.name = data.name.clone();
collection.save(&conn); collection.save(&conn);
@ -161,7 +166,7 @@ fn post_organization_collection_update(org_id: String, col_id: String, headers:
} }
#[post("/organizations/<org_id>/collections/<col_id>/delete-user/<org_user_id>")] #[post("/organizations/<org_id>/collections/<col_id>/delete-user/<org_user_id>")]
fn post_organization_collection_delete_user(org_id: String, col_id: String, org_user_id: String, headers: AdminHeaders, conn: DbConn) -> EmptyResult { fn post_organization_collection_delete_user(org_id: String, col_id: String, org_user_id: String, _headers: AdminHeaders, conn: DbConn) -> EmptyResult {
let collection = match Collection::find_by_uuid(&col_id, &conn) { let collection = match Collection::find_by_uuid(&col_id, &conn) {
None => err!("Collection not found"), None => err!("Collection not found"),
Some(collection) => if collection.org_uuid == org_id { Some(collection) => if collection.org_uuid == org_id {
@ -195,7 +200,9 @@ struct DeleteCollectionData {
} }
#[post("/organizations/<org_id>/collections/<col_id>/delete", data = "<data>")] #[post("/organizations/<org_id>/collections/<col_id>/delete", data = "<data>")]
fn post_organization_collection_delete(org_id: String, col_id: String, headers: AdminHeaders, data: Json<DeleteCollectionData>, conn: DbConn) -> EmptyResult { fn post_organization_collection_delete(org_id: String, col_id: String, _headers: AdminHeaders, data: Json<DeleteCollectionData>, conn: DbConn) -> EmptyResult {
let _data: DeleteCollectionData = data.into_inner();
match Collection::find_by_uuid(&col_id, &conn) { match Collection::find_by_uuid(&col_id, &conn) {
None => err!("Collection not found"), None => err!("Collection not found"),
Some(collection) => if collection.org_uuid == org_id { Some(collection) => if collection.org_uuid == org_id {
@ -213,12 +220,18 @@ fn post_organization_collection_delete(org_id: String, col_id: String, headers:
fn get_org_collection_detail(org_id: String, coll_id: String, headers: AdminHeaders, conn: DbConn) -> JsonResult { fn get_org_collection_detail(org_id: String, coll_id: String, headers: AdminHeaders, conn: DbConn) -> JsonResult {
match Collection::find_by_uuid_and_user(&coll_id, &headers.user.uuid, &conn) { match Collection::find_by_uuid_and_user(&coll_id, &headers.user.uuid, &conn) {
None => err!("Collection not found"), None => err!("Collection not found"),
Some(collection) => Ok(Json(collection.to_json())) Some(collection) => {
if collection.org_uuid != org_id {
err!("Collection is not owned by organization")
}
Ok(Json(collection.to_json()))
}
} }
} }
#[get("/organizations/<org_id>/collections/<coll_id>/users")] #[get("/organizations/<org_id>/collections/<coll_id>/users")]
fn get_collection_users(org_id: String, coll_id: String, headers: AdminHeaders, conn: DbConn) -> JsonResult { fn get_collection_users(org_id: String, coll_id: String, _headers: AdminHeaders, conn: DbConn) -> JsonResult {
// Get org and collection, check that collection is from org // Get org and collection, check that collection is from org
let collection = match Collection::find_by_uuid_and_org(&coll_id, &org_id, &conn) { let collection = match Collection::find_by_uuid_and_org(&coll_id, &org_id, &conn) {
None => err!("Collection not found in Organization"), None => err!("Collection not found in Organization"),
@ -344,9 +357,13 @@ fn send_invite(org_id: String, data: Json<InviteData>, headers: AdminHeaders, co
fn confirm_invite(org_id: String, user_id: String, data: Json<Value>, headers: AdminHeaders, conn: DbConn) -> EmptyResult { fn confirm_invite(org_id: String, user_id: String, data: Json<Value>, headers: AdminHeaders, conn: DbConn) -> EmptyResult {
let mut user_to_confirm = match UserOrganization::find_by_uuid(&user_id, &conn) { let mut user_to_confirm = match UserOrganization::find_by_uuid(&user_id, &conn) {
Some(user) => user, Some(user) => user,
None => err!("User to confirm isn't member of the organization") None => err!("User to confirm doesn't exist")
}; };
if user_to_confirm.org_uuid != org_id {
err!("The specified user isn't a member of the organization")
}
if user_to_confirm.type_ != UserOrgType::User as i32 && if user_to_confirm.type_ != UserOrgType::User as i32 &&
headers.org_user_type != UserOrgType::Owner as i32 { headers.org_user_type != UserOrgType::Owner as i32 {
err!("Only Owners can confirm Admins or Owners") err!("Only Owners can confirm Admins or Owners")
@ -368,12 +385,16 @@ fn confirm_invite(org_id: String, user_id: String, data: Json<Value>, headers: A
} }
#[get("/organizations/<org_id>/users/<user_id>")] #[get("/organizations/<org_id>/users/<user_id>")]
fn get_user(org_id: String, user_id: String, headers: AdminHeaders, conn: DbConn) -> JsonResult { fn get_user(org_id: String, user_id: String, _headers: AdminHeaders, conn: DbConn) -> JsonResult {
let user = match UserOrganization::find_by_uuid(&user_id, &conn) { let user = match UserOrganization::find_by_uuid(&user_id, &conn) {
Some(user) => user, Some(user) => user,
None => err!("The specified user isn't member of the organization") None => err!("The specified user doesn't exist")
}; };
if user.org_uuid != org_id {
err!("The specified user isn't a member of the organization")
}
Ok(Json(user.to_json_details(&conn))) Ok(Json(user.to_json_details(&conn)))
} }

View File

@ -157,7 +157,7 @@ fn activate_authenticator(data: Json<EnableTwoFactorData>, headers: Headers, con
struct DisableTwoFactorData { struct DisableTwoFactorData {
masterPasswordHash: String, masterPasswordHash: String,
#[serde(rename = "type")] #[serde(rename = "type")]
type_: NumberOrString, _type: NumberOrString,
} }
#[post("/two-factor/disable", data = "<data>")] #[post("/two-factor/disable", data = "<data>")]

View File

@ -26,7 +26,7 @@ pub struct UserOrganization {
} }
pub enum UserOrgStatus { pub enum UserOrgStatus {
Invited = 0, _Invited = 0, // Unused, users are accepted automatically
Accepted = 1, Accepted = 1,
Confirmed = 2, Confirmed = 2,
} }

View File

@ -1,5 +1,3 @@
#![allow(unused_variables, dead_code)]
#![feature(plugin, custom_derive)] #![feature(plugin, custom_derive)]
#![plugin(rocket_codegen)] #![plugin(rocket_codegen)]
extern crate rocket; extern crate rocket;