From 31349a47d3fa12ed15f409654d0af2c0ba0645d2 Mon Sep 17 00:00:00 2001
From: "Shane A. Faulkner" <contact@shanefaulkner.com>
Date: Sat, 14 Jul 2018 01:09:20 -0500
Subject: [PATCH] Very dirty addition of missing api's

---
 src/api/core/ciphers.rs | 43 +++++++++++++++++++++++++++++++++++++++++
 src/api/core/mod.rs     |  3 +++
 2 files changed, 46 insertions(+)

diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs
index 29f9e8c..30aab62 100644
--- a/src/api/core/ciphers.rs
+++ b/src/api/core/ciphers.rs
@@ -415,6 +415,32 @@ fn post_attachment(uuid: String, data: Data, content_type: &ContentType, headers
     Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn)))
 }
 
+#[post("/ciphers/<uuid>/attachment-admin", format = "multipart/form-data", data = "<data>")]
+fn post_attachment_admin(uuid: String, data: Data, content_type: &ContentType, headers: Headers, conn: DbConn) -> JsonResult {
+    post_attachment(uuid, data, content_type, headers, conn)
+}
+
+#[post("/ciphers/<uuid>/attachment/<attachment_id>/share", format = "multipart/form-data", data = "<data>")]
+fn post_attachment_share(uuid: String, attachment_id: String, data: Data, content_type: &ContentType, headers: Headers, conn: DbConn) -> JsonResult {
+
+	let cipher = match Cipher::find_by_uuid(&uuid, &conn) {
+        Some(cipher) => cipher,
+        None => err!("Cipher doesn't exist")
+    };
+
+    if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) {
+        err!("Cipher is not write accessible")
+    };
+
+    try!(_delete_cipher_attachment_by_uuid(&uuid, &attachment_id, &conn));
+    post_attachment(uuid, data, content_type, headers, conn)
+}
+
+#[post("/ciphers/<uuid>/attachment/<attachment_id>/delete-admin")]
+fn delete_attachment_post_admin(uuid: String, attachment_id: String, headers: Headers, conn: DbConn) -> EmptyResult {
+    delete_attachment(uuid, attachment_id, headers, conn)
+}
+
 #[post("/ciphers/<uuid>/attachment/<attachment_id>/delete")]
 fn delete_attachment_post(uuid: String, attachment_id: String, headers: Headers, conn: DbConn) -> EmptyResult {
     delete_attachment(uuid, attachment_id, headers, conn)
@@ -578,3 +604,20 @@ fn _delete_cipher_by_uuid(uuid: &str, headers: &Headers, conn: &DbConn) -> Empty
         Err(_) => err!("Failed deleting cipher")
     }
 }
+
+fn _delete_cipher_attachment_by_uuid(uuid: &str, attachment_id: &str, conn: &DbConn) -> EmptyResult {
+    let attachment = match Attachment::find_by_id(&attachment_id, &conn) {
+        Some(attachment) => attachment,
+        None => err!("Attachment doesn't exist")
+    };
+
+    if attachment.cipher_uuid != uuid {
+        err!("Attachment from other cipher")
+    }
+
+    // Delete attachment
+    match attachment.delete(&conn) {
+        Ok(()) => Ok(()),
+        Err(_) => err!("Deleting attachement failed")
+    }
+}
diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs
index 89df7a1..513319b 100644
--- a/src/api/core/mod.rs
+++ b/src/api/core/mod.rs
@@ -34,7 +34,10 @@ pub fn routes() -> Vec<Route> {
         post_ciphers_admin,
         post_ciphers_import,
         post_attachment,
+        post_attachment_admin,
+        post_attachment_share,
         delete_attachment_post,
+        delete_attachment_post_admin,
         delete_attachment,
         post_cipher_admin,
         post_cipher_share,