refactor: sql queries related to privacy-accounting;
chore: regenerated swagger; feat: utilizing new 410 error when user is banned/unavailable/deleted
This commit is contained in:
@@ -43,7 +43,6 @@ type CheckProfileAccessRow struct {
|
||||
CaptchaRequired bool
|
||||
}
|
||||
|
||||
// XXX: recheck, was tired
|
||||
func (q *Queries) CheckProfileAccess(ctx context.Context, arg CheckProfileAccessParams) (CheckProfileAccessRow, error) {
|
||||
row := q.db.QueryRow(ctx, checkProfileAccess, arg.ID, arg.Requester)
|
||||
var i CheckProfileAccessRow
|
||||
@@ -99,6 +98,46 @@ func (q *Queries) CheckUserRegistrationAvailability(ctx context.Context, arg Che
|
||||
return i, err
|
||||
}
|
||||
|
||||
const checkWishAccessByGuid = `-- name: CheckWishAccessByGuid :one
|
||||
SELECT EXISTS (
|
||||
SELECT 1
|
||||
FROM wishes w
|
||||
JOIN wish_lists wl ON w.wish_list_id = wl.id
|
||||
JOIN profiles p ON wl.profile_id = p.id
|
||||
JOIN profile_settings ps ON ps.profile_id = p.id
|
||||
JOIN users u ON p.user_id = u.id
|
||||
LEFT JOIN banned_users bu ON u.id = bu.user_id
|
||||
AND bu.pardoned = FALSE
|
||||
AND (bu.expires_at IS NULL OR bu.expires_at > NOW())
|
||||
WHERE w.guid = ($1::text)::uuid
|
||||
AND ps.hide_profile_details = FALSE
|
||||
AND (
|
||||
$2::text != ''
|
||||
OR ps.hide_for_unauthenticated IS FALSE
|
||||
)
|
||||
AND (
|
||||
w.fulfilled = FALSE
|
||||
OR ps.hide_fulfilled IS FALSE
|
||||
)
|
||||
AND w.deleted = FALSE
|
||||
AND wl.deleted = FALSE
|
||||
AND u.deleted = FALSE
|
||||
AND bu.id IS NULL -- Ensures owner is not banned
|
||||
)
|
||||
`
|
||||
|
||||
type CheckWishAccessByGuidParams struct {
|
||||
Guid string
|
||||
Requester string
|
||||
}
|
||||
|
||||
func (q *Queries) CheckWishAccessByGuid(ctx context.Context, arg CheckWishAccessByGuidParams) (bool, error) {
|
||||
row := q.db.QueryRow(ctx, checkWishAccessByGuid, arg.Guid, arg.Requester)
|
||||
var exists bool
|
||||
err := row.Scan(&exists)
|
||||
return exists, err
|
||||
}
|
||||
|
||||
const createBannedUser = `-- name: CreateBannedUser :one
|
||||
INSERT INTO banned_users(user_id, expires_at, reason, banned_by)
|
||||
VALUES ( $1, $2, $3, $4) RETURNING id, user_id, date, reason, expires_at, banned_by, pardoned, pardoned_by
|
||||
@@ -520,7 +559,6 @@ type GetProfileByUsernameWithPrivacyRow struct {
|
||||
ColorGrad string
|
||||
}
|
||||
|
||||
// FIXME: tweak backend code to handle privacy correctly
|
||||
func (q *Queries) GetProfileByUsernameWithPrivacy(ctx context.Context, searchedUsername string) (GetProfileByUsernameWithPrivacyRow, error) {
|
||||
row := q.db.QueryRow(ctx, getProfileByUsernameWithPrivacy, searchedUsername)
|
||||
var i GetProfileByUsernameWithPrivacyRow
|
||||
@@ -1016,77 +1054,6 @@ func (q *Queries) GetWishByGuid(ctx context.Context, guid string) (Wish, error)
|
||||
return i, err
|
||||
}
|
||||
|
||||
const getWishByGuidWithPrivacy = `-- name: GetWishByGuidWithPrivacy :one
|
||||
SELECT
|
||||
w.id, w.guid, w.wish_list_id, w.wish_list_guid, w.name, w.description, w.picture_url, w.stars, w.creation_date, w.fulfilled, w.fulfilled_date, w.deleted,
|
||||
CASE
|
||||
WHEN
|
||||
(
|
||||
$1::text = u.username OR
|
||||
NOT ps.hide_profile_details AND
|
||||
NOT
|
||||
(
|
||||
ps.hide_for_unauthenticated AND
|
||||
$1::text = ''
|
||||
) AND
|
||||
NOT wl.hidden
|
||||
)
|
||||
THEN TRUE
|
||||
ELSE FALSE
|
||||
END AS access_allowed
|
||||
FROM wishes w
|
||||
JOIN wish_lists wl ON w.wish_list_id = wl.id
|
||||
JOIN profiles p ON wl.profile_id = p.id
|
||||
JOIN profile_settings ps ON ps.profile_id = p.id
|
||||
JOIN users u ON p.user_id = u.id
|
||||
WHERE
|
||||
w.guid = ($2::text)::uuid AND
|
||||
w.deleted IS FALSE
|
||||
`
|
||||
|
||||
type GetWishByGuidWithPrivacyParams struct {
|
||||
Requester string
|
||||
Guid string
|
||||
}
|
||||
|
||||
type GetWishByGuidWithPrivacyRow struct {
|
||||
ID int64
|
||||
Guid pgtype.UUID
|
||||
WishListID int64
|
||||
WishListGuid pgtype.UUID
|
||||
Name string
|
||||
Description string
|
||||
PictureUrl string
|
||||
Stars int16
|
||||
CreationDate pgtype.Timestamp
|
||||
Fulfilled bool
|
||||
FulfilledDate pgtype.Timestamp
|
||||
Deleted bool
|
||||
AccessAllowed bool
|
||||
}
|
||||
|
||||
// XXX: Obsolete, use the according access check query instead
|
||||
func (q *Queries) GetWishByGuidWithPrivacy(ctx context.Context, arg GetWishByGuidWithPrivacyParams) (GetWishByGuidWithPrivacyRow, error) {
|
||||
row := q.db.QueryRow(ctx, getWishByGuidWithPrivacy, arg.Requester, arg.Guid)
|
||||
var i GetWishByGuidWithPrivacyRow
|
||||
err := row.Scan(
|
||||
&i.ID,
|
||||
&i.Guid,
|
||||
&i.WishListID,
|
||||
&i.WishListGuid,
|
||||
&i.Name,
|
||||
&i.Description,
|
||||
&i.PictureUrl,
|
||||
&i.Stars,
|
||||
&i.CreationDate,
|
||||
&i.Fulfilled,
|
||||
&i.FulfilledDate,
|
||||
&i.Deleted,
|
||||
&i.AccessAllowed,
|
||||
)
|
||||
return i, err
|
||||
}
|
||||
|
||||
const getWishlistByGuid = `-- name: GetWishlistByGuid :one
|
||||
SELECT id, guid, profile_id, hidden, name, icon_name, color, color_grad, deleted FROM wish_lists wl
|
||||
WHERE wl.guid = ($1::text)::uuid
|
||||
@@ -1240,7 +1207,6 @@ type GetWishlistsByUsernameWithPrivacyRow struct {
|
||||
AccessAllowed bool
|
||||
}
|
||||
|
||||
// XXX: Obsolete, use the according access check query instead
|
||||
func (q *Queries) GetWishlistsByUsernameWithPrivacy(ctx context.Context, arg GetWishlistsByUsernameWithPrivacyParams) ([]GetWishlistsByUsernameWithPrivacyRow, error) {
|
||||
rows, err := q.db.Query(ctx, getWishlistsByUsernameWithPrivacy, arg.Requester, arg.Username)
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user