From 39fd7577b87ca7f2cc1ee4e637ff1efe40e7d2bb Mon Sep 17 00:00:00 2001 From: Luna Date: Tue, 23 Jul 2019 14:52:26 -0300 Subject: [PATCH 1/4] channel.messages: add checks for Embed Links permission --- litecord/blueprints/channel/messages.py | 37 +++++++++++++------------ 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/litecord/blueprints/channel/messages.py b/litecord/blueprints/channel/messages.py index 6a49e9c..6efe56b 100644 --- a/litecord/blueprints/channel/messages.py +++ b/litecord/blueprints/channel/messages.py @@ -32,6 +32,7 @@ from litecord.enums import MessageType, ChannelType, GUILD_CHANS from litecord.snowflake import get_snowflake from litecord.schemas import validate, MESSAGE_CREATE from litecord.utils import pg_set_json +from litecord.permissions import get_permissions from litecord.embed.sanitizer import fill_embed from litecord.embed.messages import process_url_embed @@ -360,6 +361,14 @@ async def msg_add_attachment(message_id: int, channel_id: int, return attachment_id +async def _spawn_embed(app, payload, **kwargs): + app.sched.spawn( + process_url_embed( + app.config, app.storage, app.dispatcher, app.session, + payload, **kwargs) + ) + + @bp.route('//messages', methods=['POST']) async def _create_message(channel_id): """Create a message.""" @@ -424,12 +433,9 @@ async def _create_message(channel_id): 'MESSAGE_CREATE', payload) # spawn url processor for embedding of images - app.sched.spawn( - process_url_embed( - app.config, app.storage, app.dispatcher, app.session, - payload - ) - ) + perms = await get_permissions(user_id, channel_id) + if perms.bits.embed_links: + await _spawn_embed(app, payload) # update read state for the author await app.db.execute(""" @@ -487,17 +493,14 @@ async def edit_message(channel_id, message_id): # the artificial delay keeps consistency between the events, since # it makes more sense for the MESSAGE_UPDATE with new content to come # BEFORE the MESSAGE_UPDATE with the new embeds (based on content) - app.sched.spawn( - process_url_embed( - app.config, app.storage, app.dispatcher, app.session, - { - 'id': message_id, - 'channel_id': channel_id, - 'content': j['content'], - 'embeds': old_message['embeds'] - }, delay=0.2 - ) - ) + perms = await get_permissions(user_id, channel_id) + if perms.bits.embed_links: + await _spawn_embed(app, { + 'id': message_id, + 'channel_id': channel_id, + 'content': j['content'], + 'embeds': old_message['embeds'] + }, delay=0.2) # only set new timestamp upon actual update if updated: From db00724379cb195d5a79ff14ae43d983758e6b7d Mon Sep 17 00:00:00 2001 From: Luna Date: Tue, 23 Jul 2019 15:40:23 -0300 Subject: [PATCH 2/4] fix channel overwrite creation and constraints --- litecord/blueprints/channels.py | 11 +++++++---- litecord/storage.py | 4 ++-- .../scripts/2_fix_chan_overwrites_constraint.sql | 10 ++++++++++ 3 files changed, 19 insertions(+), 6 deletions(-) create mode 100644 manage/cmd/migration/scripts/2_fix_chan_overwrites_constraint.sql diff --git a/litecord/blueprints/channels.py b/litecord/blueprints/channels.py index bfb08dc..1dfcee9 100644 --- a/litecord/blueprints/channels.py +++ b/litecord/blueprints/channels.py @@ -278,19 +278,22 @@ async def _mass_chan_update(guild_id, channel_ids: List[Optional[int]]): async def _process_overwrites(channel_id: int, overwrites: list): for overwrite in overwrites: - # 0 for user overwrite, 1 for role overwrite - target_type = 0 if overwrite['type'] == 'user' else 1 + # 0 for member overwrite, 1 for role overwrite + target_type = 0 if overwrite['type'] == 'member' else 1 target_role = None if target_type == 0 else overwrite['id'] target_user = overwrite['id'] if target_type == 0 else None + col_name = 'target_user' if target_type == 0 else 'target_role' + constraint_name = f'channel_overwrites_target_{col_name}' + await app.db.execute( - """ + f""" INSERT INTO channel_overwrites (channel_id, target_type, target_role, target_user, allow, deny) VALUES ($1, $2, $3, $4, $5, $6) - ON CONFLICT ON CONSTRAINT channel_overwrites_uniq + ON CONFLICT ON CONSTRAINT {constraint_name} DO UPDATE SET allow = $5, deny = $6 diff --git a/litecord/storage.py b/litecord/storage.py index 79d07dd..58c7bd6 100644 --- a/litecord/storage.py +++ b/litecord/storage.py @@ -403,9 +403,9 @@ class Storage: drow = dict(row) target_type = drow['target_type'] - drow['type'] = 'user' if target_type == 0 else 'role' + drow['type'] = 'member' if target_type == 0 else 'role' - # if type is 0, the overwrite is for a user + # if type is 0, the overwrite is for a member # if type is 1, the overwrite is for a role drow['id'] = { 0: drow['target_user'], diff --git a/manage/cmd/migration/scripts/2_fix_chan_overwrites_constraint.sql b/manage/cmd/migration/scripts/2_fix_chan_overwrites_constraint.sql new file mode 100644 index 0000000..7816d00 --- /dev/null +++ b/manage/cmd/migration/scripts/2_fix_chan_overwrites_constraint.sql @@ -0,0 +1,10 @@ +ALTER TABLE channel_overwrites + DROP CONSTRAINT IF EXISTS channel_overwrites_uniq; + +ALTER TABLE channel_overwrites + ADD CONSTRAINT channel_overwrites_target_role_uniq + UNIQUE (channel_id, target_role); + +ALTER TABLE channel_overwrites + ADD CONSTRAINT channel_overwrites_target_user_uniq + UNIQUE (channel_id, target_user); From 2086ee284928e20677ad46c30e65dd50a919f7a8 Mon Sep 17 00:00:00 2001 From: Luna Date: Tue, 23 Jul 2019 15:46:00 -0300 Subject: [PATCH 3/4] channels: fix inferred constraint name --- litecord/blueprints/channels.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/litecord/blueprints/channels.py b/litecord/blueprints/channels.py index 1dfcee9..16de99b 100644 --- a/litecord/blueprints/channels.py +++ b/litecord/blueprints/channels.py @@ -284,7 +284,7 @@ async def _process_overwrites(channel_id: int, overwrites: list): target_user = overwrite['id'] if target_type == 0 else None col_name = 'target_user' if target_type == 0 else 'target_role' - constraint_name = f'channel_overwrites_target_{col_name}' + constraint_name = f'channel_overwrites_{col_name}_uniq' await app.db.execute( f""" From fa1151c759c73c066b4f5c2e518d0025fe0512d6 Mon Sep 17 00:00:00 2001 From: Luna Date: Tue, 23 Jul 2019 16:22:38 -0300 Subject: [PATCH 4/4] fix spawn_embed's app and remove where clauses for conflict row --- litecord/blueprints/channel/messages.py | 6 +++--- litecord/blueprints/channels.py | 4 ---- litecord/embed/messages.py | 2 +- 3 files changed, 4 insertions(+), 8 deletions(-) diff --git a/litecord/blueprints/channel/messages.py b/litecord/blueprints/channel/messages.py index 6efe56b..f051f1f 100644 --- a/litecord/blueprints/channel/messages.py +++ b/litecord/blueprints/channel/messages.py @@ -361,10 +361,10 @@ async def msg_add_attachment(message_id: int, channel_id: int, return attachment_id -async def _spawn_embed(app, payload, **kwargs): - app.sched.spawn( +async def _spawn_embed(app_, payload, **kwargs): + app_.sched.spawn( process_url_embed( - app.config, app.storage, app.dispatcher, app.session, + app_.config, app_.storage, app_.dispatcher, app_.session, payload, **kwargs) ) diff --git a/litecord/blueprints/channels.py b/litecord/blueprints/channels.py index 16de99b..6711181 100644 --- a/litecord/blueprints/channels.py +++ b/litecord/blueprints/channels.py @@ -297,10 +297,6 @@ async def _process_overwrites(channel_id: int, overwrites: list): DO UPDATE SET allow = $5, deny = $6 - WHERE channel_overwrites.channel_id = $1 - AND channel_overwrites.target_type = $2 - AND channel_overwrites.target_role = $3 - AND channel_overwrites.target_user = $4 """, channel_id, target_type, target_role, target_user, diff --git a/litecord/embed/messages.py b/litecord/embed/messages.py index a7004f8..1267538 100644 --- a/litecord/embed/messages.py +++ b/litecord/embed/messages.py @@ -156,7 +156,7 @@ async def process_url_embed(config, storage, dispatcher, if not new_embeds: return - log.debug('made {} thumbnail embeds for mid {}', + log.debug('made {} embeds for mid {}', len(new_embeds), message_id) await msg_update_embeds(payload, new_embeds, storage, dispatcher)