protected async Task RequirePermission(ulong guildId, int caseId, APIActionPermission permission)
{
Identity currentIdentity = await GetIdentity();
ModCase modCase = await ModCaseRepository.CreateDefault(_serviceProvider, currentIdentity).GetModCase(guildId, caseId);
if (modCase == null)
{
throw new ResourceNotFoundException();
}
if (!await currentIdentity.IsAllowedTo(permission, modCase))
{
throw new UnauthorizedException();
}
if (modCase.MarkedToDeleteAt != null && permission == APIActionPermission.Edit)
{
throw new CaseMarkedToBeDeletedException();
}
}
public async Task <bool> IsAllowedTo(APIActionPermission permission, CaseTemplate caseTemplate)
{
if (currentUser == null)
{
return(false);
}
if (caseTemplate == null)
{
return(false);
}
if (IsSiteAdmin())
{
return(true);
}
switch (permission)
{
case APIActionPermission.View:
if (caseTemplate.UserId == currentUser.Id)
{
return(true);
}
if (caseTemplate.ViewPermission == ViewPermission.Self)
{
return(false);
}
if (caseTemplate.ViewPermission == ViewPermission.Global)
{
return(true);
}
return(await HasPermissionOnGuild(DiscordPermission.Moderator, caseTemplate.CreatedForGuildId));
case APIActionPermission.Edit:
case APIActionPermission.Delete:
return(await HasPermissionOnGuild(DiscordPermission.Moderator, caseTemplate.CreatedForGuildId) && caseTemplate.UserId == currentUser.Id);
case APIActionPermission.ForceDelete:
return(false); // only siteadmin
default:
return(false);
}
}
public async Task <bool> IsAllowedTo(APIActionPermission permission, ModCase modCase)
{
if (modCase == null)
{
return(false);
}
if (IsSiteAdmin())
{
return(true);
}
switch (permission)
{
case APIActionPermission.View:
if (currentUser == null)
{
return(false);
}
return(modCase.UserId == currentUser.Id || await HasPermissionOnGuild(DiscordPermission.Moderator, modCase.GuildId));
case APIActionPermission.Delete:
return(await HasPermissionOnGuild(DiscordPermission.Moderator, modCase.GuildId));
case APIActionPermission.ForceDelete:
return(false); // only siteadmin
case APIActionPermission.Edit:
GuildConfig guildConfig;
try
{
using var scope = _serviceProvider.CreateScope();
guildConfig = await GuildConfigRepository.CreateDefault(scope.ServiceProvider).GetGuildConfig(modCase.GuildId);
}
catch (ResourceNotFoundException)
{
return(false);
}
if (guildConfig.StrictModPermissionCheck && modCase.PunishmentType != PunishmentType.Warn)
{
GuildPermission x = GuildPermission.CreateInstantInvite;
if (modCase.PunishmentType == PunishmentType.Kick)
{
x = GuildPermission.KickMembers;
}
if (modCase.PunishmentType == PunishmentType.Ban)
{
x = GuildPermission.BanMembers;
}
if (modCase.PunishmentType == PunishmentType.Mute)
{
x = GuildPermission.ManageRoles;
}
if (await HasPermissionOnGuild(DiscordPermission.Admin, modCase.GuildId))
{
return(true);
}
return(await HasPermissionOnGuild(DiscordPermission.Moderator, modCase.GuildId) &&
await HasRolePermissionInGuild(modCase.GuildId, x));
}
return(await HasPermissionOnGuild(DiscordPermission.Moderator, modCase.GuildId));
}
return(false);
}
