scout_ante/dashboard-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check support team data

Browse Source
This commit is contained in:
rxdn 2021-10-30 14:06:49 +01:00
parent f6a1cb90d0
commit 88c8c691dd
7 changed files with 245 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/http/endpoints/api/ticket/getticket.go
View File

@ -17,6 +17,7 @@ var MentionRegex, _ = regexp.Compile("<@(\\d+)>")
func GetTicket(ctx *gin.Context) {
guildId := ctx.Keys["guildid"].(uint64)
userId := ctx.Keys["userid"].(uint64)
botContext, err := botcontext.ContextForGuild(guildId)
if err != nil {
@ -62,6 +63,17 @@ func GetTicket(ctx *gin.Context) {
return
}
hasPermission, err := utils.HasPermissionToViewTicket(guildId, userId, ticket)
if err != nil {
ctx.JSON(500, utils.ErrorJson(err))
return
}
if !hasPermission {
ctx.JSON(403, utils.ErrorStr("You do not have permission to view this ticket"))
return
}
messagesFormatted := make([]map[string]interface{}, 0)
if ticket.ChannelId != nil {
// Get messages

9
app/http/endpoints/api/transcripts/get.go
View File

@ -2,10 +2,9 @@ package api
import (
"errors"
"github.com/TicketsBot/GoPanel/database"
dbclient "github.com/TicketsBot/GoPanel/database"
"github.com/TicketsBot/GoPanel/utils"
"github.com/TicketsBot/archiverclient"
"github.com/TicketsBot/common/permission"
"github.com/gin-gonic/gin"
"strconv"
)
@ -22,7 +21,7 @@ func GetTranscriptHandler(ctx *gin.Context) {
}
// get ticket object
ticket, err := database.Client.Tickets.Get(ticketId, guildId)
ticket, err := dbclient.Client.Tickets.Get(ticketId, guildId)
if err != nil {
ctx.AbortWithStatusJSON(500, gin.H{
"success": false,
@ -40,13 +39,13 @@ func GetTranscriptHandler(ctx *gin.Context) {
// Verify the user has permissions to be here
// ticket.UserId cannot be 0
if ticket.UserId != userId {
permLevel, err := utils.GetPermissionLevel(guildId, userId)
hasPermission, err := utils.HasPermissionToViewTicket(guildId, userId, ticket)
if err != nil {
ctx.JSON(500, utils.ErrorJson(err))
return
}
if permLevel < permission.Support {
if !hasPermission {
ctx.JSON(403, utils.ErrorStr("You do not have permission to view this transcript"))
return
}

6
app/http/server.go
View File

@ -77,14 +77,16 @@ func StartServer() {
middleware.Logging,
)
guildAuthApiAdmin.GET("/settings", api_settings.GetSettingsHandler)
// Must be readable to load transcripts page
guildAuthApiSupport.GET("/settings", api_settings.GetSettingsHandler)
guildAuthApiAdmin.POST("/settings", api_settings.UpdateSettingsHandler)
guildAuthApiSupport.GET("/blacklist", api_blacklist.GetBlacklistHandler)
guildAuthApiSupport.POST("/blacklist/:user", api_blacklist.AddBlacklistHandler)
guildAuthApiSupport.DELETE("/blacklist/:user", api_blacklist.RemoveBlacklistHandler)
guildAuthApiAdmin.GET("/panels", api_panels.ListPanels)
// Must be readable to load transcripts page
guildAuthApiSupport.GET("/panels", api_panels.ListPanels)
guildAuthApiAdmin.POST("/panels", api_panels.CreatePanel)
guildAuthApiAdmin.POST("/panels/:panelid", rl(middleware.RateLimitTypeGuild, 5, 5*time.Second), api_panels.ResendPanel)
guildAuthApiAdmin.PATCH("/panels/:panelid", api_panels.UpdatePanel)

101
frontend/src/components/manage/PanelCreationForm.svelte
View File

@ -1,62 +1,64 @@
<form class="settings-form" on:submit|preventDefault>
<div class="row">
<div class="col-1-3">
<Input label="Panel Title" placeholder="Open a ticket!" col1=true bind:value={data.title}/>
</div>
<div class="col-2-3">
<div class="row">
<div class="col-1-3">
<Input label="Panel Title" placeholder="Open a ticket!" col1=true bind:value={data.title}/>
</div>
<div class="col-2-3">
<Textarea col1=true label="Panel Content" placeholder="By clicking the button, a ticket will be opened for you."
bind:value={data.content}/>
</div>
</div>
</div>
<div class="row">
<Colour col4=true label="Panel Colour" on:change={updateColour} bind:value={tempColour}/>
<ChannelDropdown label="Panel Channel" col4=true {channels} bind:value={data.channel_id}/>
<CategoryDropdown label="Ticket Category" col4=true {channels} bind:value={data.category_id}/>
<EmojiInput label="Button Emoji" col4=true bind:value={data.emote}/>
</div>
<div class="row">
<Dropdown col4=true label="Button Style" bind:value={data.button_style}>
<option value="1">Blue</option>
<option value="2">Grey</option>
<option value="3">Green</option>
<option value="4">Red</option>
</Dropdown>
</div>
<div class="row" style="justify-content: center">
<div class="col-3">
<Button icon="fas fa-sliders-h" fullWidth=true type="button"
on:click={toggleAdvancedSettings}>Toggle Advanced Settings
</Button>
<div class="row">
<Colour col4=true label="Panel Colour" on:change={updateColour} bind:value={tempColour}/>
<ChannelDropdown label="Panel Channel" col4=true {channels} bind:value={data.channel_id}/>
<CategoryDropdown label="Ticket Category" col4=true {channels} bind:value={data.category_id}/>
<EmojiInput label="Button Emoji" col4=true bind:value={data.emote}/>
</div>
</div>
<div class="row advanced-settings" class:advanced-settings-show={advancedSettings}
class:advanced-settings-hide={!advancedSettings} class:show-overflow={overflowShow}>
<div class="inner" class:inner-show={advancedSettings}>
<div class="row">
<div class="row">
<Dropdown col4=true label="Button Style" bind:value={data.button_style}>
<option value="1">Blue</option>
<option value="2">Grey</option>
<option value="3">Green</option>
<option value="4">Red</option>
</Dropdown>
</div>
<div class="row" style="justify-content: center">
<div class="col-3">
<Button icon="fas fa-sliders-h" fullWidth=true type="button"
on:click={toggleAdvancedSettings}>Toggle Advanced Settings
</Button>
</div>
</div>
<div class="row advanced-settings" class:advanced-settings-show={advancedSettings}
class:advanced-settings-hide={!advancedSettings} class:show-overflow={overflowShow}>
<div class="inner" class:inner-show={advancedSettings}>
<div class="row">
<Textarea col1=true bind:value={data.welcome_message} label="Welcome Message"
placeholder="If blank, your server's default welcome message will be used"
on:input={handleWelcomeMessageUpdate}/>
</div>
<div class="row">
<div class="col-2">
<label class="form-label">Mention On Open</label>
<div class="multiselect-super">
<Select items={mentionValues} bind:selectedValue={mentionsRaw} on:select={updateMentions} isMulti={true}/>
</div>
</div>
<div class="row">
<div class="col-2">
<label class="form-label">Mention On Open</label>
<div class="multiselect-super">
<Select items={mentionValues} bind:selectedValue={mentionsRaw} on:select={updateMentions}
isMulti={true}/>
</div>
</div>
<div class="col-2">
<label class="form-label">Support Teams</label>
<div class="multiselect-super">
<Select items={teamsItems} bind:selectedValue={teamsRaw} on:select={updateTeams}
isMulti={true}/>
</div>
</div>
</div>
<div class="row">
<Input col2={true} label="Large Image URL" bind:value={data.image_url}/>
<Input col2={true} label="Small Image URL" bind:value={data.thumbnail_url}/>
</div>
</div>
<div class="col-2">
<label class="form-label">Support Teams</label>
<div class="multiselect-super">
<Select items={teamsItems} bind:selectedValue={teamsRaw} on:select={updateTeams} isMulti={true}/>
</div>
</div>
</div>
<div class="row">
<Input col2={true} label="Large Image URL" bind:value={data.image_url}/>
<Input col2={true} label="Small Image URL" bind:value={data.thumbnail_url}/>
</div>
</div>
</div>
</form>
<script>
@ -123,6 +125,7 @@
function updateTeams() {
if (teamsRaw === undefined) {
data.default_team = false;
data.teams = [];
} else {
data.default_team = teamsRaw.find((option) => option.value === 'default') !== undefined;

2
go.mod
View File

@ -6,7 +6,7 @@ require (
github.com/BurntSushi/toml v0.3.1
github.com/TicketsBot/archiverclient v0.0.0-20210220155137-a562b2f1bbbb
github.com/TicketsBot/common v0.0.0-20210910205523-7ce93fba6fa5
github.com/TicketsBot/database v0.0.0-20211029152712-e9861d66f2d6
github.com/TicketsBot/database v0.0.0-20211030123522-eeed94443867
github.com/TicketsBot/worker v0.0.0-20210910205947-89f7bd5ccf67
github.com/apex/log v1.1.2
github.com/boj/redistore v0.0.0-20180917114910-cd5dcc76aeff // indirect

4
go.sum
View File

@ -14,8 +14,8 @@ github.com/TicketsBot/common v0.0.0-20210910205523-7ce93fba6fa5/go.mod h1:SVwX6g
github.com/TicketsBot/database v0.0.0-20200516170158-fd8a949aec2c/go.mod h1:eky4tBL+IZ0svPgTT0N/9i6j7ygHDQH3784DW+HgfcA=
github.com/TicketsBot/database v0.0.0-20210902172951-4e1f8ced84b7/go.mod h1:A4T2uQFIWC/ttCYpfgv7AkPjR09mMRgzG13lgoV/+aI=
github.com/TicketsBot/database v0.0.0-20210906215136-2d0c54bd1109/go.mod h1:A4T2uQFIWC/ttCYpfgv7AkPjR09mMRgzG13lgoV/+aI=
github.com/TicketsBot/database v0.0.0-20211029152712-e9861d66f2d6 h1:vb+Ia5kBlW3AwQBX384GH4tgGUFmuVNazNXoGEezGrI=
github.com/TicketsBot/database v0.0.0-20211029152712-e9861d66f2d6/go.mod h1:72oWvH/Gq1iKeXCZhVRZn1JFbNVC5iAgERZWTrEarEo=
github.com/TicketsBot/database v0.0.0-20211030123522-eeed94443867 h1:2tYF3avpUUY1voXuzcY2gQHggnk17M+1btblS7Zkygk=
github.com/TicketsBot/database v0.0.0-20211030123522-eeed94443867/go.mod h1:72oWvH/Gq1iKeXCZhVRZn1JFbNVC5iAgERZWTrEarEo=
github.com/TicketsBot/logarchiver v0.0.0-20200423221245-a3f92edf8c14/go.mod h1:whts8TRxrAF4WuDuEAMllkWA/inKem0NhDEFeyuoOvE=
github.com/TicketsBot/ttlcache v1.6.1-0.20200405150101-acc18e37b261 h1:NHD5GB6cjlkpZFjC76Yli2S63/J2nhr8MuE6KlYJpQM=
github.com/TicketsBot/ttlcache v1.6.1-0.20200405150101-acc18e37b261/go.mod h1:2zPxDAN2TAPpxUPjxszjs3QFKreKrQh5al/R3cMXmYk=

171
utils/permissionutils.go
View File

@ -2,7 +2,11 @@ package utils
import (
"github.com/TicketsBot/GoPanel/botcontext"
dbclient "github.com/TicketsBot/GoPanel/database"
"github.com/TicketsBot/common/permission"
"github.com/TicketsBot/database"
"github.com/rxdn/gdl/objects/member"
discordperms "github.com/rxdn/gdl/permission"
)
func GetPermissionLevel(guildId, userId uint64) (permission.PermissionLevel, error) {
@ -23,4 +27,169 @@ func GetPermissionLevel(guildId, userId uint64) (permission.PermissionLevel, err
}
return permission.GetPermissionLevel(botContext, member, guildId)
}
}
// TODO: Use this on the ticket list
func HasPermissionToViewTicket(guildId, userId uint64, ticket database.Ticket) (bool, error) {
// If user opened the ticket, they will always have permission
if ticket.UserId == userId && ticket.GuildId == guildId {
return true, nil
}
// Admin override
botContext, err := botcontext.ContextForGuild(guildId)
if err != nil {
return false, err
}
if botContext.IsBotAdmin(userId) {
return true, nil
}
// Check if server owner
guild, err := botContext.GetGuild(guildId)
if err != nil {
return false, err
}
if guild.OwnerId == userId {
return true, nil
}
member, err := botContext.GetGuildMember(guildId, userId)
if err != nil {
return false, err
}
// Admins should have access to all tickets
isAdmin, err := dbclient.Client.Permissions.IsAdmin(guildId, userId)
if err != nil {
return false, err
}
if isAdmin {
return true, nil
}
// TODO: Check in db
adminRoles, err := dbclient.Client.RolePermissions.GetAdminRoles(guildId)
if err != nil {
return false, err
}
for _, roleId := range adminRoles {
if member.HasRole(roleId) {
return true, nil
}
}
// If ticket is not from a panel, we can use default team perms
if ticket.PanelId == nil {
canView, err := isOnDefaultTeam(guildId, userId, botContext, member)
if err != nil {
return false, err
}
return canView, nil
} else {
panel, err := dbclient.Client.Panel.GetById(*ticket.PanelId)
if err != nil {
return false, err
}
if panel.WithDefaultTeam {
canView, err := isOnDefaultTeam(guildId, userId, botContext, member)
if err != nil {
return false, err
}
if canView {
return true, nil
}
} else { // If panel does not use default team, check support teams
supportTeams, err := dbclient.Client.PanelTeams.GetTeams(*ticket.PanelId)
if err != nil {
return false, err
}
var supportTeamIds []int
for _, team := range supportTeams {
supportTeamIds = append(supportTeamIds, team.Id)
}
// Check if user is added to support team directly
isSupport, err := dbclient.Client.SupportTeamMembers.IsSupportSubset(guildId, userId, supportTeamIds)
if err != nil {
return false, err
}
if isSupport {
return true, nil
}
// Check if user is added to support team via a role
isSupport, err = dbclient.Client.SupportTeamRoles.IsSupportAnySubset(guildId, member.Roles, supportTeamIds)
if err != nil {
return false, err
}
if isSupport {
return true, nil
}
}
return false, nil
}
}
func isOnDefaultTeam(guildId, userId uint64, ctx botcontext.BotContext, member member.Member) (bool, error) {
// Check user perms for admin
if isAdmin, err := dbclient.Client.Permissions.IsAdmin(guildId, userId); err == nil {
if isAdmin {
return true, nil
}
} else {
return false, err
}
// Check roles from DB
adminRoles, err := dbclient.Client.RolePermissions.GetAdminRoles(guildId)
if err != nil {
return false, err
}
for _, adminRoleId := range adminRoles {
if member.HasRole(adminRoleId) {
return true, nil
}
}
// Check if user has Administrator permission
hasAdminPermission := permission.HasPermissions(ctx, guildId, member.User.Id, discordperms.Administrator)
if hasAdminPermission {
return true, nil
}
// Check user perms for support
if isSupport, err := dbclient.Client.Permissions.IsSupport(guildId, member.User.Id); err == nil {
if isSupport {
return true, nil
}
} else {
return false, err
}
// Check DB for support roles
supportRoles, err := dbclient.Client.RolePermissions.GetSupportRoles(guildId)
if err != nil {
return false, err
}
for _, supportRoleId := range supportRoles {
if member.HasRole(supportRoleId) {
return false, nil
}
}
return false, nil
}