From c7803078726baf66fb30e4e2b310c5be75e82623 Mon Sep 17 00:00:00 2001
From: rxdn <dotrar@protonmail.com>
Date: Sat, 4 Jul 2020 19:42:13 +0100
Subject: [PATCH] give support reps access

---
 app/http/endpoints/api/getpermissionlevel.go | 36 ++++++++++
 app/http/middleware/authenticateguild.go     |  4 +-
 app/http/server.go                           | 76 ++++++++++----------
 public/templates/views/index.tmpl            | 22 +++++-
 4 files changed, 99 insertions(+), 39 deletions(-)
 create mode 100644 app/http/endpoints/api/getpermissionlevel.go

diff --git a/app/http/endpoints/api/getpermissionlevel.go b/app/http/endpoints/api/getpermissionlevel.go
new file mode 100644
index 0000000..b877db5
--- /dev/null
+++ b/app/http/endpoints/api/getpermissionlevel.go
@@ -0,0 +1,36 @@
+package api
+
+import (
+	"fmt"
+	"github.com/TicketsBot/GoPanel/utils"
+	"github.com/TicketsBot/common/permission"
+	"github.com/gin-gonic/gin"
+	"strconv"
+	"strings"
+)
+
+func GetPermissionLevel(ctx *gin.Context) {
+	userId := ctx.Keys["userid"].(uint64)
+
+	levels := make(map[string]permission.PermissionLevel)
+
+	for _, raw := range strings.Split(ctx.Query("guilds"), ",") {
+		guildId, err := strconv.ParseUint(raw, 10, 64)
+		if err != nil {
+			ctx.JSON(400, gin.H{
+				"success": false,
+				"error": fmt.Sprintf("invalid guild id: %s", raw),
+			})
+			return
+		}
+
+		level := utils.GetPermissionLevel(guildId, userId)
+		levels[strconv.FormatUint(guildId, 10)] = level
+	}
+
+
+	ctx.JSON(200, gin.H{
+		"success": true,
+		"levels": levels,
+	})
+}
diff --git a/app/http/middleware/authenticateguild.go b/app/http/middleware/authenticateguild.go
index 56879b1..2609dce 100644
--- a/app/http/middleware/authenticateguild.go
+++ b/app/http/middleware/authenticateguild.go
@@ -11,7 +11,7 @@ import (
 )
 
 // requires AuthenticateCookie middleware to be run before
-func AuthenticateGuild(isApiMethod bool) gin.HandlerFunc {
+func AuthenticateGuild(isApiMethod bool, requiredPermissionLevel permission.PermissionLevel) gin.HandlerFunc {
 	return func(ctx *gin.Context) {
 		if guildId, ok := ctx.Params.Get("id"); ok {
 			parsed, err := strconv.ParseUint(guildId, 10, 64)
@@ -46,7 +46,7 @@ func AuthenticateGuild(isApiMethod bool) gin.HandlerFunc {
 
 			// Verify the user has permissions to be here
 			userId := ctx.Keys["userid"].(uint64)
-			if utils.GetPermissionLevel(guild.Id, userId) != permission.Admin {
+			if utils.GetPermissionLevel(guild.Id, userId) < requiredPermissionLevel {
 				if isApiMethod {
 					ctx.AbortWithStatusJSON(403, gin.H{
 						"success": false,
diff --git a/app/http/server.go b/app/http/server.go
index a4cec81..47ca281 100644
--- a/app/http/server.go
+++ b/app/http/server.go
@@ -7,6 +7,7 @@ import (
 	"github.com/TicketsBot/GoPanel/app/http/endpoints/root"
 	"github.com/TicketsBot/GoPanel/app/http/middleware"
 	"github.com/TicketsBot/GoPanel/config"
+	"github.com/TicketsBot/common/permission"
 	"github.com/gin-contrib/multitemplate"
 	"github.com/gin-contrib/static"
 	"github.com/gin-gonic/contrib/sessions"
@@ -53,67 +54,70 @@ func StartServer() {
 	{
 		authorized.POST("/token", api.TokenHandler)
 
-		authenticateGuild := authorized.Group("/", middleware.AuthenticateGuild(false))
+		authenticateGuildAdmin := authorized.Group("/", middleware.AuthenticateGuild(false, permission.Admin))
+		authenticateGuildSupport := authorized.Group("/", middleware.AuthenticateGuild(false, permission.Support))
 
 		authorized.GET("/", root.IndexHandler)
 		authorized.GET("/whitelabel", root.WhitelabelHandler)
 		authorized.GET("/logout", root.LogoutHandler)
 
-		authenticateGuild.GET("/manage/:id/settings", manage.SettingsHandler)
-		authenticateGuild.GET("/manage/:id/logs", manage.LogsHandler)
-		authenticateGuild.GET("/manage/:id/logs/modmail", manage.ModmailLogsHandler)
-		authenticateGuild.GET("/manage/:id/blacklist", manage.BlacklistHandler)
-		authenticateGuild.GET("/manage/:id/panels", manage.PanelHandler)
-		authenticateGuild.GET("/manage/:id/tags", manage.TagsHandler)
+		authenticateGuildAdmin.GET("/manage/:id/settings", manage.SettingsHandler)
+		authenticateGuildSupport.GET("/manage/:id/logs", manage.LogsHandler)
+		authenticateGuildSupport.GET("/manage/:id/logs/modmail", manage.ModmailLogsHandler)
+		authenticateGuildSupport.GET("/manage/:id/blacklist", manage.BlacklistHandler)
+		authenticateGuildAdmin.GET("/manage/:id/panels", manage.PanelHandler)
+		authenticateGuildSupport.GET("/manage/:id/tags", manage.TagsHandler)
 
-		authenticateGuild.GET("/manage/:id/tickets", manage.TicketListHandler)
-		authenticateGuild.GET("/manage/:id/tickets/view/:ticketId", manage.TicketViewHandler)
+		authenticateGuildSupport.GET("/manage/:id/tickets", manage.TicketListHandler)
+		authenticateGuildSupport.GET("/manage/:id/tickets/view/:ticketId", manage.TicketViewHandler)
 
 		authorized.GET("/webchat", manage.WebChatWs)
 	}
 
 	apiGroup := router.Group("/api", middleware.AuthenticateToken)
-	guildAuthApi := apiGroup.Group("/:id", middleware.AuthenticateGuild(true))
+	guildAuthApiAdmin := apiGroup.Group("/:id", middleware.AuthenticateGuild(true, permission.Admin))
+	guildAuthApiSupport := apiGroup.Group("/:id", middleware.AuthenticateGuild(true, permission.Support))
 	{
-		guildAuthApi.GET("/channels", api.ChannelsHandler)
-		guildAuthApi.GET("/premium", api.PremiumHandler)
-		guildAuthApi.GET("/user/:user", api.UserHandler)
-		guildAuthApi.GET("/roles", api.RolesHandler)
+		guildAuthApiSupport.GET("/channels", api.ChannelsHandler)
+		guildAuthApiSupport.GET("/premium", api.PremiumHandler)
+		guildAuthApiSupport.GET("/user/:user", api.UserHandler)
+		guildAuthApiSupport.GET("/roles", api.RolesHandler)
 
-		guildAuthApi.GET("/settings", api.GetSettingsHandler)
-		guildAuthApi.POST("/settings", api.UpdateSettingsHandler)
+		guildAuthApiAdmin.GET("/settings", api.GetSettingsHandler)
+		guildAuthApiAdmin.POST("/settings", api.UpdateSettingsHandler)
 
-		guildAuthApi.GET("/blacklist", api.GetBlacklistHandler)
-		guildAuthApi.PUT("/blacklist", api.AddBlacklistHandler)
-		guildAuthApi.DELETE("/blacklist/:user", api.RemoveBlacklistHandler)
+		guildAuthApiSupport.GET("/blacklist", api.GetBlacklistHandler)
+		guildAuthApiSupport.PUT("/blacklist", api.AddBlacklistHandler)
+		guildAuthApiSupport.DELETE("/blacklist/:user", api.RemoveBlacklistHandler)
 
-		guildAuthApi.GET("/panels", api.ListPanels)
-		guildAuthApi.PUT("/panels", api.CreatePanel)
-		guildAuthApi.PUT("/panels/:message", api.UpdatePanel)
-		guildAuthApi.DELETE("/panels/:message", api.DeletePanel)
+		guildAuthApiAdmin.GET("/panels", api.ListPanels)
+		guildAuthApiAdmin.PUT("/panels", api.CreatePanel)
+		guildAuthApiAdmin.PUT("/panels/:message", api.UpdatePanel)
+		guildAuthApiAdmin.DELETE("/panels/:message", api.DeletePanel)
 
-		guildAuthApi.GET("/logs/", api.GetLogs)
-		guildAuthApi.GET("/modmail/logs/", api.GetModmailLogs)
+		guildAuthApiSupport.GET("/logs/", api.GetLogs)
+		guildAuthApiSupport.GET("/modmail/logs/", api.GetModmailLogs)
 
-		guildAuthApi.GET("/tickets", api.GetTickets)
-		guildAuthApi.GET("/tickets/:ticketId", api.GetTicket)
-		guildAuthApi.POST("/tickets/:ticketId", api.SendMessage)
-		guildAuthApi.DELETE("/tickets/:ticketId", api.CloseTicket)
+		guildAuthApiSupport.GET("/tickets", api.GetTickets)
+		guildAuthApiSupport.GET("/tickets/:ticketId", api.GetTicket)
+		guildAuthApiSupport.POST("/tickets/:ticketId", api.SendMessage)
+		guildAuthApiSupport.DELETE("/tickets/:ticketId", api.CloseTicket)
 
-		guildAuthApi.GET("/tags", api.TagsListHandler)
-		guildAuthApi.PUT("/tags", api.CreateTag)
-		guildAuthApi.DELETE("/tags/:tag", api.DeleteTag)
+		guildAuthApiSupport.GET("/tags", api.TagsListHandler)
+		guildAuthApiSupport.PUT("/tags", api.CreateTag)
+		guildAuthApiSupport.DELETE("/tags/:tag", api.DeleteTag)
 
-		guildAuthApi.GET("/claimsettings", api.GetClaimSettings)
-		guildAuthApi.POST("/claimsettings", api.PostClaimSettings)
+		guildAuthApiAdmin.GET("/claimsettings", api.GetClaimSettings)
+		guildAuthApiAdmin.POST("/claimsettings", api.PostClaimSettings)
 
-		guildAuthApi.GET("/autoclose", api.GetAutoClose)
-		guildAuthApi.POST("/autoclose", api.PostAutoClose)
+		guildAuthApiAdmin.GET("/autoclose", api.GetAutoClose)
+		guildAuthApiAdmin.POST("/autoclose", api.PostAutoClose)
 	}
 
 	userGroup := router.Group("/user", middleware.AuthenticateToken)
 	{
 		userGroup.GET("/guilds", api.GetGuilds)
+		userGroup.GET("/permissionlevel", api.GetPermissionLevel)
 
 		{
 			whitelabelGroup := userGroup.Group("/whitelabel", middleware.VerifyWhitelabel(false))
diff --git a/public/templates/views/index.tmpl b/public/templates/views/index.tmpl
index 67648d9..bbc1ba8 100644
--- a/public/templates/views/index.tmpl
+++ b/public/templates/views/index.tmpl
@@ -30,9 +30,22 @@
   </div>
 
   <script>
+      async function getPermissionLevels(guilds) {
+          const res = await axios.get('/user/permissionlevel?guilds=' + guilds.map(guild => guild.id).join(","));
+          if (res.status !== 200 || !res.data.success) {
+              showToast('Error', res.data.error);
+              return;
+          }
+
+          return res.data.levels;
+      }
+
       async function loadData() {
           const res = await axios.get('/user/guilds');
 
+          const permissionLevels = await getPermissionLevels(res.data);
+          console.log(permissionLevels)
+
           if (res.data.length > 0) {
               document.getElementById('guild-table').style.display = 'table';
 
@@ -43,7 +56,14 @@
                   const td = document.createElement('td');
 
                   const link = document.createElement('a');
-                  link.href = `/manage/${guild.id}/settings`;
+
+                  // admin
+                  if (permissionLevels[guild.id] === 2) {
+                      link.href = `/manage/${guild.id}/settings`;
+                  } else {
+                      link.href = `/manage/${guild.id}/logs`;
+                  }
+
                   link.classList.add('server');
                   link.appendChild(document.createTextNode(guild.name));