diff --git a/src/auth/checks.rs b/src/auth/checks.rs index fdf173f8..8697f714 100644 --- a/src/auth/checks.rs +++ b/src/auth/checks.rs @@ -33,8 +33,9 @@ pub async fn is_visible_project( project_data: &Project, user_option: &Option, pool: &web::Data, + hide_unlisted: bool, ) -> Result { - filter_visible_project_ids(vec![project_data], user_option, pool) + filter_visible_project_ids(vec![project_data], user_option, pool, hide_unlisted) .await .map(|x| !x.is_empty()) } @@ -53,11 +54,13 @@ pub async fn filter_visible_projects( mut projects: Vec, user_option: &Option, pool: &web::Data, + hide_unlisted: bool, ) -> Result, ApiError> { let filtered_project_ids = filter_visible_project_ids( projects.iter().map(|x| &x.inner).collect_vec(), user_option, pool, + hide_unlisted, ) .await .unwrap(); @@ -74,17 +77,21 @@ pub async fn filter_visible_project_ids( projects: Vec<&Project>, user_option: &Option, pool: &web::Data, + hide_unlisted: bool, ) -> Result, ApiError> { let mut return_projects = Vec::new(); let mut check_projects = Vec::new(); // Return projects that are not hidden or we are a mod of for project in projects { - if !project.status.is_hidden() - || user_option - .as_ref() - .map(|x| x.role.is_mod()) - .unwrap_or(false) + if (if hide_unlisted { + project.status.is_searchable() + } else { + !project.status.is_hidden() + }) || user_option + .as_ref() + .map(|x| x.role.is_mod()) + .unwrap_or(false) { return_projects.push(project.id); } else if user_option.is_some() { @@ -233,6 +240,7 @@ pub async fn filter_visible_version_ids( .collect(), user_option, pool, + false, ) .await?; diff --git a/src/routes/maven.rs b/src/routes/maven.rs index aeb9bb88..37cfe17d 100644 --- a/src/routes/maven.rs +++ b/src/routes/maven.rs @@ -92,7 +92,7 @@ pub async fn maven_metadata( .map(|x| x.1) .ok(); - if !is_visible_project(&project.inner, &user_option, &pool).await? { + if !is_visible_project(&project.inner, &user_option, &pool, false).await? { return Err(ApiError::NotFound); } @@ -286,7 +286,7 @@ pub async fn version_file( .map(|x| x.1) .ok(); - if !is_visible_project(&project.inner, &user_option, &pool).await? { + if !is_visible_project(&project.inner, &user_option, &pool, false).await? { return Err(ApiError::NotFound); } @@ -347,7 +347,7 @@ pub async fn version_file_sha1( .map(|x| x.1) .ok(); - if !is_visible_project(&project.inner, &user_option, &pool).await? { + if !is_visible_project(&project.inner, &user_option, &pool, false).await? { return Err(ApiError::NotFound); } @@ -389,7 +389,7 @@ pub async fn version_file_sha512( .map(|x| x.1) .ok(); - if !is_visible_project(&project.inner, &user_option, &pool).await? { + if !is_visible_project(&project.inner, &user_option, &pool, false).await? { return Err(ApiError::NotFound); } diff --git a/src/routes/updates.rs b/src/routes/updates.rs index f5688a91..e3e9c7fa 100644 --- a/src/routes/updates.rs +++ b/src/routes/updates.rs @@ -57,7 +57,7 @@ pub async fn forge_updates( .map(|x| x.1) .ok(); - if !is_visible_project(&project.inner, &user_option, &pool).await? { + if !is_visible_project(&project.inner, &user_option, &pool, false).await? { return Err(ApiError::InvalidInput(ERROR.to_string())); } diff --git a/src/routes/v3/organizations.rs b/src/routes/v3/organizations.rs index 9d29b0a1..48b2867b 100644 --- a/src/routes/v3/organizations.rs +++ b/src/routes/v3/organizations.rs @@ -85,7 +85,7 @@ pub async fn organization_projects_get( let projects_data = crate::database::models::Project::get_many_ids(&project_ids, &**pool, &redis).await?; - let projects = filter_visible_projects(projects_data, ¤t_user, &pool).await?; + let projects = filter_visible_projects(projects_data, ¤t_user, &pool, true).await?; Ok(HttpResponse::Ok().json(projects)) } diff --git a/src/routes/v3/projects.rs b/src/routes/v3/projects.rs index 8a426e3f..4ba06ea4 100644 --- a/src/routes/v3/projects.rs +++ b/src/routes/v3/projects.rs @@ -137,7 +137,7 @@ pub async fn projects_get( .map(|x| x.1) .ok(); - let projects = filter_visible_projects(projects_data, &user_option, &pool).await?; + let projects = filter_visible_projects(projects_data, &user_option, &pool, false).await?; Ok(HttpResponse::Ok().json(projects)) } @@ -164,7 +164,7 @@ pub async fn project_get( .ok(); if let Some(data) = project_data { - if is_visible_project(&data.inner, &user_option, &pool).await? { + if is_visible_project(&data.inner, &user_option, &pool, false).await? { return Ok(HttpResponse::Ok().json(Project::from(data))); } } @@ -971,7 +971,7 @@ pub async fn dependency_list( .ok(); if let Some(project) = result { - if !is_visible_project(&project.inner, &user_option, &pool).await? { + if !is_visible_project(&project.inner, &user_option, &pool, false).await? { return Err(ApiError::NotFound); } @@ -2064,7 +2064,7 @@ pub async fn project_follow( let user_id: db_ids::UserId = user.id.into(); let project_id: db_ids::ProjectId = result.inner.id; - if !is_visible_project(&result.inner, &Some(user), &pool).await? { + if !is_visible_project(&result.inner, &Some(user), &pool, false).await? { return Err(ApiError::NotFound); } @@ -2215,7 +2215,7 @@ pub async fn project_get_organization( ApiError::InvalidInput("The specified project does not exist!".to_string()) })?; - if !is_visible_project(&result.inner, ¤t_user, &pool).await? { + if !is_visible_project(&result.inner, ¤t_user, &pool, false).await? { Err(ApiError::InvalidInput( "The specified project does not exist!".to_string(), )) diff --git a/src/routes/v3/teams.rs b/src/routes/v3/teams.rs index 9191b20b..bb93ebe7 100644 --- a/src/routes/v3/teams.rs +++ b/src/routes/v3/teams.rs @@ -60,7 +60,7 @@ pub async fn team_members_get_project( .map(|x| x.1) .ok(); - if !is_visible_project(&project.inner, ¤t_user, &pool).await? { + if !is_visible_project(&project.inner, ¤t_user, &pool, false).await? { return Err(ApiError::NotFound); } let members_data = diff --git a/src/routes/v3/users.rs b/src/routes/v3/users.rs index 455e6fb0..f2cb1629 100644 --- a/src/routes/v3/users.rs +++ b/src/routes/v3/users.rs @@ -69,7 +69,7 @@ pub async fn projects_list( let projects: Vec<_> = crate::database::Project::get_many_ids(&project_data, &**pool, &redis).await?; - let projects = filter_visible_projects(projects, &user, &pool).await?; + let projects = filter_visible_projects(projects, &user, &pool, true).await?; Ok(HttpResponse::Ok().json(projects)) } else { Err(ApiError::NotFound) diff --git a/src/routes/v3/version_file.rs b/src/routes/v3/version_file.rs index 8d3885c8..8400cfbd 100644 --- a/src/routes/v3/version_file.rs +++ b/src/routes/v3/version_file.rs @@ -283,6 +283,7 @@ pub async fn get_projects_from_hashes( database::models::Project::get_many_ids(&project_ids, &**pool, &redis).await?, &user_option, &pool, + false, ) .await?; diff --git a/src/routes/v3/versions.rs b/src/routes/v3/versions.rs index 1ec821f0..01d96142 100644 --- a/src/routes/v3/versions.rs +++ b/src/routes/v3/versions.rs @@ -80,7 +80,7 @@ pub async fn version_project_get_helper( .ok(); if let Some(project) = result { - if !is_visible_project(&project.inner, &user_option, &pool).await? { + if !is_visible_project(&project.inner, &user_option, &pool, false).await? { return Err(ApiError::NotFound); } @@ -724,7 +724,7 @@ pub async fn version_list( .ok(); if let Some(project) = result { - if !is_visible_project(&project.inner, &user_option, &pool).await? { + if !is_visible_project(&project.inner, &user_option, &pool, false).await? { return Err(ApiError::NotFound); }