Fix bulk edit buf (#581)

* Fix bulk edit buf * fix mod msg * Fix other bug
modrinth · Apr 21, 2023 · 26157a0 · 26157a0
1 parent 00b0570
commit 26157a0
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 7 deletions.
diff --git a/src/database/models/project_item.rs b/src/database/models/project_item.rs
@@ -305,7 +305,8 @@ impl Project {
 
         let project_ids_parsed: Vec<i64> =
             project_ids.iter().map(|x| x.0).collect();
-        let projects = sqlx::query!(
+        let projects =
+            sqlx::query!(
             "
             SELECT id, project_type, title, description, downloads, follows,
                    icon_url, body, published,

diff --git a/src/routes/v2/projects.rs b/src/routes/v2/projects.rs
@@ -1084,7 +1084,8 @@ pub async fn project_edit(
 
             if let Some(moderation_message) = &new_project.moderation_message {
                 if !user.role.is_mod()
-                    && project_item.inner.status != ProjectStatus::Approved
+                    && (!project_item.inner.status.is_approved()
+                        || moderation_message != &None)
                 {
                     return Err(ApiError::CustomAuthentication(
                         "You do not have the permissions to edit the moderation message of this project!"
@@ -1109,7 +1110,8 @@ pub async fn project_edit(
                 &new_project.moderation_message_body
             {
                 if !user.role.is_mod()
-                    && project_item.inner.status != ProjectStatus::Approved
+                    && (!project_item.inner.status.is_approved()
+                        || moderation_message_body != &None)
                 {
                     return Err(ApiError::CustomAuthentication(
                         "You do not have the permissions to edit the moderation message body of this project!"
@@ -1276,10 +1278,10 @@ pub async fn projects_edit(
 
     for project in projects_data {
         if !user.role.is_mod() {
-            if let Some(member) = team_members
-                .iter()
-                .find(|x| x.team_id == project.inner.team_id)
-            {
+            if let Some(member) = team_members.iter().find(|x| {
+                x.team_id == project.inner.team_id
+                    && x.user.id == user.id.into()
+            }) {
                 if !member.permissions.contains(Permissions::EDIT_DETAILS) {
                     return Err(ApiError::CustomAuthentication(
                         format!("You do not have the permissions to bulk edit project {}!", project.inner.title),