From a420c80765c52b639b9ced42001fd3548b942921 Mon Sep 17 00:00:00 2001
From: StNicolay <stnicolay2007@mail.ru>
Date: Fri, 9 Aug 2024 20:42:27 +0300
Subject: [PATCH] Last minute fixes

---
 sql/create_folder.sql                      |  4 +---
 sql/get_top_level_folder.sql               |  2 +-
 src/db/folder.rs                           | 22 ++++++++++++++++++----
 src/db/permissions.rs                      | 20 ++++++++++++++------
 src/db/users.rs                            |  2 +-
 src/endpoints/permissions/get_top_level.rs |  4 +++-
 src/endpoints/permissions/set.rs           |  7 +++++++
 7 files changed, 45 insertions(+), 16 deletions(-)

diff --git a/sql/create_folder.sql b/sql/create_folder.sql
index 086e43d..6c759b4 100644
--- a/sql/create_folder.sql
+++ b/sql/create_folder.sql
@@ -1,3 +1 @@
-INSERT INTO folders(parent_folder_id, owner_id, folder_name)
-SELECT $1, owner_id, $2 FROM folders WHERE parent_folder_id = $1
-RETURNING folder_id
\ No newline at end of file
+INSERT INTO folders(parent_folder_id, owner_id, folder_name, folder_id) VALUES ($1, $2, $3, $4)
\ No newline at end of file
diff --git a/sql/get_top_level_folder.sql b/sql/get_top_level_folder.sql
index c051601..fe3e714 100644
--- a/sql/get_top_level_folder.sql
+++ b/sql/get_top_level_folder.sql
@@ -8,7 +8,7 @@ WITH
             user_id = $1
     )
 SELECT
-    folder_id
+    folder_id, owner_id, folder_name, created_at
 FROM
     folders
 WHERE
diff --git a/src/db/folder.rs b/src/db/folder.rs
index 138e633..1ee27de 100644
--- a/src/db/folder.rs
+++ b/src/db/folder.rs
@@ -89,10 +89,24 @@ pub async fn name_exists(parent_folder_id: Uuid, name: &str, pool: &Pool) -> sql
 
 /// Creates a folder in the database. Do not use this function to create the ROOT folder
 pub async fn insert(parent_folder_id: Uuid, folder_name: &str, pool: &Pool) -> sqlx::Result<Uuid> {
-    sqlx::query_file!("sql/create_folder.sql", parent_folder_id, folder_name)
-        .fetch_one(pool)
-        .await
-        .map(|record| record.folder_id)
+    let folder_id = Uuid::now_v7();
+    let owner_id = get_by_id(parent_folder_id, pool)
+        .await?
+        .ok_or(sqlx::Error::RowNotFound)?
+        .owner_id;
+    let result = sqlx::query_file!(
+        "sql/create_folder.sql",
+        parent_folder_id,
+        owner_id,
+        folder_name,
+        folder_id
+    )
+    .execute(pool)
+    .await?;
+    if result.rows_affected() == 0 {
+        return Err(sqlx::Error::RowNotFound);
+    }
+    Ok(folder_id)
 }
 
 pub fn delete(folder_id: Uuid, pool: &Pool) -> impl Stream<Item = sqlx::Result<Uuid>> + '_ {
diff --git a/src/db/permissions.rs b/src/db/permissions.rs
index 65836fc..4bf0366 100644
--- a/src/db/permissions.rs
+++ b/src/db/permissions.rs
@@ -1,5 +1,7 @@
 use std::{borrow::Cow, collections::HashMap};
 
+use db::folder::FolderWithoutParentId;
+
 use crate::prelude::*;
 
 #[derive(sqlx::Type, Debug, Serialize, Deserialize)]
@@ -135,10 +137,16 @@ pub async fn delete_for_folder(folder_id: Uuid, user_id: i32, pool: &Pool) -> sq
         .map(|_| ())
 }
 
-pub async fn get_top_level_permitted_folders(user_id: i32, pool: &Pool) -> sqlx::Result<Vec<Uuid>> {
-    sqlx::query_file!("sql/get_top_level_folder.sql", user_id)
-        .fetch(pool)
-        .map_ok(|record| record.folder_id)
-        .try_collect()
-        .await
+pub async fn get_top_level_permitted_folders(
+    user_id: i32,
+    pool: &Pool,
+) -> sqlx::Result<Vec<FolderWithoutParentId>> {
+    sqlx::query_file_as!(
+        FolderWithoutParentId,
+        "sql/get_top_level_folder.sql",
+        user_id
+    )
+    .fetch(pool)
+    .try_collect()
+    .await
 }
diff --git a/src/db/users.rs b/src/db/users.rs
index 0fe1932..088446b 100644
--- a/src/db/users.rs
+++ b/src/db/users.rs
@@ -8,7 +8,7 @@ pub async fn create_user(
     pool: &Pool,
 ) -> sqlx::Result<Option<i32>> {
     let Some(record) = sqlx::query!(
-        "INSERT INTO users(username, email, hashed_password) VALUES ($1, $2, $3) RETURNING user_id",
+        "INSERT INTO users(username, email, hashed_password) VALUES ($1, $2, $3) ON CONFLICT DO NOTHING RETURNING user_id",
         user_name,
         user_email,
         hashed_password
diff --git a/src/endpoints/permissions/get_top_level.rs b/src/endpoints/permissions/get_top_level.rs
index 55ebba6..e311ba0 100644
--- a/src/endpoints/permissions/get_top_level.rs
+++ b/src/endpoints/permissions/get_top_level.rs
@@ -1,9 +1,11 @@
+use db::folder::FolderWithoutParentId;
+
 use crate::prelude::*;
 
 pub async fn get_top_level(
     State(pool): State<Pool>,
     claims: Claims,
-) -> GeneralResult<Json<Vec<Uuid>>> {
+) -> GeneralResult<Json<Vec<FolderWithoutParentId>>> {
     let folders = db::permissions::get_top_level_permitted_folders(claims.user_id, &pool)
         .await
         .handle_internal("Error reading from the database")?;
diff --git a/src/endpoints/permissions/set.rs b/src/endpoints/permissions/set.rs
index f64266a..c850699 100644
--- a/src/endpoints/permissions/set.rs
+++ b/src/endpoints/permissions/set.rs
@@ -26,6 +26,13 @@ pub async fn set(
         .await
         .can_manage_guard()?;
 
+    if params.user_id == claims.user_id {
+        return Err(GeneralError::message(
+            StatusCode::BAD_REQUEST,
+            "Cannot set your own permissions",
+        ));
+    }
+
     let folder_info = db::folder::get_by_id(params.folder_id, &pool)
         .await
         .handle_internal("Error getting folder info")?