add team checks

lichess-org · Apr 13, 2021 · e090d98 · e090d98
1 parent 2f934b1
commit e090d98
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 15 deletions.
diff --git a/app/controllers/Team.scala b/app/controllers/Team.scala
@@ -84,7 +84,7 @@ final class Team(
     )
 
   private def usersExport(teamId: String, me: Option[lila.user.User], req: RequestHeader) = {
-    api.team(teamId) flatMap {
+    api teamEnabled teamId flatMap {
       _ ?? { team =>
         val canView: Fu[Boolean] =
           if (team.publicMembers) fuccess(true)
@@ -108,7 +108,7 @@ final class Team(
 
   def tournaments(teamId: String) =
     Open { implicit ctx =>
-      env.team.teamRepo.enabled(teamId) flatMap {
+      api teamEnabled teamId flatMap {
         _ ?? { team =>
           env.teamInfo.tournaments(team, 30, 30) map { tours =>
             Ok(html.team.tournaments.page(team, tours))
@@ -119,14 +119,14 @@ final class Team(
 
   def edit(id: String) =
     Auth { implicit ctx => _ =>
-      WithOwnedTeam(id) { team =>
+      WithOwnedTeamEnabled(id) { team =>
         fuccess(html.team.form.edit(team, forms edit team))
       }
     }
 
   def update(id: String) =
     AuthBody { implicit ctx => me =>
-      WithOwnedTeam(id) { team =>
+      WithOwnedTeamEnabled(id) { team =>
         implicit val req = ctx.body
         forms
           .edit(team)
@@ -140,7 +140,7 @@ final class Team(
 
   def kickForm(id: String) =
     Auth { implicit ctx => me =>
-      WithOwnedTeam(id) { team =>
+      WithOwnedTeamEnabled(id) { team =>
         env.team.memberRepo userIdsByTeam team.id map { userIds =>
           html.team.admin.kick(team, userIds.filter(me.id !=))
         }
@@ -149,7 +149,7 @@ final class Team(
 
   def kick(id: String) =
     AuthBody { implicit ctx => me =>
-      WithOwnedTeam(id) { team =>
+      WithOwnedTeamEnabled(id) { team =>
         implicit val req = ctx.body
         forms.selectMember.bindFromRequest().value ?? { api.kick(team, _, me) } inject Redirect(
           routes.Team.kickForm(team.id)
@@ -158,7 +158,7 @@ final class Team(
     }
   def kickUser(teamId: String, userId: String) =
     Scoped(_.Team.Write) { _ => me =>
-      api team teamId flatMap {
+      api teamEnabled teamId flatMap {
         _ ?? { team =>
           if (team leaders me.id) api.kick(team, userId, me) inject jsonOkResult
           else Forbidden(jsonError("Not your team")).fuccess
@@ -168,14 +168,14 @@ final class Team(
 
   def leadersForm(id: String) =
     Auth { implicit ctx => _ =>
-      WithOwnedTeam(id) { team =>
+      WithOwnedTeamEnabled(id) { team =>
         Ok(html.team.admin.leaders(team, forms leaders team)).fuccess
       }
     }
 
   def leaders(id: String) =
     AuthBody { implicit ctx => me =>
-      WithOwnedTeam(id) { team =>
+      WithOwnedTeamEnabled(id) { team =>
         implicit val req = ctx.body
         forms.leaders(team).bindFromRequest().value ?? {
           api.setLeaders(team, _, me, isGranted(_.ManageTeam))
@@ -256,7 +256,7 @@ final class Team(
     AuthOrScopedBody(_.Team.Write)(
       auth = implicit ctx =>
         me =>
-          api.team(id) flatMap {
+          api.teamEnabled(id) flatMap {
             _ ?? { team =>
               api hasJoinedTooManyTeams me flatMap { tooMany =>
                 if (tooMany)
@@ -428,7 +428,7 @@ final class Team(
 
   def pmAll(id: String) =
     Auth { implicit ctx => _ =>
-      WithOwnedTeam(id) { team =>
+      WithOwnedTeamEnabled(id) { team =>
         env.tournament.api
           .visibleByTeam(team.id, 0, 20)
           .dmap(_.next)
@@ -442,7 +442,7 @@ final class Team(
     AuthOrScopedBody(_.Team.Write)(
       auth = implicit ctx =>
         me =>
-          WithOwnedTeam(id) { team =>
+          WithOwnedTeamEnabled(id) { team =>
             doPmAll(team, me)(ctx.body).fold(
               err =>
                 env.tournament.api
@@ -456,7 +456,7 @@ final class Team(
           },
       scoped = implicit req =>
         me =>
-          api team id flatMap {
+          api teamEnabled id flatMap {
             _.filter(_ leaders me.id) ?? { team =>
               doPmAll(team, me).fold(
                 err => BadRequest(errorsAsJson(err)(reqLang)).fuccess,
@@ -482,7 +482,7 @@ final class Team(
   def apiShow(id: String) =
     Open { ctx =>
       JsonOptionOk {
-        api team id flatMap {
+        api teamEnabled id flatMap {
           _ ?? { team =>
             for {
               joined    <- ctx.userId.?? { api.belongsTo(id, _) }
@@ -565,4 +565,12 @@ You received this because you are subscribed to messages of the team $url."""
       if (ctx.userId.exists(team.leaders.contains) || isGranted(_.ManageTeam)) f(team)
       else renderTeam(team) map { Forbidden(_) }
     }
+
+  private def WithOwnedTeamEnabled(
+      teamId: String
+  )(f: TeamModel => Fu[Result])(implicit ctx: Context): Fu[Result] =
+    WithOwnedTeam(teamId) { team =>
+      if (team.enabled) f(team)
+      else notFound
+    }
 }
diff --git a/modules/team/src/main/TeamApi.scala b/modules/team/src/main/TeamApi.scala
@@ -34,6 +34,8 @@ final class TeamApi(
 
   def team(id: Team.ID) = teamRepo byId id
 
+  def teamEnabled(id: Team.ID) = teamRepo enabled id
+
   def leaderTeam(id: Team.ID) = teamRepo.coll.byId[LeaderTeam](id, $doc("name" -> true))
 
   def lightsByLeader = teamRepo.lightsByLeader _
@@ -143,7 +145,7 @@ final class TeamApi(
 
   def requestable(teamId: Team.ID, user: User): Fu[Option[Team]] =
     for {
-      teamOption <- teamRepo.coll.byId[Team](teamId)
+      teamOption <- teamEnabled(teamId)
       able       <- teamOption.??(requestable(_, user))
     } yield teamOption ifTrue able