use serde::{Deserialize, Serialize};
use crate::community::roles::{MemberGrant, Permissions, Role, RoleScope};
pub const MAX_ROLES_PER_MEMBER: usize = 64;
pub const MAX_ROLES_PER_COMMUNITY: usize = 100;
pub const MAX_BANLIST: usize = 500;
pub const MAX_ROLE_NAME_BYTES: usize = super::control::MAX_NAME_BYTES;
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct RoleContent {
pub role_id: String,
pub name: String,
pub position: u32,
#[serde(with = "perm_decimal_string")]
pub permissions: u64,
pub scope: RoleScope,
#[serde(default)]
pub color: u32,
#[serde(flatten)]
pub extra: serde_json::Map<String, serde_json::Value>,
}
impl RoleContent {
pub fn from_role(r: &Role) -> Self {
RoleContent {
role_id: r.role_id.clone(),
name: r.name.clone(),
position: r.position,
permissions: r.permissions.0,
scope: r.scope.clone(),
color: r.color,
extra: serde_json::Map::new(),
}
}
pub fn into_role(self) -> Role {
Role {
role_id: self.role_id,
name: self.name,
position: self.position,
permissions: Permissions(self.permissions),
scope: self.scope,
color: self.color,
}
}
}
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct GrantContent {
pub member: String,
#[serde(default)]
pub role_ids: Vec<String>,
#[serde(flatten)]
pub extra: serde_json::Map<String, serde_json::Value>,
}
impl GrantContent {
pub fn from_grant(g: &MemberGrant) -> Self {
GrantContent { member: g.member.clone(), role_ids: g.role_ids.clone(), extra: serde_json::Map::new() }
}
pub fn into_grant(self) -> MemberGrant {
MemberGrant { member: self.member, role_ids: self.role_ids }
}
}
pub fn role_content_json(r: &Role) -> Result<String, String> {
serde_json::to_string(&RoleContent::from_role(r)).map_err(|e| e.to_string())
}
pub fn parse_role_content(content: &str) -> Option<Role> {
serde_json::from_str::<RoleContent>(content).ok().map(RoleContent::into_role)
}
pub fn grant_content_json(g: &MemberGrant) -> Result<String, String> {
serde_json::to_string(&GrantContent::from_grant(g)).map_err(|e| e.to_string())
}
pub fn parse_grant_content(content: &str) -> Option<MemberGrant> {
serde_json::from_str::<GrantContent>(content).ok().map(GrantContent::into_grant)
}
pub fn banlist_content_json(banned: &[String]) -> Result<String, String> {
serde_json::to_string(banned).map_err(|e| e.to_string())
}
pub fn parse_banlist_content(content: &str) -> Option<Vec<String>> {
serde_json::from_str::<Vec<String>>(content).ok()
}
pub fn validate_role(r: &Role) -> Result<(), String> {
if r.name.len() > MAX_ROLE_NAME_BYTES {
return Err("role name over 64 bytes".to_string());
}
if r.position == 0 {
return Err("position 0 is reserved to the owner".to_string());
}
Ok(())
}
pub fn validate_banlist(banned: &[String]) -> Result<(), String> {
if banned.len() > MAX_BANLIST {
return Err("banlist over the 500-npub ceiling".to_string());
}
Ok(())
}
mod perm_decimal_string {
use serde::{Deserialize, Deserializer, Serializer};
pub fn serialize<S: Serializer>(v: &u64, s: S) -> Result<S::Ok, S::Error> {
s.serialize_str(&v.to_string())
}
pub fn deserialize<'de, D: Deserializer<'de>>(d: D) -> Result<u64, D::Error> {
#[derive(Deserialize)]
#[serde(untagged)]
enum StringOrNumber {
S(String),
N(u64),
}
match StringOrNumber::deserialize(d)? {
StringOrNumber::N(n) => Ok(n),
StringOrNumber::S(s) => {
if s.is_empty() || !s.bytes().all(|b| b.is_ascii_digit()) {
return Err(serde::de::Error::custom("permissions must be a decimal string"));
}
s.parse::<u64>().map_err(serde::de::Error::custom)
}
}
}
}
#[cfg(test)]
mod tests {
use super::*;
fn role(perms: u64, pos: u32) -> Role {
Role {
role_id: "aa".repeat(32),
name: "Moderator".into(),
position: pos,
permissions: Permissions(perms),
scope: RoleScope::Server,
color: 15158332,
}
}
#[test]
fn role_permissions_ride_as_a_decimal_string() {
let json = role_content_json(&role(40, 2)).unwrap();
assert!(json.contains("\"permissions\":\"40\""), "permissions is a decimal string, not a number: {json}");
assert!(!json.contains("\"permissions\":40"), "must not emit a bare number");
}
#[test]
fn role_round_trips_through_the_wire_form() {
let r = role(Permissions::ADMIN_ALL, 1);
let back = parse_role_content(&role_content_json(&r).unwrap()).unwrap();
assert_eq!(back, r);
}
#[test]
fn a_legacy_numeric_permissions_is_still_read() {
let legacy = r#"{"role_id":"bb","name":"X","position":3,"permissions":40,"scope":{"kind":"server"},"color":0}"#;
assert_eq!(parse_role_content(legacy).unwrap().permissions, Permissions(40));
}
#[test]
fn a_non_digit_permissions_string_is_rejected() {
for bad in ["\"+40\"", "\"4a\"", "\"\"", "\" 40\""] {
let j = format!(r#"{{"role_id":"cc","name":"X","position":2,"permissions":{bad},"scope":{{"kind":"server"}}}}"#);
assert!(parse_role_content(&j).is_none(), "rejected non-digit permissions {bad}");
}
}
#[test]
fn channel_scope_round_trips() {
let mut r = role(8, 2);
r.scope = RoleScope::Channel("cc".repeat(32));
let json = role_content_json(&r).unwrap();
assert!(json.contains(r#""scope":{"kind":"channel","channel_id":""#), "{json}");
assert_eq!(parse_role_content(&json).unwrap().scope, r.scope);
}
#[test]
fn grant_round_trips_and_empty_is_a_revoke() {
let g = MemberGrant { member: "dd".repeat(32), role_ids: vec!["aa".repeat(32)] };
assert_eq!(parse_grant_content(&grant_content_json(&g).unwrap()).unwrap(), g);
let revoke = MemberGrant { member: "ee".repeat(32), role_ids: vec![] };
let back = parse_grant_content(&grant_content_json(&revoke).unwrap()).unwrap();
assert!(back.role_ids.is_empty());
}
#[test]
fn banlist_round_trips() {
let banned = vec!["11".repeat(32), "22".repeat(32)];
assert_eq!(parse_banlist_content(&banlist_content_json(&banned).unwrap()).unwrap(), banned);
assert!(parse_banlist_content("not-an-array").is_none());
}
#[test]
fn unknown_role_fields_round_trip() {
let j = r#"{"role_id":"ab","name":"X","position":2,"permissions":"8","scope":{"kind":"server"},"color":0,"future":"keep"}"#;
let parsed: RoleContent = serde_json::from_str(j).unwrap();
let reser = serde_json::to_string(&parsed).unwrap();
assert!(reser.contains("\"future\":\"keep\""), "unknown fields survive: {reser}");
}
#[test]
fn validate_rejects_pos_zero_and_long_name() {
assert!(validate_role(&role(8, 0)).is_err(), "position 0 reserved to owner");
let mut long = role(8, 2);
long.name = "x".repeat(65);
assert!(validate_role(&long).is_err());
assert!(validate_banlist(&vec!["z".into(); MAX_BANLIST + 1]).is_err());
}
}