get rid of admin session; checking manually instead

2 files changed, 21 insertions, 15 deletions

diff --git a/logic/src/admin/mod.rs b/logic/src/admin/mod.rs
index 804cb2b..d8b21b6 100644
--- a/logic/src/admin/mod.rs
+++ b/logic/src/admin/mod.rs
@@ -7,38 +7,40 @@
 pub mod log;
 pub mod user;
 
-use crate::{DATABASE, session::AdminSession};
+use crate::{DATABASE, session::Session};
 use anyhow::{Result, anyhow};
 use jellyimport::{IMPORT_ERRORS, import_wrap};
 use rand::Rng;
 use std::time::{Duration, Instant};
 use tokio::task::spawn_blocking;
 
-pub async fn get_import_errors(_session: &AdminSession) -> Vec<String> {
+pub async fn get_import_errors(_session: &Session) -> Vec<String> {
     IMPORT_ERRORS.read().await.to_owned()
 }
-pub fn list_invites(_session: &AdminSession) -> Result<Vec<String>> {
+pub fn list_invites(session: &Session) -> Result<Vec<String>> {
+    session.assert_admin()?;
     DATABASE.list_invites()
 }
 
-pub fn create_invite(_session: &AdminSession) -> Result<String> {
+pub fn create_invite(session: &Session) -> Result<String> {
+    session.assert_admin()?;
     let i = format!("{}", rand::rng().random::<u128>());
     DATABASE.create_invite(&i)?;
     Ok(i)
 }
-pub fn delete_invite(_session: &AdminSession, invite: &str) -> Result<()> {
+pub fn delete_invite(session: &Session, invite: &str) -> Result<()> {
+    session.assert_admin()?;
     if !DATABASE.delete_invite(invite)? {
         Err(anyhow!("invite does not exist"))?;
     };
     Ok(())
 }
-pub async fn update_search_index(_session: &AdminSession) -> Result<()> {
+pub async fn update_search_index(session: &Session) -> Result<()> {
+    session.assert_admin()?;
     spawn_blocking(move || DATABASE.search_create_index()).await?
 }
-pub async fn do_import(
-    _session: &AdminSession,
-    incremental: bool,
-) -> Result<(Duration, Result<()>)> {
+pub async fn do_import(session: &Session, incremental: bool) -> Result<(Duration, Result<()>)> {
+    session.assert_admin()?;
     let t = Instant::now();
     if !incremental {
         DATABASE.clear_nodes()?;
diff --git a/logic/src/admin/user.rs b/logic/src/admin/user.rs
index e277077..15356a8 100644
--- a/logic/src/admin/user.rs
+++ b/logic/src/admin/user.rs
@@ -4,25 +4,28 @@
     Copyright (C) 2025 metamuffin <metamuffin.org>
 */
 
-use crate::{DATABASE, session::AdminSession};
+use crate::{DATABASE, session::Session};
 use anyhow::{Result, anyhow};
 use jellycommon::{
     api::ApiAdminUsersResponse,
     user::{User, UserPermission},
 };
 
-pub fn admin_users(_session: &AdminSession) -> Result<ApiAdminUsersResponse> {
+pub fn admin_users(session: &Session) -> Result<ApiAdminUsersResponse> {
+    session.assert_admin()?;
     // TODO dont return useless info like passwords
     Ok(ApiAdminUsersResponse {
         users: DATABASE.list_users()?,
     })
 }
-pub fn get_user(_session: &AdminSession, username: &str) -> Result<User> {
+pub fn get_user(session: &Session, username: &str) -> Result<User> {
+    session.assert_admin()?;
     DATABASE
         .get_user(username)?
         .ok_or(anyhow!("user not found"))
 }
-pub fn delete_user(_session: &AdminSession, username: &str) -> Result<()> {
+pub fn delete_user(session: &Session, username: &str) -> Result<()> {
+    session.assert_admin()?;
     if !DATABASE.delete_user(&username)? {
         Err(anyhow!("user did not exist"))?;
     }
@@ -35,11 +38,12 @@ pub enum GrantState {
     Unset,
 }
 pub fn update_user_perms(
-    _session: &AdminSession,
+    session: &Session,
     username: &str,
     perm: UserPermission,
     action: GrantState,
 ) -> Result<()> {
+    session.assert_admin()?;
     DATABASE.update_user(username, |user| {
         match action {
             GrantState::Grant => drop(user.permissions.0.insert(perm.clone(), true)),