get rid of admin session; checking manually instead

5 files changed, 40 insertions, 17 deletions

diff --git a/logic/src/admin/mod.rs b/logic/src/admin/mod.rs
index 804cb2b..d8b21b6 100644
--- a/logic/src/admin/mod.rs
+++ b/logic/src/admin/mod.rs
@@ -7,38 +7,40 @@
 pub mod log;
 pub mod user;
 
-use crate::{DATABASE, session::AdminSession};
+use crate::{DATABASE, session::Session};
 use anyhow::{Result, anyhow};
 use jellyimport::{IMPORT_ERRORS, import_wrap};
 use rand::Rng;
 use std::time::{Duration, Instant};
 use tokio::task::spawn_blocking;
 
-pub async fn get_import_errors(_session: &AdminSession) -> Vec<String> {
+pub async fn get_import_errors(_session: &Session) -> Vec<String> {
     IMPORT_ERRORS.read().await.to_owned()
 }
-pub fn list_invites(_session: &AdminSession) -> Result<Vec<String>> {
+pub fn list_invites(session: &Session) -> Result<Vec<String>> {
+    session.assert_admin()?;
     DATABASE.list_invites()
 }
 
-pub fn create_invite(_session: &AdminSession) -> Result<String> {
+pub fn create_invite(session: &Session) -> Result<String> {
+    session.assert_admin()?;
     let i = format!("{}", rand::rng().random::<u128>());
     DATABASE.create_invite(&i)?;
     Ok(i)
 }
-pub fn delete_invite(_session: &AdminSession, invite: &str) -> Result<()> {
+pub fn delete_invite(session: &Session, invite: &str) -> Result<()> {
+    session.assert_admin()?;
     if !DATABASE.delete_invite(invite)? {
         Err(anyhow!("invite does not exist"))?;
     };
     Ok(())
 }
-pub async fn update_search_index(_session: &AdminSession) -> Result<()> {
+pub async fn update_search_index(session: &Session) -> Result<()> {
+    session.assert_admin()?;
     spawn_blocking(move || DATABASE.search_create_index()).await?
 }
-pub async fn do_import(
-    _session: &AdminSession,
-    incremental: bool,
-) -> Result<(Duration, Result<()>)> {
+pub async fn do_import(session: &Session, incremental: bool) -> Result<(Duration, Result<()>)> {
+    session.assert_admin()?;
     let t = Instant::now();
     if !incremental {
         DATABASE.clear_nodes()?;
diff --git a/logic/src/admin/user.rs b/logic/src/admin/user.rs
index e277077..15356a8 100644
--- a/logic/src/admin/user.rs
+++ b/logic/src/admin/user.rs
@@ -4,25 +4,28 @@
     Copyright (C) 2025 metamuffin <metamuffin.org>
 */
 
-use crate::{DATABASE, session::AdminSession};
+use crate::{DATABASE, session::Session};
 use anyhow::{Result, anyhow};
 use jellycommon::{
     api::ApiAdminUsersResponse,
     user::{User, UserPermission},
 };
 
-pub fn admin_users(_session: &AdminSession) -> Result<ApiAdminUsersResponse> {
+pub fn admin_users(session: &Session) -> Result<ApiAdminUsersResponse> {
+    session.assert_admin()?;
     // TODO dont return useless info like passwords
     Ok(ApiAdminUsersResponse {
         users: DATABASE.list_users()?,
     })
 }
-pub fn get_user(_session: &AdminSession, username: &str) -> Result<User> {
+pub fn get_user(session: &Session, username: &str) -> Result<User> {
+    session.assert_admin()?;
     DATABASE
         .get_user(username)?
         .ok_or(anyhow!("user not found"))
 }
-pub fn delete_user(_session: &AdminSession, username: &str) -> Result<()> {
+pub fn delete_user(session: &Session, username: &str) -> Result<()> {
+    session.assert_admin()?;
     if !DATABASE.delete_user(&username)? {
         Err(anyhow!("user did not exist"))?;
     }
@@ -35,11 +38,12 @@ pub enum GrantState {
     Unset,
 }
 pub fn update_user_perms(
-    _session: &AdminSession,
+    session: &Session,
     username: &str,
     perm: UserPermission,
     action: GrantState,
 ) -> Result<()> {
+    session.assert_admin()?;
     DATABASE.update_user(username, |user| {
         match action {
             GrantState::Grant => drop(user.permissions.0.insert(perm.clone(), true)),
diff --git a/logic/src/lib.rs b/logic/src/lib.rs
index 9988ed2..0bd44d7 100644
--- a/logic/src/lib.rs
+++ b/logic/src/lib.rs
@@ -16,6 +16,7 @@ pub mod search;
 pub mod session;
 pub mod stats;
 pub mod account;
+pub mod permission;
 
 use anyhow::Context;
 use anyhow::Result;
diff --git a/logic/src/permission.rs b/logic/src/permission.rs
new file mode 100644
index 0000000..c23ad41
--- /dev/null
+++ b/logic/src/permission.rs
@@ -0,0 +1,18 @@
+/*
+    This file is part of jellything (https://codeberg.org/metamuffin/jellything)
+    which is licensed under the GNU Affero General Public License (version 3); see /COPYING.
+    Copyright (C) 2025 metamuffin <metamuffin.org>
+*/
+
+use crate::session::Session;
+use anyhow::{Result, anyhow};
+
+impl Session {
+    pub fn assert_admin(&self) -> Result<()> {
+        if self.user.admin {
+            Ok(())
+        } else {
+            Err(anyhow!("Permission denied."))
+        }
+    }
+}
diff --git a/logic/src/session.rs b/logic/src/session.rs
index 615694c..6f168e3 100644
--- a/logic/src/session.rs
+++ b/logic/src/session.rs
@@ -22,8 +22,6 @@ pub struct Session {
     pub user: User,
 }
 
-pub struct AdminSession(pub Session);
-
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct SessionData {
     username: String,