1 files changed, 9 insertions, 5 deletions

diff --git a/logic/src/admin/user.rs b/logic/src/admin/user.rs
index e277077..15356a8 100644
--- a/logic/src/admin/user.rs
+++ b/logic/src/admin/user.rs
@@ -4,25 +4,28 @@
     Copyright (C) 2025 metamuffin <metamuffin.org>
 */
 
-use crate::{DATABASE, session::AdminSession};
+use crate::{DATABASE, session::Session};
 use anyhow::{Result, anyhow};
 use jellycommon::{
     api::ApiAdminUsersResponse,
     user::{User, UserPermission},
 };
 
-pub fn admin_users(_session: &AdminSession) -> Result<ApiAdminUsersResponse> {
+pub fn admin_users(session: &Session) -> Result<ApiAdminUsersResponse> {
+    session.assert_admin()?;
     // TODO dont return useless info like passwords
     Ok(ApiAdminUsersResponse {
         users: DATABASE.list_users()?,
     })
 }
-pub fn get_user(_session: &AdminSession, username: &str) -> Result<User> {
+pub fn get_user(session: &Session, username: &str) -> Result<User> {
+    session.assert_admin()?;
     DATABASE
         .get_user(username)?
         .ok_or(anyhow!("user not found"))
 }
-pub fn delete_user(_session: &AdminSession, username: &str) -> Result<()> {
+pub fn delete_user(session: &Session, username: &str) -> Result<()> {
+    session.assert_admin()?;
     if !DATABASE.delete_user(&username)? {
         Err(anyhow!("user did not exist"))?;
     }
@@ -35,11 +38,12 @@ pub enum GrantState {
     Unset,
 }
 pub fn update_user_perms(
-    _session: &AdminSession,
+    session: &Session,
     username: &str,
     perm: UserPermission,
     action: GrantState,
 ) -> Result<()> {
+    session.assert_admin()?;
     DATABASE.update_user(username, |user| {
         match action {
             GrantState::Grant => drop(user.permissions.0.insert(perm.clone(), true)),