2 files changed, 37 insertions, 21 deletions

diff --git a/server/src/routes/ui/account/session/guard.rs b/server/src/routes/ui/account/session/guard.rs
index e2bc093..19d68ad 100644
--- a/server/src/routes/ui/account/session/guard.rs
+++ b/server/src/routes/ui/account/session/guard.rs
@@ -3,11 +3,13 @@
     which is licensed under the GNU Affero General Public License (version 3); see /COPYING.
     Copyright (C) 2023 metamuffin <metamuffin.org>
 */
-use super::Session;
+use super::{AdminSession, Session};
 use crate::{database::Database, routes::ui::error::MyError};
 use anyhow::anyhow;
 use log::warn;
 use rocket::{
+    async_trait,
+    http::Status,
     outcome::Outcome,
     request::{self, FromRequest},
     Request, State,
@@ -40,31 +42,43 @@ impl Session {
     }
 }
 
+#[async_trait]
 impl<'r> FromRequest<'r> for Session {
     type Error = MyError;
+    async fn from_request<'life0>(
+        request: &'r Request<'life0>,
+    ) -> request::Outcome<Self, Self::Error> {
+        match Session::from_request_ut(request).await {
+            Ok(x) => Outcome::Success(x),
+            Err(e) => {
+                warn!("authentificated route rejected: {e:?}");
+                Outcome::Forward(())
+            }
+        }
+    }
+}
 
-    fn from_request<'life0, 'async_trait>(
+#[async_trait]
+impl<'r> FromRequest<'r> for AdminSession {
+    type Error = MyError;
+    async fn from_request<'life0>(
         request: &'r Request<'life0>,
-    ) -> core::pin::Pin<
-        Box<
-            dyn core::future::Future<Output = request::Outcome<Self, Self::Error>>
-                + core::marker::Send
-                + 'async_trait,
-        >,
-    >
-    where
-        'r: 'async_trait,
-        'life0: 'async_trait,
-        Self: 'async_trait,
-    {
-        Box::pin(async move {
-            match Self::from_request_ut(request).await {
-                Ok(x) => Outcome::Success(x),
-                Err(e) => {
-                    warn!("authentificated route rejected: {e:?}");
-                    Outcome::Forward(())
+    ) -> request::Outcome<Self, Self::Error> {
+        match Session::from_request_ut(request).await {
+            Ok(x) => {
+                if x.user.admin {
+                    Outcome::Success(AdminSession(x))
+                } else {
+                    Outcome::Failure((
+                        Status::Unauthorized,
+                        MyError(anyhow!("you are not an admin")),
+                    ))
                 }
             }
-        })
+            Err(e) => {
+                warn!("authentificated route rejected: {e:?}");
+                Outcome::Forward(())
+            }
+        }
     }
 }
diff --git a/server/src/routes/ui/account/session/mod.rs b/server/src/routes/ui/account/session/mod.rs
index 2a7908f..89592c3 100644
--- a/server/src/routes/ui/account/session/mod.rs
+++ b/server/src/routes/ui/account/session/mod.rs
@@ -15,6 +15,8 @@ pub struct Session {
     pub user: User,
 }
 
+pub struct AdminSession(pub Session);
+
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct SessionData {
     username: String,