1 files changed, 13 insertions, 9 deletions

diff --git a/server/src/ui/admin/user.rs b/server/src/ui/admin/user.rs
index 27d5256..e8dc332 100644
--- a/server/src/ui/admin/user.rs
+++ b/server/src/ui/admin/user.rs
@@ -12,7 +12,7 @@ use jellycommon::user::UserPermission;
 use jellyimport::is_importing;
 use jellylogic::{
     admin::user::{admin_users, delete_user, get_user, update_user_perms, GrantState},
-    session::AdminSession,
+    session::Session,
 };
 use jellyui::{
     admin::user::{AdminUserPage, AdminUsersPage},
@@ -22,7 +22,8 @@ use jellyui::{
 use rocket::{form::Form, get, post, response::content::RawHtml, FromForm, FromFormField};
 
 #[get("/admin/users")]
-pub fn r_admin_users(session: A<AdminSession>, lang: AcceptLanguage) -> MyResult<RawHtml<String>> {
+pub fn r_admin_users(session: A<Session>, lang: AcceptLanguage) -> MyResult<RawHtml<String>> {
+    session.0.assert_admin()?;
     let AcceptLanguage(lang) = lang;
     let r = admin_users(&session.0)?;
     Ok(RawHtml(render_page(
@@ -34,7 +35,7 @@ pub fn r_admin_users(session: A<AdminSession>, lang: AcceptLanguage) -> MyResult
         RenderInfo {
             importing: is_importing(),
             session: Some(SessionInfo {
-                user: session.0 .0.user,
+                user: session.0.user,
             }),
         },
         lang,
@@ -43,10 +44,11 @@ pub fn r_admin_users(session: A<AdminSession>, lang: AcceptLanguage) -> MyResult
 
 #[get("/admin/user/<name>")]
 pub fn r_admin_user<'a>(
-    session: A<AdminSession>,
+    session: A<Session>,
     name: &'a str,
     lang: AcceptLanguage,
 ) -> MyResult<RawHtml<String>> {
+    session.0.assert_admin()?;
     let AcceptLanguage(lang) = lang;
     let user = get_user(&session.0, name)?;
 
@@ -59,7 +61,7 @@ pub fn r_admin_user<'a>(
         RenderInfo {
             importing: is_importing(),
             session: Some(SessionInfo {
-                user: session.0 .0.user,
+                user: session.0.user,
             }),
         },
         lang,
@@ -81,11 +83,12 @@ pub enum UrlGrantState {
 
 #[post("/admin/user/<name>/update_permission", data = "<form>")]
 pub fn r_admin_user_permission(
-    session: A<AdminSession>,
+    session: A<Session>,
     form: Form<UserPermissionForm>,
     name: &str,
     lang: AcceptLanguage,
 ) -> MyResult<RawHtml<String>> {
+    session.0.assert_admin()?;
     let AcceptLanguage(lang) = lang;
     let perm = serde_json::from_str::<UserPermission>(&form.permission)
         .context("parsing provided permission")?;
@@ -112,7 +115,7 @@ pub fn r_admin_user_permission(
         RenderInfo {
             importing: is_importing(),
             session: Some(SessionInfo {
-                user: session.0 .0.user,
+                user: session.0.user,
             }),
         },
         lang,
@@ -121,10 +124,11 @@ pub fn r_admin_user_permission(
 
 #[post("/admin/<name>/remove")]
 pub fn r_admin_remove_user(
-    session: A<AdminSession>,
+    session: A<Session>,
     name: &str,
     lang: AcceptLanguage,
 ) -> MyResult<RawHtml<String>> {
+    session.0.assert_admin()?;
     let AcceptLanguage(lang) = lang;
     delete_user(&session.0, name)?;
     let r = admin_users(&session.0)?;
@@ -138,7 +142,7 @@ pub fn r_admin_remove_user(
         RenderInfo {
             importing: is_importing(),
             session: Some(SessionInfo {
-                user: session.0 .0.user,
+                user: session.0.user,
             }),
         },
         lang,