diff options
Diffstat (limited to 'server/src/ui/admin')
| -rw-r--r-- | server/src/ui/admin/log.rs | 15 | ||||
| -rw-r--r-- | server/src/ui/admin/mod.rs | 30 | ||||
| -rw-r--r-- | server/src/ui/admin/user.rs | 22 |
3 files changed, 42 insertions, 25 deletions
diff --git a/server/src/ui/admin/log.rs b/server/src/ui/admin/log.rs index f0a85f2..c26b697 100644 --- a/server/src/ui/admin/log.rs +++ b/server/src/ui/admin/log.rs @@ -10,7 +10,7 @@ use crate::{ use jellyimport::is_importing; use jellylogic::{ admin::log::{get_log_buffer, get_log_stream}, - session::AdminSession, + session::Session, }; use jellyui::{ admin::log::{render_log_line, ServerLogPage}, @@ -23,10 +23,11 @@ use serde_json::json; #[get("/admin/log?<warnonly>", rank = 2)] pub fn r_admin_log<'a>( - session: A<AdminSession>, + session: A<Session>, warnonly: bool, lang: AcceptLanguage, ) -> MyResult<RawHtml<String>> { + session.0.assert_admin()?; let AcceptLanguage(lang) = lang; let messages = get_log_buffer(warnonly) .into_iter() @@ -40,7 +41,7 @@ pub fn r_admin_log<'a>( RenderInfo { importing: is_importing(), session: Some(SessionInfo { - user: session.0 .0.user, + user: session.0.user, }), }, lang, @@ -49,14 +50,18 @@ pub fn r_admin_log<'a>( #[get("/admin/log?stream&<warnonly>&<html>", rank = 1)] pub fn r_admin_log_stream( - _session: A<AdminSession>, + session: A<Session>, ws: WebSocket, warnonly: bool, html: bool, ) -> Stream!['static] { + // TODO type problems + let ok = session.0.assert_admin().is_ok(); let mut stream = get_log_stream(warnonly); Stream! { ws => - if html { + if !ok { + yield Message::Text("unauthorized".to_string()); + } else if html { let _ = ws; while let Ok(line) = stream.recv().await { yield Message::Text(render_log_line(&line)); diff --git a/server/src/ui/admin/mod.rs b/server/src/ui/admin/mod.rs index e3eb2d6..4e07afb 100644 --- a/server/src/ui/admin/mod.rs +++ b/server/src/ui/admin/mod.rs @@ -7,7 +7,7 @@ pub mod log; pub mod user; use super::error::MyResult; -use crate::helper::{language::AcceptLanguage, A}; +use crate::helper::{language::AcceptLanguage, RequestInfo, A}; use jellycommon::routes::u_admin_dashboard; use jellyimport::is_importing; use jellylogic::{ @@ -15,25 +15,27 @@ use jellylogic::{ create_invite, delete_invite, do_import, get_import_errors, list_invites, update_search_index, }, - session::AdminSession, + session::Session, }; use jellyui::{ admin::AdminDashboardPage, + locale::tr, render_page, scaffold::{RenderInfo, SessionInfo}, }; use rocket::{ form::Form, get, post, - response::{content::RawHtml, Redirect}, + response::{content::RawHtml, Flash, Redirect}, FromForm, }; #[get("/admin/dashboard")] pub async fn r_admin_dashboard( - session: A<AdminSession>, + session: A<Session>, lang: AcceptLanguage, ) -> MyResult<RawHtml<String>> { + session.0.assert_admin()?; let AcceptLanguage(lang) = lang; let flash = None; @@ -57,7 +59,7 @@ pub async fn r_admin_dashboard( RenderInfo { importing: is_importing(), session: Some(SessionInfo { - user: session.0 .0.user, + user: session.0.user, }), }, lang, @@ -65,9 +67,12 @@ pub async fn r_admin_dashboard( } #[post("/admin/generate_invite")] -pub async fn r_admin_invite(session: A<AdminSession>) -> MyResult<Redirect> { - let _ = create_invite(&session.0)?; - Ok(Redirect::temporary(u_admin_dashboard())) +pub async fn r_admin_invite(ri: RequestInfo) -> MyResult<Flash<Redirect>> { + let i = create_invite(&ri.session)?; + Ok(Flash::success( + Redirect::to(u_admin_dashboard()), + tr(ri.lang, "admin.invite_create_success").replace("{invite}", &i), + )) } #[derive(FromForm)] @@ -77,21 +82,24 @@ pub struct DeleteInvite { #[post("/admin/remove_invite", data = "<form>")] pub async fn r_admin_remove_invite( - session: A<AdminSession>, + session: A<Session>, form: Form<DeleteInvite>, ) -> MyResult<Redirect> { + session.0.assert_admin()?; delete_invite(&session.0, &form.invite)?; Ok(Redirect::temporary(u_admin_dashboard())) } #[post("/admin/import?<incremental>")] -pub async fn r_admin_import(session: A<AdminSession>, incremental: bool) -> MyResult<Redirect> { +pub async fn r_admin_import(session: A<Session>, incremental: bool) -> MyResult<Redirect> { + session.0.assert_admin()?; do_import(&session.0, incremental).await?.1?; Ok(Redirect::temporary(u_admin_dashboard())) } #[post("/admin/update_search")] -pub async fn r_admin_update_search(session: A<AdminSession>) -> MyResult<Redirect> { +pub async fn r_admin_update_search(session: A<Session>) -> MyResult<Redirect> { + session.0.assert_admin()?; update_search_index(&session.0).await?; Ok(Redirect::temporary(u_admin_dashboard())) } diff --git a/server/src/ui/admin/user.rs b/server/src/ui/admin/user.rs index 27d5256..e8dc332 100644 --- a/server/src/ui/admin/user.rs +++ b/server/src/ui/admin/user.rs @@ -12,7 +12,7 @@ use jellycommon::user::UserPermission; use jellyimport::is_importing; use jellylogic::{ admin::user::{admin_users, delete_user, get_user, update_user_perms, GrantState}, - session::AdminSession, + session::Session, }; use jellyui::{ admin::user::{AdminUserPage, AdminUsersPage}, @@ -22,7 +22,8 @@ use jellyui::{ use rocket::{form::Form, get, post, response::content::RawHtml, FromForm, FromFormField}; #[get("/admin/users")] -pub fn r_admin_users(session: A<AdminSession>, lang: AcceptLanguage) -> MyResult<RawHtml<String>> { +pub fn r_admin_users(session: A<Session>, lang: AcceptLanguage) -> MyResult<RawHtml<String>> { + session.0.assert_admin()?; let AcceptLanguage(lang) = lang; let r = admin_users(&session.0)?; Ok(RawHtml(render_page( @@ -34,7 +35,7 @@ pub fn r_admin_users(session: A<AdminSession>, lang: AcceptLanguage) -> MyResult RenderInfo { importing: is_importing(), session: Some(SessionInfo { - user: session.0 .0.user, + user: session.0.user, }), }, lang, @@ -43,10 +44,11 @@ pub fn r_admin_users(session: A<AdminSession>, lang: AcceptLanguage) -> MyResult #[get("/admin/user/<name>")] pub fn r_admin_user<'a>( - session: A<AdminSession>, + session: A<Session>, name: &'a str, lang: AcceptLanguage, ) -> MyResult<RawHtml<String>> { + session.0.assert_admin()?; let AcceptLanguage(lang) = lang; let user = get_user(&session.0, name)?; @@ -59,7 +61,7 @@ pub fn r_admin_user<'a>( RenderInfo { importing: is_importing(), session: Some(SessionInfo { - user: session.0 .0.user, + user: session.0.user, }), }, lang, @@ -81,11 +83,12 @@ pub enum UrlGrantState { #[post("/admin/user/<name>/update_permission", data = "<form>")] pub fn r_admin_user_permission( - session: A<AdminSession>, + session: A<Session>, form: Form<UserPermissionForm>, name: &str, lang: AcceptLanguage, ) -> MyResult<RawHtml<String>> { + session.0.assert_admin()?; let AcceptLanguage(lang) = lang; let perm = serde_json::from_str::<UserPermission>(&form.permission) .context("parsing provided permission")?; @@ -112,7 +115,7 @@ pub fn r_admin_user_permission( RenderInfo { importing: is_importing(), session: Some(SessionInfo { - user: session.0 .0.user, + user: session.0.user, }), }, lang, @@ -121,10 +124,11 @@ pub fn r_admin_user_permission( #[post("/admin/<name>/remove")] pub fn r_admin_remove_user( - session: A<AdminSession>, + session: A<Session>, name: &str, lang: AcceptLanguage, ) -> MyResult<RawHtml<String>> { + session.0.assert_admin()?; let AcceptLanguage(lang) = lang; delete_user(&session.0, name)?; let r = admin_users(&session.0)?; @@ -138,7 +142,7 @@ pub fn r_admin_remove_user( RenderInfo { importing: is_importing(), session: Some(SessionInfo { - user: session.0 .0.user, + user: session.0.user, }), }, lang, |