From 3e834092ba230ee081065a3b80ad227d585b5a13 Mon Sep 17 00:00:00 2001 From: metamuffin Date: Sat, 31 May 2025 03:26:45 +0200 Subject: get rid of admin session; checking manually instead --- logic/src/admin/user.rs | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'logic/src/admin/user.rs') diff --git a/logic/src/admin/user.rs b/logic/src/admin/user.rs index e277077..15356a8 100644 --- a/logic/src/admin/user.rs +++ b/logic/src/admin/user.rs @@ -4,25 +4,28 @@ Copyright (C) 2025 metamuffin */ -use crate::{DATABASE, session::AdminSession}; +use crate::{DATABASE, session::Session}; use anyhow::{Result, anyhow}; use jellycommon::{ api::ApiAdminUsersResponse, user::{User, UserPermission}, }; -pub fn admin_users(_session: &AdminSession) -> Result { +pub fn admin_users(session: &Session) -> Result { + session.assert_admin()?; // TODO dont return useless info like passwords Ok(ApiAdminUsersResponse { users: DATABASE.list_users()?, }) } -pub fn get_user(_session: &AdminSession, username: &str) -> Result { +pub fn get_user(session: &Session, username: &str) -> Result { + session.assert_admin()?; DATABASE .get_user(username)? .ok_or(anyhow!("user not found")) } -pub fn delete_user(_session: &AdminSession, username: &str) -> Result<()> { +pub fn delete_user(session: &Session, username: &str) -> Result<()> { + session.assert_admin()?; if !DATABASE.delete_user(&username)? { Err(anyhow!("user did not exist"))?; } @@ -35,11 +38,12 @@ pub enum GrantState { Unset, } pub fn update_user_perms( - _session: &AdminSession, + session: &Session, username: &str, perm: UserPermission, action: GrantState, ) -> Result<()> { + session.assert_admin()?; DATABASE.update_user(username, |user| { match action { GrantState::Grant => drop(user.permissions.0.insert(perm.clone(), true)), -- cgit v1.2.3-70-g09d2