From 3e834092ba230ee081065a3b80ad227d585b5a13 Mon Sep 17 00:00:00 2001 From: metamuffin Date: Sat, 31 May 2025 03:26:45 +0200 Subject: get rid of admin session; checking manually instead --- logic/src/admin/mod.rs | 22 ++++++++++++---------- logic/src/admin/user.rs | 14 +++++++++----- 2 files changed, 21 insertions(+), 15 deletions(-) (limited to 'logic/src/admin') diff --git a/logic/src/admin/mod.rs b/logic/src/admin/mod.rs index 804cb2b..d8b21b6 100644 --- a/logic/src/admin/mod.rs +++ b/logic/src/admin/mod.rs @@ -7,38 +7,40 @@ pub mod log; pub mod user; -use crate::{DATABASE, session::AdminSession}; +use crate::{DATABASE, session::Session}; use anyhow::{Result, anyhow}; use jellyimport::{IMPORT_ERRORS, import_wrap}; use rand::Rng; use std::time::{Duration, Instant}; use tokio::task::spawn_blocking; -pub async fn get_import_errors(_session: &AdminSession) -> Vec { +pub async fn get_import_errors(_session: &Session) -> Vec { IMPORT_ERRORS.read().await.to_owned() } -pub fn list_invites(_session: &AdminSession) -> Result> { +pub fn list_invites(session: &Session) -> Result> { + session.assert_admin()?; DATABASE.list_invites() } -pub fn create_invite(_session: &AdminSession) -> Result { +pub fn create_invite(session: &Session) -> Result { + session.assert_admin()?; let i = format!("{}", rand::rng().random::()); DATABASE.create_invite(&i)?; Ok(i) } -pub fn delete_invite(_session: &AdminSession, invite: &str) -> Result<()> { +pub fn delete_invite(session: &Session, invite: &str) -> Result<()> { + session.assert_admin()?; if !DATABASE.delete_invite(invite)? { Err(anyhow!("invite does not exist"))?; }; Ok(()) } -pub async fn update_search_index(_session: &AdminSession) -> Result<()> { +pub async fn update_search_index(session: &Session) -> Result<()> { + session.assert_admin()?; spawn_blocking(move || DATABASE.search_create_index()).await? } -pub async fn do_import( - _session: &AdminSession, - incremental: bool, -) -> Result<(Duration, Result<()>)> { +pub async fn do_import(session: &Session, incremental: bool) -> Result<(Duration, Result<()>)> { + session.assert_admin()?; let t = Instant::now(); if !incremental { DATABASE.clear_nodes()?; diff --git a/logic/src/admin/user.rs b/logic/src/admin/user.rs index e277077..15356a8 100644 --- a/logic/src/admin/user.rs +++ b/logic/src/admin/user.rs @@ -4,25 +4,28 @@ Copyright (C) 2025 metamuffin */ -use crate::{DATABASE, session::AdminSession}; +use crate::{DATABASE, session::Session}; use anyhow::{Result, anyhow}; use jellycommon::{ api::ApiAdminUsersResponse, user::{User, UserPermission}, }; -pub fn admin_users(_session: &AdminSession) -> Result { +pub fn admin_users(session: &Session) -> Result { + session.assert_admin()?; // TODO dont return useless info like passwords Ok(ApiAdminUsersResponse { users: DATABASE.list_users()?, }) } -pub fn get_user(_session: &AdminSession, username: &str) -> Result { +pub fn get_user(session: &Session, username: &str) -> Result { + session.assert_admin()?; DATABASE .get_user(username)? .ok_or(anyhow!("user not found")) } -pub fn delete_user(_session: &AdminSession, username: &str) -> Result<()> { +pub fn delete_user(session: &Session, username: &str) -> Result<()> { + session.assert_admin()?; if !DATABASE.delete_user(&username)? { Err(anyhow!("user did not exist"))?; } @@ -35,11 +38,12 @@ pub enum GrantState { Unset, } pub fn update_user_perms( - _session: &AdminSession, + session: &Session, username: &str, perm: UserPermission, action: GrantState, ) -> Result<()> { + session.assert_admin()?; DATABASE.update_user(username, |user| { match action { GrantState::Grant => drop(user.permissions.0.insert(perm.clone(), true)), -- cgit v1.2.3-70-g09d2