From 3e834092ba230ee081065a3b80ad227d585b5a13 Mon Sep 17 00:00:00 2001
From: metamuffin <metamuffin@disroot.org>
Date: Sat, 31 May 2025 03:26:45 +0200
Subject: get rid of admin session; checking manually instead

---
 server/src/api.rs | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

(limited to 'server/src/api.rs')

diff --git a/server/src/api.rs b/server/src/api.rs
index d983548..4fecfb6 100644
--- a/server/src/api.rs
+++ b/server/src/api.rs
@@ -7,11 +7,7 @@ use super::ui::error::MyResult;
 use crate::helper::{accept::AcceptJson, language::AcceptLanguage, A};
 use jellycommon::{user::CreateSessionParams, NodeID};
 use jellyimport::asset_token::AssetInner;
-use jellylogic::{
-    login::login_logic,
-    node::get_nodes_modified_since,
-    session::{AdminSession, Session},
-};
+use jellylogic::{login::login_logic, node::get_nodes_modified_since, session::Session};
 use jellyui::locale::get_translation_table;
 use rocket::{get, post, response::Redirect, serde::json::Json, Either};
 use serde_json::{json, Value};
@@ -60,7 +56,8 @@ pub fn r_api_account_login(data: Json<CreateSessionParams>) -> MyResult<Value> {
 }
 
 #[get("/api/asset_token_raw/<token>")]
-pub fn r_api_asset_token_raw(_admin: A<AdminSession>, token: &str) -> MyResult<Json<AssetInner>> {
+pub fn r_api_asset_token_raw(session: A<Session>, token: &str) -> MyResult<Json<AssetInner>> {
+    session.0.assert_admin()?;
     Ok(Json(AssetInner::deser(token)?))
 }
 
-- 
cgit v1.2.3-70-g09d2