server/src/ui/admin/user.rs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

/*
    This file is part of jellything (https://codeberg.org/metamuffin/jellything)
    which is licensed under the GNU Affero General Public License (version 3); see /COPYING.
    Copyright (C) 2026 metamuffin <metamuffin.org>
*/
use crate::{request_info::RequestInfo, ui::error::MyResult};
use anyhow::Context;
use jellycommon::routes::{u_admin_user, u_admin_users};
use rocket::{
    FromForm, FromFormField,
    form::Form,
    get, post,
    response::{Flash, Redirect, content::RawHtml},
};

#[get("/admin/users")]
pub fn r_admin_users(ri: RequestInfo) -> MyResult<RawHtml<String>> {
    ri.session.assert_admin()?;
    let r = admin_users(&ri.session)?;
    Ok(RawHtml(render_page(
        &AdminUsersPage {
            flash: &None,
            lang: &ri.lang,
            users: &r.users,
        },
        ri.render_info(),
    )))
}

#[get("/admin/user/<name>")]
pub fn r_admin_user(ri: RequestInfo, name: &str) -> MyResult<RawHtml<String>> {
    ri.session.assert_admin()?;
    let user = get_user(&ri.session, name)?;

    Ok(RawHtml(render_page(
        &AdminUserPage {
            flash: &None,
            lang: &ri.lang,
            user: &user,
        },
        ri.render_info(),
    )))
}

#[derive(FromForm)]
pub struct UserPermissionForm {
    permission: String,
    action: UrlGrantState,
}

#[derive(FromFormField)]
pub enum UrlGrantState {
    Grant,
    Revoke,
    Unset,
}

#[post("/admin/user/<name>/update_permission", data = "<form>")]
pub fn r_admin_user_permission(
    ri: RequestInfo,
    form: Form<UserPermissionForm>,
    name: &str,
) -> MyResult<Flash<Redirect>> {
    ri.session.assert_admin()?;
    let perm = serde_json::from_str::<UserPermission>(&form.permission)
        .context("parsing provided permission")?;

    update_user_perms(
        &ri.session,
        name,
        perm,
        match form.action {
            UrlGrantState::Grant => GrantState::Grant,
            UrlGrantState::Revoke => GrantState::Revoke,
            UrlGrantState::Unset => GrantState::Unset,
        },
    )?;

    Ok(Flash::success(
        Redirect::to(u_admin_user(name)),
        tr(ri.lang, "admin.users.permission_update_success"),
    ))
}

#[post("/admin/<name>/remove")]
pub fn r_admin_remove_user(ri: RequestInfo, name: &str) -> MyResult<Flash<Redirect>> {
    ri.session.assert_admin()?;
    delete_user(&ri.session, name)?;
    Ok(Flash::success(
        Redirect::to(u_admin_users()),
        tr(ri.lang, "admin.users.remove_success"),
    ))
}