allow to edit users; Fixes #688
All checks were successful
CI/CD Pipeline / test (push) Successful in 10m25s
CI/CD Pipeline / deploy-staging (push) Has been skipped
CI/CD Pipeline / deploy-main (push) Has been skipped

This commit is contained in:
philipp 2024-08-19 13:23:08 +02:00
parent 6e72e2a753
commit 93c8316543
2 changed files with 10 additions and 9 deletions

View File

@ -1001,6 +1001,7 @@ special_user!(SchnupperBetreuerUser, +"schnupper-betreuer");
special_user!(VorstandUser, +"Vorstand");
special_user!(EventUser, +"manage_events");
special_user!(AllowedToEditPaymentStatusUser, +"kassier", +"admin");
special_user!(ManageUserUser, +"admin", +"schriftfuehrer");
#[derive(FromRow, Serialize, Deserialize, Clone, Debug)]
pub struct UserWithRolesAndMembershipPdf {

View File

@ -7,7 +7,7 @@ use crate::{
logbook::Logbook,
role::Role,
user::{
AdminUser, AllowedToEditPaymentStatusUser, SchnupperBetreuerUser, User,
AdminUser, AllowedToEditPaymentStatusUser, ManageUserUser, SchnupperBetreuerUser, User,
UserWithDetails, UserWithMembershipPdf, UserWithRolesAndMembershipPdf, VorstandUser,
},
},
@ -56,7 +56,7 @@ async fn index(
.collect();
let user: User = user.into_inner();
let allowed_to_edit = user.has_role(db, "admin").await;
let allowed_to_edit = ManageUserUser::new(db, user.clone()).await.is_some();
let users: Vec<UserWithRolesAndMembershipPdf> = join_all(user_futures).await;
@ -90,7 +90,7 @@ async fn index_admin(
let users: Vec<UserWithRolesAndMembershipPdf> = join_all(user_futures).await;
let user: User = user.user;
let allowed_to_edit = user.has_role(db, "admin").await;
let allowed_to_edit = ManageUserUser::new(db, user.clone()).await.is_some();
let roles = Role::all(db).await;
let families = Family::all_with_members(db).await;
@ -215,7 +215,7 @@ async fn fees_paid(
#[get("/user/<user>/send-welcome-mail")]
async fn send_welcome_mail(
db: &State<SqlitePool>,
_admin: AdminUser,
_admin: ManageUserUser,
config: &State<Config>,
user: i32,
) -> Flash<Redirect> {
@ -233,7 +233,7 @@ async fn send_welcome_mail(
}
#[get("/user/<user>/reset-pw")]
async fn resetpw(db: &State<SqlitePool>, admin: AdminUser, user: i32) -> Flash<Redirect> {
async fn resetpw(db: &State<SqlitePool>, admin: ManageUserUser, user: i32) -> Flash<Redirect> {
let user = User::find_by_id(db, user).await;
match user {
Some(user) => {
@ -253,7 +253,7 @@ async fn resetpw(db: &State<SqlitePool>, admin: AdminUser, user: i32) -> Flash<R
}
#[get("/user/<user>/delete")]
async fn delete(db: &State<SqlitePool>, admin: AdminUser, user: i32) -> Flash<Redirect> {
async fn delete(db: &State<SqlitePool>, admin: ManageUserUser, user: i32) -> Flash<Redirect> {
let user = User::find_by_id(db, user).await;
Log::create(db, format!("{} deleted user: {user:?}", admin.user.name)).await;
match user {
@ -290,7 +290,7 @@ pub struct UserEditForm<'a> {
async fn update(
db: &State<SqlitePool>,
data: Form<UserEditForm<'_>>,
admin: AdminUser,
admin: ManageUserUser,
) -> Flash<Redirect> {
let user = User::find_by_id(db, data.id).await;
Log::create(
@ -313,7 +313,7 @@ async fn update(
#[get("/user/<user>/membership")]
async fn download_membership_pdf(
db: &State<SqlitePool>,
admin: AdminUser,
admin: ManageUserUser,
user: i32,
) -> (ContentType, Vec<u8>) {
let user = User::find_by_id(db, user).await.unwrap();
@ -339,7 +339,7 @@ struct UserAddForm<'r> {
async fn create(
db: &State<SqlitePool>,
data: Form<UserAddForm<'_>>,
admin: AdminUser,
admin: ManageUserUser,
) -> Flash<Redirect> {
if User::create(db, data.name).await {
Log::create(