Plume/plume-models/src/admin.rs
Ana Gelez 309e1200d0 Make a distinction between moderators and admins (#619)
* Make a distinction between moderators and admins

And rework the user list in the moderation interface, to be able to run the same action on many users,
and to have a huge list of actions whithout loosing space.

* Make user's role an enum + make it impossible for a moderator to escalate privileges

With the help of diesel-derive-enum (maybe it could be used in other places too?)

Also, moderators are still able to grant or revoke moderation rights to other people, but maybe only admins should be able to do it?

* Cargo fmt

* copy/pasting is bad

* Remove diesel-derive-enum and use an integer instead

It was not compatible with both Postgres and SQlite, because for one it generated a schema
with the "User_role" type, but for the other it was "Text"…

* Reset translations

* Use an enum to avoid magic numbers + fix the tests

* Reset translations

* Fix down.sql
2019-09-13 12:28:36 +02:00

40 lines
1016 B
Rust

use rocket::{
http::Status,
request::{self, FromRequest, Request},
Outcome,
};
use users::User;
/// Wrapper around User to use as a request guard on pages reserved to admins.
pub struct Admin(pub User);
impl<'a, 'r> FromRequest<'a, 'r> for Admin {
type Error = ();
fn from_request(request: &'a Request<'r>) -> request::Outcome<Admin, ()> {
let user = request.guard::<User>()?;
if user.is_admin() {
Outcome::Success(Admin(user))
} else {
Outcome::Failure((Status::Unauthorized, ()))
}
}
}
/// Same as `Admin` but for moderators.
pub struct Moderator(pub User);
impl<'a, 'r> FromRequest<'a, 'r> for Moderator {
type Error = ();
fn from_request(request: &'a Request<'r>) -> request::Outcome<Moderator, ()> {
let user = request.guard::<User>()?;
if user.is_moderator() {
Outcome::Success(Moderator(user))
} else {
Outcome::Failure((Status::Unauthorized, ()))
}
}
}