Files
handmade-revolt-backend/src/routes/users/fetch_user.rs

21 lines
611 B
Rust

//! Fetch another user
//!
//! Will fail if the authenticated user does not
//! have permission to access the other user.
use revolt_quark::{Ref, Result, Error, models::User, perms, Database};
use rocket::{serde::json::Json, State};
#[get("/<target>")]
pub async fn req(db: &State<Database>, user: User, target: Ref) -> Result<Json<User>> {
let target = target.as_user(db).await?;
let permissions = perms(&user).user(&target).calc_user(db).await;
if permissions.get_access() {
Ok(Json(target.with_perspective(&user, &permissions)))
} else {
Err(Error::NotFound)
}
}