fix: update permissions for accounts routes to ManageAccounts
This commit is contained in:
@@ -289,7 +289,7 @@ auto_derived! {
|
|||||||
ManageNotes = 15,
|
ManageNotes = 15,
|
||||||
Discover = 16,
|
Discover = 16,
|
||||||
|
|
||||||
AccountDisable = 17,
|
ManageAccounts = 17,
|
||||||
}
|
}
|
||||||
|
|
||||||
pub enum AdminAuditItemActions {
|
pub enum AdminAuditItemActions {
|
||||||
@@ -322,7 +322,7 @@ auto_derived! {
|
|||||||
ServerUnbanMember,
|
ServerUnbanMember,
|
||||||
|
|
||||||
// Accounts
|
// Accounts
|
||||||
AccountDisable
|
ManageAccounts
|
||||||
}
|
}
|
||||||
|
|
||||||
// Joiner payloads
|
// Joiner payloads
|
||||||
@@ -370,7 +370,7 @@ impl AdminAuditItemActions {
|
|||||||
AdminAuditItemActions::ServerBanMember => true,
|
AdminAuditItemActions::ServerBanMember => true,
|
||||||
AdminAuditItemActions::ServerUnbanMember => true,
|
AdminAuditItemActions::ServerUnbanMember => true,
|
||||||
AdminAuditItemActions::ServerFetchMembers => false,
|
AdminAuditItemActions::ServerFetchMembers => false,
|
||||||
AdminAuditItemActions::AccountDisable => true,
|
AdminAuditItemActions::ManageAccounts => true,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ use rocket::serde::json::Json;
|
|||||||
use rocket::State;
|
use rocket::State;
|
||||||
use rocket_empty::EmptyResponse;
|
use rocket_empty::EmptyResponse;
|
||||||
|
|
||||||
/// Disable an account. Requires AccountDisable permissions
|
/// Disable an account. Requires ManageAccounts permissions
|
||||||
#[openapi(tag = "Admin")]
|
#[openapi(tag = "Admin")]
|
||||||
#[post("/accounts/disable/<id>?<case>")]
|
#[post("/accounts/disable/<id>?<case>")]
|
||||||
pub async fn admin_account_disable(
|
pub async fn admin_account_disable(
|
||||||
@@ -19,9 +19,9 @@ pub async fn admin_account_disable(
|
|||||||
case: Option<&str>,
|
case: Option<&str>,
|
||||||
) -> Result<EmptyResponse> {
|
) -> Result<EmptyResponse> {
|
||||||
let user = flatten_authorized_user(&auth);
|
let user = flatten_authorized_user(&auth);
|
||||||
if !user_has_permission(user, v0::AdminUserPermissionFlags::AccountDisable) {
|
if !user_has_permission(user, v0::AdminUserPermissionFlags::ManageAccounts) {
|
||||||
return Err(create_error!(MissingPermission {
|
return Err(create_error!(MissingPermission {
|
||||||
permission: "AccountDisable".to_string()
|
permission: "ManageAccounts".to_string()
|
||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -34,7 +34,7 @@ pub async fn admin_account_disable(
|
|||||||
let admin = db.admin_user_fetch(&target.id).await.ok();
|
let admin = db.admin_user_fetch(&target.id).await.ok();
|
||||||
|
|
||||||
if let Some(admin) = admin {
|
if let Some(admin) = admin {
|
||||||
if user_has_permission(&admin, v0::AdminUserPermissionFlags::AccountDisable) {
|
if user_has_permission(&admin, v0::AdminUserPermissionFlags::ManageAccounts) {
|
||||||
return Err(create_error!(PrivilegedAccount));
|
return Err(create_error!(PrivilegedAccount));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -42,7 +42,7 @@ pub async fn admin_account_disable(
|
|||||||
create_audit_action(
|
create_audit_action(
|
||||||
db,
|
db,
|
||||||
&user.id,
|
&user.id,
|
||||||
v0::AdminAuditItemActions::AccountDisable,
|
v0::AdminAuditItemActions::ManageAccounts,
|
||||||
case,
|
case,
|
||||||
Some(id.id),
|
Some(id.id),
|
||||||
None,
|
None,
|
||||||
|
|||||||
Reference in New Issue
Block a user