use revolt_database::{util::reference::Reference, AdminMachineToken, Database}; use revolt_models::v0::{self}; use revolt_result::{create_error, Result}; use rocket::State; use rocket_empty::EmptyResponse; use crate::routes::admin::util::user_has_permission; /// Revoke a token. Must be your own, or you must have the ManageAdminUsers permission to revoke other's tokens. /// You must have the CreateTokens permission. #[openapi(tag = "Admin")] #[delete("/tokens/")] pub async fn admin_revoke_token( db: &State, auth: AdminMachineToken, token: Reference, ) -> Result { if !user_has_permission( &auth.on_behalf_of, v0::AdminUserPermissionFlags::CreateTokens, ) { return Err(create_error!(NotFound)); } let token = token.as_admin_token(db).await?; // only own user and those with ManageAdminUsers can revoke a token if token.user_id != auth.on_behalf_of.id && !user_has_permission( &auth.on_behalf_of, v0::AdminUserPermissionFlags::ManageAdminUsers, ) { return Err(create_error!(NotFound)); } db.admin_token_revoke(&token.id).await?; Ok(EmptyResponse) }