use rocket::{State, http::Status}; use rocket::serde::{Deserialize, json::Json}; use sqlx::PgPool; use crate::auth::AuthenticatedUser; use crate::models::User; #[get("/users")] pub async fn list_users(pool: &State, user: AuthenticatedUser) -> Result>, Status> { if user.role != "admin" { return Err(Status::Forbidden); } let users = sqlx::query_as!( User, "SELECT id, role, quota, created_at, password_hash, name FROM users" ) .fetch_all(pool.inner()) .await .map_err(|_| Status::InternalServerError)?; // Fixed error handling Ok(Json(users)) } #[derive(Deserialize)] pub struct UpdateRole { pub user_id: i32, pub new_role: String, // e.g. "admin" or "user" } #[post("/user/role", data = "")] pub async fn update_role(pool: &State, user: AuthenticatedUser, data: Json) -> Status { if user.role != "admin" { return Status::Forbidden; } if let Err(_) = sqlx::query!( "UPDATE users SET role = $1 WHERE id = $2", data.new_role, data.user_id ) .execute(pool.inner()) .await { return Status::InternalServerError; } if let Err(_) = sqlx::query!( "UPDATE users SET role = $1 WHERE id = $2", data.new_role, data.user_id ) .execute(pool.inner()) .await { return Status::InternalServerError; } Status::Ok } #[derive(Deserialize)] pub struct UpdateQuota { pub user_id: i32, pub quota: i64, // in bytes } #[post("/user/quota", data = "")] pub async fn update_quota(pool: &State, user: AuthenticatedUser, data: Json) -> Status { if user.role != "admin" { return Status::Forbidden; } if let Err(_) = sqlx::query!( "UPDATE users SET quota = $1 WHERE id = $2", data.quota, data.user_id ) .execute(pool.inner()) .await { return Status::InternalServerError; } if let Err(_) = sqlx::query!( "UPDATE users SET quota = $1 WHERE id = $2", data.quota, data.user_id ) .execute(pool.inner()) .await { return Status::InternalServerError; } Status::Ok }