litecloud/api/src/admin.rs
2025-06-03 19:30:28 +02:00

99 lines
2.2 KiB
Rust

use rocket::{State, http::Status};
use rocket::serde::{Deserialize, json::Json};
use sqlx::PgPool;
use crate::auth::AuthenticatedUser;
use crate::models::User;
#[get("/users")]
pub async fn list_users(pool: &State<PgPool>, user: AuthenticatedUser) -> Result<Json<Vec<User>>, Status> {
if user.role != "admin" {
return Err(Status::Forbidden);
}
let users = sqlx::query_as!(
User,
"SELECT id, role, quota, created_at, password_hash, name FROM users"
)
.fetch_all(pool.inner())
.await
.map_err(|_| Status::InternalServerError)?;
Ok(Json(users))
}
#[derive(Deserialize)]
pub struct UpdateRole {
pub user_id: i32,
pub new_role: String,
}
#[post("/user/role", data = "<data>")]
pub async fn update_role(pool: &State<PgPool>, user: AuthenticatedUser, data: Json<UpdateRole>) -> Status {
if user.role != "admin" {
return Status::Forbidden;
}
if let Err(_) = sqlx::query!(
"UPDATE users SET role = $1 WHERE id = $2",
data.new_role,
data.user_id
)
.execute(pool.inner())
.await
{
return Status::InternalServerError;
}
if let Err(_) = sqlx::query!(
"UPDATE users SET role = $1 WHERE id = $2",
data.new_role,
data.user_id
)
.execute(pool.inner())
.await
{
return Status::InternalServerError;
}
Status::Ok
}
#[derive(Deserialize)]
pub struct UpdateQuota {
pub user_id: i32,
pub quota: i64,
}
#[post("/user/quota", data = "<data>")]
pub async fn update_quota(pool: &State<PgPool>, user: AuthenticatedUser, data: Json<UpdateQuota>) -> Status {
if user.role != "admin" {
return Status::Forbidden;
}
if let Err(_) = sqlx::query!(
"UPDATE users SET quota = $1 WHERE id = $2",
data.quota,
data.user_id
)
.execute(pool.inner())
.await
{
return Status::InternalServerError;
}
if let Err(_) = sqlx::query!(
"UPDATE users SET quota = $1 WHERE id = $2",
data.quota,
data.user_id
)
.execute(pool.inner())
.await
{
return Status::InternalServerError;
}
Status::Ok
}