98 lines
2.2 KiB
Rust
98 lines
2.2 KiB
Rust
use rocket::{State, http::Status};
|
|
use rocket::serde::{Deserialize, json::Json};
|
|
use sqlx::PgPool;
|
|
|
|
use crate::auth::AuthenticatedUser;
|
|
use crate::models::User;
|
|
|
|
#[get("/users")]
|
|
pub async fn list_users(pool: &State<PgPool>, user: AuthenticatedUser) -> Result<Json<Vec<User>>, Status> {
|
|
if user.role != "admin" {
|
|
return Err(Status::Forbidden);
|
|
}
|
|
|
|
let users = sqlx::query_as!(
|
|
User,
|
|
"SELECT id, role, quota, created_at, password_hash, name FROM users"
|
|
)
|
|
.fetch_all(pool.inner())
|
|
.await
|
|
.map_err(|_| Status::InternalServerError)?; // Fixed error handling
|
|
|
|
Ok(Json(users))
|
|
}
|
|
|
|
#[derive(Deserialize)]
|
|
pub struct UpdateRole {
|
|
pub user_id: i32,
|
|
pub new_role: String, // e.g. "admin" or "user"
|
|
}
|
|
|
|
#[post("/user/role", data = "<data>")]
|
|
pub async fn update_role(pool: &State<PgPool>, user: AuthenticatedUser, data: Json<UpdateRole>) -> Status {
|
|
if user.role != "admin" {
|
|
return Status::Forbidden;
|
|
}
|
|
|
|
if let Err(_) = sqlx::query!(
|
|
"UPDATE users SET role = $1 WHERE id = $2",
|
|
data.new_role,
|
|
data.user_id
|
|
)
|
|
.execute(pool.inner())
|
|
.await
|
|
{
|
|
return Status::InternalServerError;
|
|
}
|
|
|
|
if let Err(_) = sqlx::query!(
|
|
"UPDATE users SET role = $1 WHERE id = $2",
|
|
data.new_role,
|
|
data.user_id
|
|
)
|
|
.execute(pool.inner())
|
|
.await
|
|
{
|
|
return Status::InternalServerError;
|
|
}
|
|
|
|
Status::Ok
|
|
}
|
|
|
|
#[derive(Deserialize)]
|
|
pub struct UpdateQuota {
|
|
pub user_id: i32,
|
|
pub quota: i64, // in bytes
|
|
}
|
|
|
|
#[post("/user/quota", data = "<data>")]
|
|
pub async fn update_quota(pool: &State<PgPool>, user: AuthenticatedUser, data: Json<UpdateQuota>) -> Status {
|
|
if user.role != "admin" {
|
|
return Status::Forbidden;
|
|
}
|
|
|
|
if let Err(_) = sqlx::query!(
|
|
"UPDATE users SET quota = $1 WHERE id = $2",
|
|
data.quota,
|
|
data.user_id
|
|
)
|
|
.execute(pool.inner())
|
|
.await
|
|
{
|
|
return Status::InternalServerError;
|
|
}
|
|
|
|
if let Err(_) = sqlx::query!(
|
|
"UPDATE users SET quota = $1 WHERE id = $2",
|
|
data.quota,
|
|
data.user_id
|
|
)
|
|
.execute(pool.inner())
|
|
.await
|
|
{
|
|
return Status::InternalServerError;
|
|
}
|
|
|
|
Status::Ok
|
|
}
|