47 lines
2.1 KiB
Rust
47 lines
2.1 KiB
Rust
use crate::helper::settings::Settings;
|
|
use rocket::State;
|
|
use crate::helper::session_cookies::model::SessionCookie;
|
|
use crate::modules::member_management::model::login::Login;
|
|
use crate::modules::api::model::api_outcome::{ApiErrorWrapper, ApiError};
|
|
use rocket::serde::json::Json;
|
|
use crate::modules::api::member_management::controller::parser::{parse_member_cookie, parse_uuid_string};
|
|
use crate::helper::check_access::check_access_to_member_and_group;
|
|
use crate::database::controller::groups::get_groups_for_member;
|
|
use crate::database::controller::users::update_user_email;
|
|
use crate::helper::translate_diesel_error::translate_diesel;
|
|
|
|
#[derive(Queryable, Clone, Deserialize, Serialize)]
|
|
pub struct UpdateUserData{
|
|
pub(crate) user_id: uuid::Uuid,
|
|
pub(crate) email: String,
|
|
pub(crate) member_id: uuid::Uuid,
|
|
}
|
|
|
|
#[put("/api/users/<user_id>", format = "json", data = "<update_user_data>")]
|
|
pub fn update_user(settings: &State<Settings>, cookie: SessionCookie, user_id: String, update_user_data: Json<UpdateUserData>) -> Result<Json<Login>, Json<ApiErrorWrapper>>{
|
|
let caller = parse_member_cookie(cookie.member)?;
|
|
let data = update_user_data.into_inner();
|
|
|
|
let user_id = parse_uuid_string(user_id)?;
|
|
|
|
if user_id != data.user_id{
|
|
return Err(Json(ApiError::new(400, "User id's doesn't match".to_string()).to_wrapper()))
|
|
}
|
|
|
|
let member_groups = get_groups_for_member(settings, data.member_id);
|
|
|
|
if caller.entity_id != data.member_id { //Skip permission check if user edits own login
|
|
if !check_access_to_member_and_group(settings, data.member_id, member_groups, caller.entity_id, "modules.member_management.profile.login.edit".to_string()) {
|
|
return Err(Json(ApiError::new(401, "Keine Rechte Login für dieses Mitglied zu verändern!".to_string()).to_wrapper()))
|
|
}
|
|
}
|
|
|
|
match update_user_email(settings, user_id, data.email){
|
|
Ok(user) => Ok(Json(Login{
|
|
user_id: Some(user.id),
|
|
email: Some(user.email),
|
|
login_allowed: true
|
|
})),
|
|
Err(e) => Err(translate_diesel(e))
|
|
}
|
|
} |