EinsatzOnline
/
EinsatzOnline
1
0
Fork 0
Code Issues 19 Pull Requests Projects 5 Releases Wiki Activity
EinsatzOnline/src/modules/api/users/update.rs

47 lines
2.1 KiB
Rust
Raw Blame History

use crate::helper::settings::Settings;
use rocket::State;
use crate::helper::session_cookies::model::SessionCookie;
use crate::modules::member_management::model::login::Login;
use crate::modules::api::model::api_outcome::{ApiErrorWrapper, ApiError};
use rocket::serde::json::Json;
use crate::modules::api::member_management::controller::parser::{parse_member_cookie, parse_uuid_string};
use crate::helper::check_access::check_access_to_member_and_group;
use crate::database::controller::groups::get_groups_for_member;
use crate::database::controller::users::update_user_email;
use crate::helper::translate_diesel_error::translate_diesel;
#[derive(Queryable, Clone, Deserialize, Serialize)]
pub struct UpdateUserData{
pub(crate) user_id: uuid::Uuid,
pub(crate) email: String,
pub(crate) member_id: uuid::Uuid,
}
#[put("/api/users/<user_id>", format = "json", data = "<update_user_data>")]
pub fn update_user(settings: &State<Settings>, cookie: SessionCookie, user_id: String, update_user_data: Json<UpdateUserData>) -> Result<Json<Login>, Json<ApiErrorWrapper>>{
let caller = parse_member_cookie(cookie.member)?;
let data = update_user_data.into_inner();
let user_id = parse_uuid_string(user_id)?;
if user_id != data.user_id{
return Err(Json(ApiError::new(400, "User id's doesn't match".to_string()).to_wrapper()))
}
let member_groups = get_groups_for_member(settings, data.member_id);
if caller.entity_id != data.member_id { //Skip permission check if user edits own login
if !check_access_to_member_and_group(settings, data.member_id, member_groups, caller.entity_id, "modules.member_management.profile.login.edit".to_string()) {
return Err(Json(ApiError::new(401, "Keine Rechte Login für dieses Mitglied zu verändern!".to_string()).to_wrapper()))
}
}
match update_user_email(settings, user_id, data.email){
Ok(user) => Ok(Json(Login{
user_id: Some(user.id),
email: Some(user.email),
login_allowed: true
})),
Err(e) => Err(translate_diesel(e))
}
}
Reference in New Issue View Git Blame Copy Permalink