new admin module handling the first of many new admin only routes

2020-08-28 18:34:20 -07:00 · 2020-08-28 18:34:20 -07:00 · 7607d067a2
commit 7607d067a2
parent 5365e583e5
2 changed files with 47 additions and 0 deletions
--- a/server-api/src/admin.rs
+++ b/server-api/src/admin.rs
@ -0,0 +1,46 @@
 // Module deals endpoints pertaining to admin-only actions
 use hyper::{Response, Body};
 use hyper::StatusCode::{NOT_FOUND, BAD_REQUEST, INTERNAL_SERVER_ERROR};
 use mysql_async::Pool;
 use mysql_async::error::Error as SqlError;
 use mysql_async::prelude::Queryable;
 use serde_json::Value;
 use crate::perms::ADMIN_PERMS;
 async fn modify_perms(p: &Pool, target: u64, new_perms: u64) -> Result<(), SqlError>{
    use mysql_async::params;
    let conn = p.get_conn().await?;
    conn.prep_exec(
        "UPDATE members SET permissions = :perms WHERE id = :id", 
        params!{
            "id" => target,
            "perms" => new_perms
        }).await?;
    Ok(())
 }
 async fn new_admin(p: &Pool, response: &mut Response<Body>, params: Value) {
    // @requires: owner level permission as regular admins can have conflict of interests
    let target_id_opt: Option<u64> = match params.get("target-id") {
        Some(val) => val.as_u64(),
        None => None
    };
    if let Some(uid) = target_id_opt {
        if !modify_perms(p, uid, ADMIN_PERMS).await.is_ok() {
            *response.status_mut() = NOT_FOUND;
            *response.body_mut() = Body::from("User not found with that id");
        }
    }
    else {
        // this is likely the users fault providing shit ass json
        *response.status_mut() = BAD_REQUEST;
        *response.body_mut() = Body::from("Missing target user id");
    }
 }
--- a/server-api/src/main.rs
+++ b/server-api/src/main.rs
@ -32,6 +32,7 @@ mod channels;
 mod members;
 mod perms;
 mod messages;
 mod admin;
 mod http_params;
 mod db_types;