Administrator privileges to get and delete subscribers

2025-09-30 18:27:48 +02:00
parent b5b00152cd
commit 3e81c27ab3
12 changed files with 2790 additions and 54 deletions
--- a/src/routes/admin.rs
+++ b/src/routes/admin.rs
@@ -6,11 +6,17 @@ mod posts;
 mod subscribers;

 use crate::{
-    authentication::AuthenticatedUser,
+    authentication::{AuthenticatedUser, Role},
    routes::{AppError, error_chain_fmt},
    session_state::TypedSession,
+    templates::{HtmlTemplate, MessageTemplate},
+};
+use anyhow::Context;
+use axum::{
+    extract::Request,
+    middleware::Next,
+    response::{IntoResponse, Response},
 };
-use axum::{extract::Request, middleware::Next, response::Response};
 pub use change_password::*;
 pub use dashboard::*;
 pub use logout::*;
@@ -55,10 +61,37 @@ pub async fn require_auth(
        .ok_or(AdminError::UnexpectedError(anyhow::anyhow!(
            "Could not find username in session."
        )))?;
+    let role = session
+        .get_role()
+        .await
+        .context("Error retrieving user role in session.")?
+        .ok_or(anyhow::anyhow!("Could not find user role in session."))?;

-    request
-        .extensions_mut()
-        .insert(AuthenticatedUser { user_id, username });
+    request.extensions_mut().insert(AuthenticatedUser {
+        user_id,
+        username,
+        role,
+    });

    Ok(next.run(request).await)
 }
+
+pub async fn require_admin(
+    session: TypedSession,
+    request: Request,
+    next: Next,
+) -> Result<Response, AppError> {
+    if let Role::Admin = session
+        .get_role()
+        .await
+        .context("Error retrieving user role in session.")?
+        .ok_or(anyhow::anyhow!("Could not find user role in session."))?
+    {
+        Ok(next.run(request).await)
+    } else {
+        Ok(HtmlTemplate(MessageTemplate::error(
+            "This action requires administrator privileges.".into(),
+        ))
+        .into_response())
+    }
+}