Always gets claimed user on edit

author: Santo Cariotti <santo@dcariotti.me> 2022-10-17 06:48:40 +0000
committer: Santo Cariotti <santo@dcariotti.me> 2022-10-17 06:48:40 +0000
commit: 346dc0f85a02c5352767e1ca7de57c96df4c39f6 (patch)
tree: e7de80e558aa665639bfa4b83920f01ef7ebaa84 /src/routes/user.rs
parent: 52057aa77cac900dffaf38a121ace8cd64a4abc7 (diff)
1 files changed, 11 insertions, 13 deletions
diff --git a/src/routes/user.rs b/src/routes/user.rs
index 2213a58..4b76423 100644
--- a/src/routes/user.rs
+++ b/src/routes/user.rs
@@ -155,19 +155,17 @@ async fn edit_user(
         }
     };
 
-    // If the user of the access token is different than the user they want to edit, checks if the
-    // first user is an admin
-    if claims.user_id != user.id {
-        match User::find_by_id(claims.user_id).await {
-            Ok(user) => {
-                if !(user.is_staff.unwrap()) {
-                    return Err(AppError::Unauthorized);
-                }
-            }
-            Err(_) => {
-                return Err(AppError::NotFound("User not found".to_string()));
-            }
-        };
+    let claimed = match User::find_by_id(claims.user_id).await {
+        Ok(user) => user,
+        Err(_) => {
+            return Err(AppError::NotFound("User not found".to_string()));
+        }
+    };
+
+    if user.id != claimed.id {
+        if !(claimed.is_staff.unwrap()) {
+            return Err(AppError::Unauthorized);
+        }
     }
 
     if user.email != payload.email && User::email_has_taken(&payload.email).await? {
author	Santo Cariotti <santo@dcariotti.me>	2022-10-17 06:48:40 +0000
committer	Santo Cariotti <santo@dcariotti.me>	2022-10-17 06:48:40 +0000
commit	346dc0f85a02c5352767e1ca7de57c96df4c39f6 (patch)
tree	e7de80e558aa665639bfa4b83920f01ef7ebaa84 /src/routes/user.rs
parent	52057aa77cac900dffaf38a121ace8cd64a4abc7 (diff)