diff options
| -rw-r--r-- | src/models/user.rs | 1 | ||||
| -rw-r--r-- | src/routes/user.rs | 9 |
2 files changed, 8 insertions, 2 deletions
diff --git a/src/models/user.rs b/src/models/user.rs index 0aaa730..fe6fb64 100644 --- a/src/models/user.rs +++ b/src/models/user.rs @@ -31,6 +31,7 @@ pub struct UserEdit { pub name: String, pub email: String, pub username: String, + pub is_staff: Option<bool>, } /// Response used to print a user (or a users list) diff --git a/src/routes/user.rs b/src/routes/user.rs index 4b76423..31366a0 100644 --- a/src/routes/user.rs +++ b/src/routes/user.rs @@ -142,10 +142,11 @@ async fn get_user(Path(user_id): Path<i32>) -> Result<Json<UserList>, AppError> } /// Edit an user with id = `user_id`. Only staffers and owner of that account can perform this -/// action +/// action. +/// Only staffers can update the user `is_staff` value async fn edit_user( Path(user_id): Path<i32>, - Json(payload): Json<UserEdit>, + Json(mut payload): Json<UserEdit>, claims: Claims, ) -> Result<Json<UserList>, AppError> { let mut user = match User::find_by_id(user_id).await { @@ -168,6 +169,10 @@ async fn edit_user( } } + if !claimed.is_staff.unwrap() && user.is_staff != payload.is_staff { + payload.is_staff = user.is_staff; + } + if user.email != payload.email && User::email_has_taken(&payload.email).await? { return Err(AppError::BadRequest( "An user with this email already exists".to_string(), |