From 346dc0f85a02c5352767e1ca7de57c96df4c39f6 Mon Sep 17 00:00:00 2001
From: Santo Cariotti <santo@dcariotti.me>
Date: Mon, 17 Oct 2022 08:48:40 +0200
Subject: Always gets claimed user on edit

---
 src/routes/user.rs | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

(limited to 'src/routes')

diff --git a/src/routes/user.rs b/src/routes/user.rs
index 2213a58..4b76423 100644
--- a/src/routes/user.rs
+++ b/src/routes/user.rs
@@ -155,19 +155,17 @@ async fn edit_user(
         }
     };
 
-    // If the user of the access token is different than the user they want to edit, checks if the
-    // first user is an admin
-    if claims.user_id != user.id {
-        match User::find_by_id(claims.user_id).await {
-            Ok(user) => {
-                if !(user.is_staff.unwrap()) {
-                    return Err(AppError::Unauthorized);
-                }
-            }
-            Err(_) => {
-                return Err(AppError::NotFound("User not found".to_string()));
-            }
-        };
+    let claimed = match User::find_by_id(claims.user_id).await {
+        Ok(user) => user,
+        Err(_) => {
+            return Err(AppError::NotFound("User not found".to_string()));
+        }
+    };
+
+    if user.id != claimed.id {
+        if !(claimed.is_staff.unwrap()) {
+            return Err(AppError::Unauthorized);
+        }
     }
 
     if user.email != payload.email && User::email_has_taken(&payload.email).await? {
-- 
cgit v1.2.3-71-g8e6c