fix(admin): allow fetching current user without elevated ACL (#3)
This commit is contained in:
hampus-fluxer
GitHub
parent
b997d3b263
commit
275126d61b
@ -486,7 +486,44 @@ pub fn get_current_admin(
|
|||||||
ctx: web.Context,
|
ctx: web.Context,
|
||||||
session: web.Session,
|
session: web.Session,
|
||||||
) -> Result(Option(UserLookupResult), ApiError) {
|
) -> Result(Option(UserLookupResult), ApiError) {
|
||||||
lookup_user(ctx, session, session.user_id)
|
let url = ctx.api_endpoint <> "/admin/users/me"
|
||||||
|
|
||||||
|
let assert Ok(req) = request.to(url)
|
||||||
|
let req =
|
||||||
|
req
|
||||||
|
|> request.set_method(http.Get)
|
||||||
|
|> request.set_header("authorization", "Bearer " <> session.access_token)
|
||||||
|
case httpc.send(req) {
|
||||||
|
Ok(resp) if resp.status == 200 -> {
|
||||||
|
let decoder = {
|
||||||
|
use user <- decode.field("user", decode.optional(user_lookup_decoder()))
|
||||||
|
decode.success(user)
|
||||||
|
}
|
||||||
|
|
||||||
|
case json.parse(resp.body, decoder) {
|
||||||
|
Ok(result) -> Ok(result)
|
||||||
|
Error(_) -> Error(ServerError)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Ok(resp) if resp.status == 401 -> Error(Unauthorized)
|
||||||
|
Ok(resp) if resp.status == 403 -> {
|
||||||
|
let message_decoder = {
|
||||||
|
use message <- decode.field("message", decode.string)
|
||||||
|
decode.success(message)
|
||||||
|
}
|
||||||
|
|
||||||
|
let message = case json.parse(resp.body, message_decoder) {
|
||||||
|
Ok(msg) -> msg
|
||||||
|
Error(_) ->
|
||||||
|
"Missing required permissions. Contact an administrator to request access."
|
||||||
|
}
|
||||||
|
|
||||||
|
Error(Forbidden(message))
|
||||||
|
}
|
||||||
|
Ok(resp) if resp.status == 404 -> Error(NotFound)
|
||||||
|
Ok(_resp) -> Error(ServerError)
|
||||||
|
Error(_) -> Error(NetworkError)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn set_user_acls(
|
pub fn set_user_acls(
|
||||||
|
|||||||
@ -36,6 +36,7 @@ import {
|
|||||||
ListUserGuildsRequest,
|
ListUserGuildsRequest,
|
||||||
ListUserSessionsRequest,
|
ListUserSessionsRequest,
|
||||||
LookupUserRequest,
|
LookupUserRequest,
|
||||||
|
mapUserToAdminResponse,
|
||||||
ScheduleAccountDeletionRequest,
|
ScheduleAccountDeletionRequest,
|
||||||
SendPasswordResetRequest,
|
SendPasswordResetRequest,
|
||||||
SetUserAclsRequest,
|
SetUserAclsRequest,
|
||||||
@ -50,6 +51,14 @@ import {
|
|||||||
} from '../AdminModel';
|
} from '../AdminModel';
|
||||||
|
|
||||||
export const UserAdminController = (app: HonoApp) => {
|
export const UserAdminController = (app: HonoApp) => {
|
||||||
|
app.get('/admin/users/me', requireAdminACL(AdminACLs.AUTHENTICATE), async (ctx) => {
|
||||||
|
const adminUser = ctx.get('user');
|
||||||
|
const cacheService = ctx.get('cacheService');
|
||||||
|
return ctx.json({
|
||||||
|
user: await mapUserToAdminResponse(adminUser, cacheService),
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
app.post(
|
app.post(
|
||||||
'/admin/users/lookup',
|
'/admin/users/lookup',
|
||||||
RateLimitMiddleware(RateLimitConfigs.ADMIN_LOOKUP),
|
RateLimitMiddleware(RateLimitConfigs.ADMIN_LOOKUP),
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user