moonfire-nvr/server/src/web/users.rs

// This file is part of Moonfire NVR, a security camera network video recorder.
// Copyright (C) 2022 The Moonfire NVR Authors; see AUTHORS and LICENSE.txt.
// SPDX-License-Identifier: GPL-v3.0-or-later WITH GPL-3.0-linking-exception.

//! User management: `/api/users/*`.

use base::{bail_t, format_err_t};
use http::{Method, Request, StatusCode};

use crate::json::{self, PutUsersResponse, UserSubset, UserSummary};

use super::{
    bad_req, extract_json_body, plain_response, require_csrf_if_session, serve_json, Caller,
    ResponseResult, Service,
};

impl Service {
    pub(super) async fn users(&self, req: Request<hyper::Body>, caller: Caller) -> ResponseResult {
        match *req.method() {
            Method::GET | Method::HEAD => self.get_users(req, caller).await,
            Method::PUT => self.put_users(req, caller).await,
            _ => Err(
                plain_response(StatusCode::METHOD_NOT_ALLOWED, "GET, HEAD, or PUT expected").into(),
            ),
        }
    }

    async fn get_users(&self, req: Request<hyper::Body>, caller: Caller) -> ResponseResult {
        if !caller.permissions.admin_users {
            bail_t!(Unauthenticated, "must have admin_users permission");
        }
        let users = self
            .db
            .lock()
            .users_by_id()
            .iter()
            .map(|(&id, user)| UserSummary {
                id,
                username: user.username.clone(),
            })
            .collect();
        serve_json(&req, &json::GetUsersResponse { users })
    }

    async fn put_users(&self, mut req: Request<hyper::Body>, caller: Caller) -> ResponseResult {
        if !caller.permissions.admin_users {
            bail_t!(Unauthenticated, "must have admin_users permission");
        }
        let r = extract_json_body(&mut req).await?;
        let mut r: json::PutUsers =
            serde_json::from_slice(&r).map_err(|e| bad_req(e.to_string()))?;
        require_csrf_if_session(&caller, r.csrf)?;
        let username = r
            .user
            .username
            .take()
            .ok_or_else(|| format_err_t!(InvalidArgument, "username must be specified"))?;
        let mut change = db::UserChange::add_user(username.to_owned());
        if let Some(Some(pwd)) = r.user.password.take() {
            change.set_password(pwd.to_owned());
        }
        if let Some(preferences) = r.user.preferences.take() {
            change.config.preferences = preferences;
        }
        if let Some(permissions) = r.user.permissions.take() {
            change.permissions = permissions.into();
        }
        if r.user != Default::default() {
            bail_t!(Unimplemented, "unsupported user fields: {:#?}", r);
        }
        let mut l = self.db.lock();
        let user = l.apply_user_change(change)?;
        serve_json(&req, &PutUsersResponse { id: user.id })
    }

    pub(super) async fn user(
        &self,
        req: Request<hyper::Body>,
        caller: Caller,
        id: i32,
    ) -> ResponseResult {
        match *req.method() {
            Method::GET | Method::HEAD => self.get_user(req, caller, id).await,
            Method::DELETE => self.delete_user(req, caller, id).await,
            Method::POST => self.post_user(req, caller, id).await,
            _ => Err(plain_response(
                StatusCode::METHOD_NOT_ALLOWED,
                "GET, HEAD, DELETE, or POST expected",
            )
            .into()),
        }
    }

    async fn get_user(&self, req: Request<hyper::Body>, caller: Caller, id: i32) -> ResponseResult {
        require_same_or_admin(&caller, id)?;
        let db = self.db.lock();
        let user = db
            .users_by_id()
            .get(&id)
            .ok_or_else(|| format_err_t!(NotFound, "can't find requested user"))?;
        let out = UserSubset {
            username: Some(&user.username),
            preferences: Some(user.config.preferences.clone()),
            password: Some(if user.has_password() {
                Some("(censored)")
            } else {
                None
            }),
            permissions: Some(user.permissions.clone().into()),
        };
        serve_json(&req, &out)
    }

    async fn delete_user(
        &self,
        mut req: Request<hyper::Body>,
        caller: Caller,
        id: i32,
    ) -> ResponseResult {
        if !caller.permissions.admin_users {
            bail_t!(Unauthenticated, "must have admin_users permission");
        }
        let r = extract_json_body(&mut req).await?;
        let r: json::DeleteUser = serde_json::from_slice(&r).map_err(|e| bad_req(e.to_string()))?;
        require_csrf_if_session(&caller, r.csrf)?;
        let mut l = self.db.lock();
        l.delete_user(id)?;
        Ok(plain_response(StatusCode::NO_CONTENT, &b""[..]))
    }

    async fn post_user(
        &self,
        mut req: Request<hyper::Body>,
        caller: Caller,
        id: i32,
    ) -> ResponseResult {
        require_same_or_admin(&caller, id)?;
        let r = extract_json_body(&mut req).await?;
        let r: json::PostUser = serde_json::from_slice(&r).map_err(|e| bad_req(e.to_string()))?;
        let mut db = self.db.lock();
        let user = db
            .get_user_by_id_mut(id)
            .ok_or_else(|| format_err_t!(NotFound, "can't find requested user"))?;
        if r.update.as_ref().and_then(|u| u.password).is_some()
            && r.precondition.as_ref().and_then(|p| p.password).is_none()
            && !caller.permissions.admin_users
        {
            bail_t!(
                Unauthenticated,
                "to change password, must supply previous password or have admin_users permission"
            );
        }
        require_csrf_if_session(&caller, r.csrf)?;
        if let Some(mut precondition) = r.precondition {
            if matches!(precondition.username.take(), Some(n) if n != user.username) {
                bail_t!(FailedPrecondition, "username mismatch");
            }
            if matches!(precondition.preferences.take(), Some(ref p) if p != &user.config.preferences)
            {
                bail_t!(FailedPrecondition, "preferences mismatch");
            }
            if let Some(p) = precondition.password.take() {
                if !user.check_password(p)? {
                    bail_t!(FailedPrecondition, "password mismatch"); // or Unauthenticated?
                }
            }
            if let Some(p) = precondition.permissions.take() {
                if user.permissions != db::Permissions::from(p) {
                    bail_t!(FailedPrecondition, "permissions mismatch");
                }
            }

            // Safety valve in case something is added to UserSubset and forgotten here.
            if precondition != Default::default() {
                bail_t!(
                    Unimplemented,
                    "preconditions not supported: {:#?}",
                    &precondition
                );
            }
        }
        if let Some(mut update) = r.update {
            let mut change = user.change();

            // First, set up updates which non-admins are allowed to perform on themselves.
            if let Some(preferences) = update.preferences.take() {
                change.config.preferences = preferences;
            }
            match update.password.take() {
                None => {}
                Some(None) => change.clear_password(),
                Some(Some(p)) => change.set_password(p.to_owned()),
            }

            // Requires admin_users if there's anything else.
            if update != Default::default() && !caller.permissions.admin_users {
                bail_t!(Unauthenticated, "must have admin_users permission");
            }
            if let Some(n) = update.username.take() {
                change.username = n.to_string();
            }
            if let Some(permissions) = update.permissions.take() {
                change.permissions = permissions.into();
            }

            // Safety valve in case something is added to UserSubset and forgotten here.
            if update != Default::default() {
                bail_t!(Unimplemented, "updates not supported: {:#?}", &update);
            }

            // Then apply all together.
            db.apply_user_change(change)?;
        }
        Ok(plain_response(StatusCode::NO_CONTENT, &b""[..]))
    }
}

fn require_same_or_admin(caller: &Caller, id: i32) -> Result<(), base::Error> {
    if caller.user.as_ref().map(|u| u.id) != Some(id) && !caller.permissions.admin_users {
        bail_t!(
            Unauthenticated,
            "must be authenticated as supplied user or have admin_users permission"
        );
    }
    Ok(())
}
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`// This file is part of Moonfire NVR, a security camera network video recorder.`
			`// Copyright (C) 2022 The Moonfire NVR Authors; see AUTHORS and LICENSE.txt.`
			`// SPDX-License-Identifier: GPL-v3.0-or-later WITH GPL-3.0-linking-exception.`

			//! User management: `/api/users/*`.

			`use base::{bail_t, format_err_t};`
			`use http::{Method, Request, StatusCode};`

tweaks to api and docs In particular, the docs now talk about the CSRF protection. This is increasing relevant as we start having more mutation endpoints. And make the signals api expect a csrf for session auth to match the newer users api. 2023-01-05 12:11:28 -06:00			`use crate::json::{self, PutUsersResponse, UserSubset, UserSummary};`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00
			`use super::{`
tweaks to api and docs In particular, the docs now talk about the CSRF protection. This is increasing relevant as we start having more mutation endpoints. And make the signals api expect a csrf for session auth to match the newer users api. 2023-01-05 12:11:28 -06:00			`bad_req, extract_json_body, plain_response, require_csrf_if_session, serve_json, Caller,`
			`ResponseResult, Service,`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`};`

			`impl Service {`
			`pub(super) async fn users(&self, req: Request<hyper::Body>, caller: Caller) -> ResponseResult {`
more user admin actions 2022-12-24 15:21:06 -05:00			`match *req.method() {`
			`Method::GET \| Method::HEAD => self.get_users(req, caller).await,`
			`Method::PUT => self.put_users(req, caller).await,`
make PUT requests actually work 2022-12-24 15:34:27 -05:00			`_ => Err(`
			`plain_response(StatusCode::METHOD_NOT_ALLOWED, "GET, HEAD, or PUT expected").into(),`
			`),`
more user admin actions 2022-12-24 15:21:06 -05:00			`}`
			`}`

			`async fn get_users(&self, req: Request<hyper::Body>, caller: Caller) -> ResponseResult {`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`if !caller.permissions.admin_users {`
			`bail_t!(Unauthenticated, "must have admin_users permission");`
			`}`
			`let users = self`
			`.db`
			`.lock()`
			`.users_by_id()`
			`.iter()`
tweaks to api and docs In particular, the docs now talk about the CSRF protection. This is increasing relevant as we start having more mutation endpoints. And make the signals api expect a csrf for session auth to match the newer users api. 2023-01-05 12:11:28 -06:00			`.map(\|(&id, user)\| UserSummary {`
			`id,`
			`username: user.username.clone(),`
			`})`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`.collect();`
more user admin actions 2022-12-24 15:21:06 -05:00			`serve_json(&req, &json::GetUsersResponse { users })`
			`}`

			`async fn put_users(&self, mut req: Request<hyper::Body>, caller: Caller) -> ResponseResult {`
			`if !caller.permissions.admin_users {`
			`bail_t!(Unauthenticated, "must have admin_users permission");`
			`}`
			`let r = extract_json_body(&mut req).await?;`
tweaks to api and docs In particular, the docs now talk about the CSRF protection. This is increasing relevant as we start having more mutation endpoints. And make the signals api expect a csrf for session auth to match the newer users api. 2023-01-05 12:11:28 -06:00			`let mut r: json::PutUsers =`
support username properly in POST /api/users/:id I mistakenly left this out. Also, fix the behavior if something is forgotten. Before, it'd silently ignore it. Now, it correctly returns Unimplemented, in both POST /api/users/:id and PUT /api/users. 2022-12-25 22:50:05 -05:00			`serde_json::from_slice(&r).map_err(\|e\| bad_req(e.to_string()))?;`
tweaks to api and docs In particular, the docs now talk about the CSRF protection. This is increasing relevant as we start having more mutation endpoints. And make the signals api expect a csrf for session auth to match the newer users api. 2023-01-05 12:11:28 -06:00			`require_csrf_if_session(&caller, r.csrf)?;`
more user admin actions 2022-12-24 15:21:06 -05:00			`let username = r`
tweaks to api and docs In particular, the docs now talk about the CSRF protection. This is increasing relevant as we start having more mutation endpoints. And make the signals api expect a csrf for session auth to match the newer users api. 2023-01-05 12:11:28 -06:00			`.user`
more user admin actions 2022-12-24 15:21:06 -05:00			`.username`
support username properly in POST /api/users/:id I mistakenly left this out. Also, fix the behavior if something is forgotten. Before, it'd silently ignore it. Now, it correctly returns Unimplemented, in both POST /api/users/:id and PUT /api/users. 2022-12-25 22:50:05 -05:00			`.take()`
more user admin actions 2022-12-24 15:21:06 -05:00			`.ok_or_else(\|\| format_err_t!(InvalidArgument, "username must be specified"))?;`
			`let mut change = db::UserChange::add_user(username.to_owned());`
tweaks to api and docs In particular, the docs now talk about the CSRF protection. This is increasing relevant as we start having more mutation endpoints. And make the signals api expect a csrf for session auth to match the newer users api. 2023-01-05 12:11:28 -06:00			`if let Some(Some(pwd)) = r.user.password.take() {`
more user admin actions 2022-12-24 15:21:06 -05:00			`change.set_password(pwd.to_owned());`
			`}`
tweaks to api and docs In particular, the docs now talk about the CSRF protection. This is increasing relevant as we start having more mutation endpoints. And make the signals api expect a csrf for session auth to match the newer users api. 2023-01-05 12:11:28 -06:00			`if let Some(preferences) = r.user.preferences.take() {`
more user admin actions 2022-12-24 15:21:06 -05:00			`change.config.preferences = preferences;`
			`}`
tweaks to api and docs In particular, the docs now talk about the CSRF protection. This is increasing relevant as we start having more mutation endpoints. And make the signals api expect a csrf for session auth to match the newer users api. 2023-01-05 12:11:28 -06:00			`if let Some(permissions) = r.user.permissions.take() {`
more user admin actions 2022-12-24 15:21:06 -05:00			`change.permissions = permissions.into();`
			`}`
tweaks to api and docs In particular, the docs now talk about the CSRF protection. This is increasing relevant as we start having more mutation endpoints. And make the signals api expect a csrf for session auth to match the newer users api. 2023-01-05 12:11:28 -06:00			`if r.user != Default::default() {`
support username properly in POST /api/users/:id I mistakenly left this out. Also, fix the behavior if something is forgotten. Before, it'd silently ignore it. Now, it correctly returns Unimplemented, in both POST /api/users/:id and PUT /api/users. 2022-12-25 22:50:05 -05:00			`bail_t!(Unimplemented, "unsupported user fields: {:#?}", r);`
			`}`
more user admin actions 2022-12-24 15:21:06 -05:00			`let mut l = self.db.lock();`
			`let user = l.apply_user_change(change)?;`
			`serve_json(&req, &PutUsersResponse { id: user.id })`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`}`

			`pub(super) async fn user(`
			`&self,`
			`req: Request<hyper::Body>,`
			`caller: Caller,`
			`id: i32,`
			`) -> ResponseResult {`
			`match *req.method() {`
more user admin actions 2022-12-24 15:21:06 -05:00			`Method::GET \| Method::HEAD => self.get_user(req, caller, id).await,`
tweaks to api and docs In particular, the docs now talk about the CSRF protection. This is increasing relevant as we start having more mutation endpoints. And make the signals api expect a csrf for session auth to match the newer users api. 2023-01-05 12:11:28 -06:00			`Method::DELETE => self.delete_user(req, caller, id).await,`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`Method::POST => self.post_user(req, caller, id).await,`
make PUT requests actually work 2022-12-24 15:34:27 -05:00			`_ => Err(plain_response(`
			`StatusCode::METHOD_NOT_ALLOWED,`
			`"GET, HEAD, DELETE, or POST expected",`
			`)`
			`.into()),`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`}`
			`}`

more user admin actions 2022-12-24 15:21:06 -05:00			`async fn get_user(&self, req: Request<hyper::Body>, caller: Caller, id: i32) -> ResponseResult {`
			`require_same_or_admin(&caller, id)?;`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`let db = self.db.lock();`
			`let user = db`
			`.users_by_id()`
			`.get(&id)`
			`.ok_or_else(\|\| format_err_t!(NotFound, "can't find requested user"))?;`
			`let out = UserSubset {`
more user admin actions 2022-12-24 15:21:06 -05:00			`username: Some(&user.username),`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`preferences: Some(user.config.preferences.clone()),`
			`password: Some(if user.has_password() {`
			`Some("(censored)")`
			`} else {`
			`None`
			`}),`
make `GET /api/` return current permissions This is useful for e.g. deciding whether or not to present the user admin UI in navigation. As part of this change, I adjusted the casing in Permissions, and then all the toml stuff for consistency. Noted in changelog. 2022-12-31 12:08:26 -05:00			`permissions: Some(user.permissions.clone().into()),`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`};`
			`serve_json(&req, &out)`
			`}`

tweaks to api and docs In particular, the docs now talk about the CSRF protection. This is increasing relevant as we start having more mutation endpoints. And make the signals api expect a csrf for session auth to match the newer users api. 2023-01-05 12:11:28 -06:00			`async fn delete_user(`
			`&self,`
			`mut req: Request<hyper::Body>,`
			`caller: Caller,`
			`id: i32,`
			`) -> ResponseResult {`
more user admin actions 2022-12-24 15:21:06 -05:00			`if !caller.permissions.admin_users {`
			`bail_t!(Unauthenticated, "must have admin_users permission");`
			`}`
tweaks to api and docs In particular, the docs now talk about the CSRF protection. This is increasing relevant as we start having more mutation endpoints. And make the signals api expect a csrf for session auth to match the newer users api. 2023-01-05 12:11:28 -06:00			`let r = extract_json_body(&mut req).await?;`
			`let r: json::DeleteUser = serde_json::from_slice(&r).map_err(\|e\| bad_req(e.to_string()))?;`
			`require_csrf_if_session(&caller, r.csrf)?;`
more user admin actions 2022-12-24 15:21:06 -05:00			`let mut l = self.db.lock();`
			`l.delete_user(id)?;`
			`Ok(plain_response(StatusCode::NO_CONTENT, &b""[..]))`
			`}`

add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`async fn post_user(`
			`&self,`
			`mut req: Request<hyper::Body>,`
			`caller: Caller,`
			`id: i32,`
			`) -> ResponseResult {`
more user admin actions 2022-12-24 15:21:06 -05:00			`require_same_or_admin(&caller, id)?;`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`let r = extract_json_body(&mut req).await?;`
			`let r: json::PostUser = serde_json::from_slice(&r).map_err(\|e\| bad_req(e.to_string()))?;`
			`let mut db = self.db.lock();`
			`let user = db`
			`.get_user_by_id_mut(id)`
			`.ok_or_else(\|\| format_err_t!(NotFound, "can't find requested user"))?;`
correct and more robust update privilege check 2022-12-26 00:38:48 -05:00			`if r.update.as_ref().and_then(\|u\| u.password).is_some()`
			`&& r.precondition.as_ref().and_then(\|p\| p.password).is_none()`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`&& !caller.permissions.admin_users`
			`{`
			`bail_t!(`
			`Unauthenticated,`
			`"to change password, must supply previous password or have admin_users permission"`
			`);`
			`}`
tweaks to api and docs In particular, the docs now talk about the CSRF protection. This is increasing relevant as we start having more mutation endpoints. And make the signals api expect a csrf for session auth to match the newer users api. 2023-01-05 12:11:28 -06:00			`require_csrf_if_session(&caller, r.csrf)?;`
support username properly in POST /api/users/:id I mistakenly left this out. Also, fix the behavior if something is forgotten. Before, it'd silently ignore it. Now, it correctly returns Unimplemented, in both POST /api/users/:id and PUT /api/users. 2022-12-25 22:50:05 -05:00			`if let Some(mut precondition) = r.precondition {`
make `GET /api/` return current permissions This is useful for e.g. deciding whether or not to present the user admin UI in navigation. As part of this change, I adjusted the casing in Permissions, and then all the toml stuff for consistency. Noted in changelog. 2022-12-31 12:08:26 -05:00			`if matches!(precondition.username.take(), Some(n) if n != user.username) {`
support username properly in POST /api/users/:id I mistakenly left this out. Also, fix the behavior if something is forgotten. Before, it'd silently ignore it. Now, it correctly returns Unimplemented, in both POST /api/users/:id and PUT /api/users. 2022-12-25 22:50:05 -05:00			`bail_t!(FailedPrecondition, "username mismatch");`
			`}`
			`if matches!(precondition.preferences.take(), Some(ref p) if p != &user.config.preferences)`
			`{`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`bail_t!(FailedPrecondition, "preferences mismatch");`
			`}`
support username properly in POST /api/users/:id I mistakenly left this out. Also, fix the behavior if something is forgotten. Before, it'd silently ignore it. Now, it correctly returns Unimplemented, in both POST /api/users/:id and PUT /api/users. 2022-12-25 22:50:05 -05:00			`if let Some(p) = precondition.password.take() {`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`if !user.check_password(p)? {`
			`bail_t!(FailedPrecondition, "password mismatch"); // or Unauthenticated?`
			`}`
			`}`
support username properly in POST /api/users/:id I mistakenly left this out. Also, fix the behavior if something is forgotten. Before, it'd silently ignore it. Now, it correctly returns Unimplemented, in both POST /api/users/:id and PUT /api/users. 2022-12-25 22:50:05 -05:00			`if let Some(p) = precondition.permissions.take() {`
make `GET /api/` return current permissions This is useful for e.g. deciding whether or not to present the user admin UI in navigation. As part of this change, I adjusted the casing in Permissions, and then all the toml stuff for consistency. Noted in changelog. 2022-12-31 12:08:26 -05:00			`if user.permissions != db::Permissions::from(p) {`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`bail_t!(FailedPrecondition, "permissions mismatch");`
			`}`
			`}`
support username properly in POST /api/users/:id I mistakenly left this out. Also, fix the behavior if something is forgotten. Before, it'd silently ignore it. Now, it correctly returns Unimplemented, in both POST /api/users/:id and PUT /api/users. 2022-12-25 22:50:05 -05:00
			`// Safety valve in case something is added to UserSubset and forgotten here.`
			`if precondition != Default::default() {`
			`bail_t!(`
			`Unimplemented,`
			`"preconditions not supported: {:#?}",`
			`&precondition`
			`);`
			`}`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`}`
support username properly in POST /api/users/:id I mistakenly left this out. Also, fix the behavior if something is forgotten. Before, it'd silently ignore it. Now, it correctly returns Unimplemented, in both POST /api/users/:id and PUT /api/users. 2022-12-25 22:50:05 -05:00			`if let Some(mut update) = r.update {`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`let mut change = user.change();`
correct and more robust update privilege check 2022-12-26 00:38:48 -05:00
			`// First, set up updates which non-admins are allowed to perform on themselves.`
support username properly in POST /api/users/:id I mistakenly left this out. Also, fix the behavior if something is forgotten. Before, it'd silently ignore it. Now, it correctly returns Unimplemented, in both POST /api/users/:id and PUT /api/users. 2022-12-25 22:50:05 -05:00			`if let Some(preferences) = update.preferences.take() {`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`change.config.preferences = preferences;`
			`}`
support username properly in POST /api/users/:id I mistakenly left this out. Also, fix the behavior if something is forgotten. Before, it'd silently ignore it. Now, it correctly returns Unimplemented, in both POST /api/users/:id and PUT /api/users. 2022-12-25 22:50:05 -05:00			`match update.password.take() {`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`None => {}`
			`Some(None) => change.clear_password(),`
			`Some(Some(p)) => change.set_password(p.to_owned()),`
			`}`
correct and more robust update privilege check 2022-12-26 00:38:48 -05:00
			`// Requires admin_users if there's anything else.`
			`if update != Default::default() && !caller.permissions.admin_users {`
			`bail_t!(Unauthenticated, "must have admin_users permission");`
			`}`
			`if let Some(n) = update.username.take() {`
			`change.username = n.to_string();`
			`}`
support username properly in POST /api/users/:id I mistakenly left this out. Also, fix the behavior if something is forgotten. Before, it'd silently ignore it. Now, it correctly returns Unimplemented, in both POST /api/users/:id and PUT /api/users. 2022-12-25 22:50:05 -05:00			`if let Some(permissions) = update.permissions.take() {`
make `GET /api/` return current permissions This is useful for e.g. deciding whether or not to present the user admin UI in navigation. As part of this change, I adjusted the casing in Permissions, and then all the toml stuff for consistency. Noted in changelog. 2022-12-31 12:08:26 -05:00			`change.permissions = permissions.into();`
support username properly in POST /api/users/:id I mistakenly left this out. Also, fix the behavior if something is forgotten. Before, it'd silently ignore it. Now, it correctly returns Unimplemented, in both POST /api/users/:id and PUT /api/users. 2022-12-25 22:50:05 -05:00			`}`

			`// Safety valve in case something is added to UserSubset and forgotten here.`
			`if update != Default::default() {`
			`bail_t!(Unimplemented, "updates not supported: {:#?}", &update);`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`}`
correct and more robust update privilege check 2022-12-26 00:38:48 -05:00
			`// Then apply all together.`
more user admin actions 2022-12-24 15:21:06 -05:00			`db.apply_user_change(change)?;`
add GET /users/ endpoint 2022-12-24 13:09:05 -05:00			`}`
			`Ok(plain_response(StatusCode::NO_CONTENT, &b""[..]))`
			`}`
			`}`
more user admin actions 2022-12-24 15:21:06 -05:00
			`fn require_same_or_admin(caller: &Caller, id: i32) -> Result<(), base::Error> {`
			`if caller.user.as_ref().map(\|u\| u.id) != Some(id) && !caller.permissions.admin_users {`
			`bail_t!(`
			`Unauthenticated,`
			`"must be authenticated as supplied user or have admin_users permission"`
			`);`
			`}`
			`Ok(())`
			`}`