support disabling/enabling users by http api

2025-11-07 12:52:58 -05:00 · 2023-01-31 06:47:25 -08:00
parent a9430464b6
commit 182f6f8a1b
3 changed files with 15 additions and 4 deletions
--- a/server/src/json.rs
+++ b/server/src/json.rs
@@ -552,6 +552,8 @@ pub struct UserSubset<'a> {
    #[serde(borrow)]
    pub username: Option<&'a str>,

+    pub disabled: Option<bool>,
+
    pub preferences: Option<db::json::UserPreferences>,

    /// An optional password value.
@@ -568,6 +570,7 @@ impl<'a> From<&'a db::User> for UserSubset<'a> {
    fn from(u: &'a db::User) -> Self {
        Self {
            username: Some(&u.username),
+            disabled: Some(u.config.disabled),
            preferences: Some(u.config.preferences.clone()),
            password: Some(u.has_password().then_some("(censored)")),
            permissions: Some(u.permissions.clone().into()),
--- a/server/src/web/users.rs
+++ b/server/src/web/users.rs
@@ -143,6 +143,9 @@ impl Service {
        }
        require_csrf_if_session(&caller, r.csrf)?;
        if let Some(mut precondition) = r.precondition {
+            if matches!(precondition.disabled.take(), Some(d) if d != user.config.disabled) {
+                bail_t!(FailedPrecondition, "disabled mismatch");
+            }
            if matches!(precondition.username.take(), Some(n) if n != user.username) {
                bail_t!(FailedPrecondition, "username mismatch");
            }
@@ -187,6 +190,9 @@ impl Service {
            if update != Default::default() && !caller.permissions.admin_users {
                bail_t!(Unauthenticated, "must have admin_users permission");
            }
+            if let Some(d) = update.disabled.take() {
+                change.config.disabled = d;
+            }
            if let Some(n) = update.username.take() {
                change.username = n.to_string();
            }