make transactions higher level (pass them everywhere)

src/api/sessions.rs

@@ -8,6 +8,7 @@ use uuid::Uuid;
 
 use crate::{
     api::CompositeError,
+    database,
     users::{
         User,
         auth::{UserAuthRequired, UserAuthenticate},
@@ -23,10 +24,11 @@ pub async fn get_by_id(
     headers: HeaderMap,
 ) -> Result<Response, CompositeError> {
     let u = User::authenticate(&headers)?.required()?;
-    let s = Session::get_by_id(id)?;
+    let conn = database::conn()?;
+    let s = Session::get_by_id(&conn, id)?;
 
     match s.user_id == u.id
-        || u.has_permission(Permission::ListOthersSessions)
+        || u.has_permission(&conn, Permission::ListOthersSessions)
             .is_ok_and(|v| v)
     {
         true => Ok(Json(s).into_response()),
@@ -39,17 +41,18 @@ pub async fn revoke_by_id(
     headers: HeaderMap,
 ) -> Result<Response, CompositeError> {
     let u = User::authenticate(&headers)?.required()?;
-    let mut s = Session::get_by_id(id)?;
+    let conn = database::conn()?;
+    let mut s = Session::get_by_id(&conn, id)?;
 
     match s.user_id == u.id
-        || u.has_permission(Permission::RevokeOthersSessions)
+        || u.has_permission(&conn, Permission::RevokeOthersSessions)
             .is_ok_and(|v| v)
     {
         true => {
-            s.revoke(Some(&u))?;
+            s.revoke(&conn, Some(&u))?;
             Ok(Json(s).into_response())
         }
-        false => match u.has_permission(Permission::ListOthersSessions)? {
+        false => match u.has_permission(&conn, Permission::ListOthersSessions)? {
             true => Ok((StatusCode::FORBIDDEN, CANT_REVOKE).into_response()),
             false => Err(SessionError::NoSessionWithId(id))?,
         },