jmanczak/mnemosyne
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

check tag create permission...

Browse Source 
i forgor
This commit is contained in:
Jakub Mańczak
2026-03-06 23:29:58 +01:00
parent 9931bbe306
commit 1597ee3e05
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/api/tags.rs
View File

@@ -1,7 +1,7 @@
use axum::{ use axum::{
Json, Json,
extract::Path, extract::Path,
http::HeaderMap, http::{HeaderMap, StatusCode},
response::{IntoResponse, Response}, response::{IntoResponse, Response},
}; };
use serde::Deserialize; use serde::Deserialize;
@@ -13,9 +13,12 @@ use crate::{
users::{ users::{
User, User,
auth::{UserAuthRequired, UserAuthenticate}, auth::{UserAuthRequired, UserAuthenticate},
permissions::Permission,
}, },
}; };
const CANT_MAKE_TAGS: &str = "You don't have permission to create new tags.";
pub async fn get_all(headers: HeaderMap) -> Result<Response, CompositeError> { pub async fn get_all(headers: HeaderMap) -> Result<Response, CompositeError> {
User::authenticate(&headers)?.required()?; User::authenticate(&headers)?.required()?;
Ok(Json(Tag::get_all()?).into_response()) Ok(Json(Tag::get_all()?).into_response())
@@ -45,6 +48,9 @@ pub async fn create(
headers: HeaderMap, headers: HeaderMap,
Json(form): Json<NewTag>, Json(form): Json<NewTag>,
) -> Result<Response, CompositeError> { ) -> Result<Response, CompositeError> {
User::authenticate(&headers)?.required()?; let u = User::authenticate(&headers)?.required()?;
if !u.has_permission(Permission::CreateTags)? {
return Ok((StatusCode::FORBIDDEN, CANT_MAKE_TAGS).into_response());
}
Ok(Json(Tag::create(form.name)?).into_response()) Ok(Json(Tag::create(form.name)?).into_response())
} }