Commit 3bae62ec authored by Robert Czechowski's avatar Robert Czechowski
Browse files

Admin pages: Make admin check independent of the session id

parent ce621a4f
......@@ -1050,10 +1050,9 @@ pub fn teacher_infos<T: MedalConnection>(conn: &T, session_token: &str, teacher_
}
pub fn admin_index<T: MedalConnection>(conn: &T, session_token: &str) -> MedalValueResult {
let session = conn.get_session(&session_token).ensure_logged_in().ok_or(MedalError::NotLoggedIn)?;
if session.id != 1 {
return Err(MedalError::AccessDenied);
}
conn.get_session(&session_token)
.ensure_logged_in().ok_or(MedalError::NotLoggedIn)?
.ensure_admin().ok_or(MedalError::AccessDenied)?;
let data = json_val::Map::new();
Ok(("admin".to_string(), data))
......@@ -1068,10 +1067,9 @@ pub fn admin_search_users<T: MedalConnection>(conn: &T, session_token: &str,
Option<String>))
-> MedalValueResult
{
let session = conn.get_session(&session_token).ensure_logged_in().ok_or(MedalError::NotLoggedIn)?;
if session.id != 1 {
return Err(MedalError::AccessDenied);
}
conn.get_session(&session_token)
.ensure_logged_in().ok_or(MedalError::NotLoggedIn)?
.ensure_admin().ok_or(MedalError::AccessDenied)?;
let mut data = json_val::Map::new();
......@@ -1094,10 +1092,9 @@ pub fn admin_search_users<T: MedalConnection>(conn: &T, session_token: &str,
}
pub fn admin_show_user<T: MedalConnection>(conn: &T, user_id: i32, session_token: &str) -> MedalValueResult {
let session = conn.get_session(&session_token).ensure_logged_in().ok_or(MedalError::NotLoggedIn)?;
if session.id != 1 {
return Err(MedalError::AccessDenied);
}
let session = conn.get_session(&session_token)
.ensure_logged_in().ok_or(MedalError::NotLoggedIn)?
.ensure_admin().ok_or(MedalError::AccessDenied)?;
let mut data = json_val::Map::new();
......@@ -1135,10 +1132,9 @@ pub fn admin_delete_user<T: MedalConnection>(conn: &T, user_id: i32, session_tok
}
pub fn admin_show_group<T: MedalConnection>(conn: &T, group_id: i32, session_token: &str) -> MedalValueResult {
let session = conn.get_session(&session_token).ensure_logged_in().ok_or(MedalError::NotLoggedIn)?;
if session.id != 1 {
return Err(MedalError::AccessDenied);
}
conn.get_session(&session_token)
.ensure_logged_in().ok_or(MedalError::NotLoggedIn)?
.ensure_admin().ok_or(MedalError::AccessDenied)?;
let group = conn.get_group_complete(group_id).unwrap(); // TODO handle error
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment