diff --git a/src/controllers/admin/admin_account_controller.rs b/src/controllers/admin/admin_account_controller.rs index b758ecd..697cc99 100644 --- a/src/controllers/admin/admin_account_controller.rs +++ b/src/controllers/admin/admin_account_controller.rs @@ -15,6 +15,7 @@ use crate::data::http_request_handler::HttpRequestHandler; use crate::helpers::{admin_access_token_helper, admin_account_helper, admin_account_key_helper}; use crate::routes::RequestResult; use crate::utils::date_utils::time; +use crate::constants::admin::AdminRole; /// Create a new administrator account pub fn create(r: &mut HttpRequestHandler) -> RequestResult { @@ -96,8 +97,7 @@ pub fn update_general_settings(r: &mut HttpRequestHandler) -> RequestResult { let new_email = r.post_email("email")?; if admin_id != r.admin_id()? { - // TODO - unimplemented!(); + r.check_admin_has_role(AdminRole::MANAGE_ADMINS)?; } admin_account_helper::set_general_settings(NewAdminGeneralSettings { @@ -114,8 +114,7 @@ pub fn generate_reset_token(r: &mut HttpRequestHandler) -> RequestResult { let admin_id = r.post_admin_id("id")?; if admin_id != r.admin_id()? { - // TODO - unimplemented!(); + r.check_admin_has_role(AdminRole::MANAGE_ADMINS)?; } let token = admin_account_helper::create_new_reset_token(admin_id)?; diff --git a/src/controllers/admin/admin_keys_controller.rs b/src/controllers/admin/admin_keys_controller.rs index 4dc0b95..32fb864 100644 --- a/src/controllers/admin/admin_keys_controller.rs +++ b/src/controllers/admin/admin_keys_controller.rs @@ -12,6 +12,7 @@ use crate::data::webauthn_config::get_wan; use crate::helpers::{admin_access_token_helper, admin_account_helper, admin_account_key_helper, admin_key_authentication_challenges_helper, admin_key_registration_challenges_helper}; use crate::routes::RequestResult; use crate::api_data::admin::admin_keys_api::AdminKeyAPI; +use crate::constants::admin::AdminRole; impl HttpRequestHandler { pub fn post_admin_auth_key(&mut self, name_mail: &str, name_key_id: &str) -> Res { @@ -37,8 +38,7 @@ pub fn get_keys_list(r: &mut HttpRequestHandler) -> RequestResult { let admin_id = r.post_admin_id("id")?; if admin_id != r.admin_id()? { - // TODO : implement - unimplemented!(); + r.check_admin_has_role(AdminRole::MANAGE_ADMINS)?; } let keys = admin_account_key_helper::get_admin_keys(admin_id)?;