Add DELETE /family/{id} route

2023-06-21 18:15:20 +02:00
parent 2d7bf10fc2
commit 6bbe69d01f
3 changed files with 56 additions and 2 deletions
--- a/geneit_backend/src/extractors/family_extractor.rs
+++ b/geneit_backend/src/extractors/family_extractor.rs
@ -8,6 +8,9 @@ use serde::Deserialize;
 #[derive(Debug)]
 pub struct FamilyInPath(Membership);

+#[derive(Debug)]
+pub struct FamilyInPathWithAdminMembership(FamilyInPath);
+
 impl FamilyInPath {
    async fn load_family_from_path(t: &LoginToken, id: FamilyID) -> anyhow::Result<Self> {
        Ok(Self(families_service::get_membership(id, t.user_id).await?))
@ -26,6 +29,20 @@ impl FamilyInPath {
    }
 }

+impl FamilyInPathWithAdminMembership {
+    pub fn user_id(&self) -> UserID {
+        self.0.user_id()
+    }
+
+    pub fn family_id(&self) -> FamilyID {
+        self.0.family_id()
+    }
+
+    pub fn is_admin(&self) -> bool {
+        self.0.is_admin()
+    }
+}
+
 #[derive(Deserialize)]
 struct FamilyIdInPath {
    id: FamilyID,
@ -54,3 +71,28 @@ impl FromRequest for FamilyInPath {
        })
    }
 }
+
+impl FromRequest for FamilyInPathWithAdminMembership {
+    type Error = actix_web::Error;
+    type Future = futures_util::future::LocalBoxFuture<'static, Result<Self, Self::Error>>;
+
+    fn from_request(req: &HttpRequest, _payload: &mut Payload) -> Self::Future {
+        let req = req.clone();
+        Box::pin(async move {
+            let family = FamilyInPath::extract(&req).await?;
+
+            if !family.is_admin() {
+                log::error!(
+                    "The user {:?} attempted to perform restricted action on family {:?}!",
+                    family.user_id(),
+                    family.family_id()
+                );
+                return Err(actix_web::error::ErrorUnauthorized(
+                    "You are not an administrator of this family!",
+                ));
+            }
+
+            Ok(Self(family))
+        })
+    }
+}