Can update user membership

2023-06-22 16:03:11 +02:00
parent a66a12d2a6
commit 85b9b2ce48
4 changed files with 58 additions and 1 deletions
--- a/geneit_backend/src/controllers/families_controller.rs
+++ b/geneit_backend/src/controllers/families_controller.rs
@ -1,6 +1,7 @@
 use crate::constants::{StaticConstraints, FAMILY_INVITATION_CODE_LEN};
 use crate::controllers::HttpResult;
 use crate::extractors::family_extractor::{FamilyInPath, FamilyInPathWithAdminMembership};
+use crate::models::UserID;
 use crate::services::login_token_service::LoginToken;
 use crate::services::rate_limiter_service::RatedAction;
 use crate::services::{families_service, rate_limiter_service};
@ -133,3 +134,38 @@ pub async fn renew_invitation_code(f: FamilyInPathWithAdminMembership) -> HttpRe
 pub async fn users(f: FamilyInPath) -> HttpResult {
    Ok(HttpResponse::Ok().json(families_service::get_memberships_of_family(f.family_id()).await?))
 }
+
+#[derive(serde::Deserialize)]
+pub struct UserIdInPath {
+    user_id: UserID,
+}
+
+#[derive(serde::Deserialize)]
+pub struct UpdateMembershipBody {
+    is_admin: bool,
+}
+
+/// Update a membership
+pub async fn update_membership(
+    f: FamilyInPathWithAdminMembership,
+    path: web::Path<UserIdInPath>,
+    req: web::Json<UpdateMembershipBody>,
+) -> HttpResult {
+    // An admin can not update his own membership
+    if path.user_id == f.user_id() {
+        return Ok(HttpResponse::Conflict().body("You cannot update your own membership!"));
+    }
+
+    let mut membership = families_service::get_membership(f.family_id(), path.user_id).await?;
+    membership.is_admin = req.is_admin;
+    families_service::update_membership(&membership).await?;
+
+    log::debug!(
+        "User {:?} updated the membership of user {:?} in the family {:?}",
+        f.user_id(),
+        path.user_id,
+        f.family_id()
+    );
+
+    Ok(HttpResponse::Accepted().finish())
+}