// rocie - An enterprise grocery management system // // Copyright (C) 2026 Benedikt Peetz // SPDX-License-Identifier: GPL-3.0-or-later // // This file is part of Rocie. // // You should have received a copy of the License along with this program. // If not, see . use actix_identity::Identity; use actix_web::{HttpResponse, Responder, Result, get, web}; use crate::{ app::App, storage::sql::user::{User, UserId, UserIdStub}, }; /// Get all registered users. #[utoipa::path( responses( ( status = OK, description = "Users found in database and fetched", body = Vec, ), ( status = UNAUTHORIZED, description = "You did not login before calling this endpoint", ), ( status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String ) ), )] #[get("/users")] async fn users(app: web::Data, _user: Identity) -> Result { let output = User::get_all(&app).await?; Ok(HttpResponse::Ok().json(output)) } /// Get an specific user by id. #[utoipa::path( responses( ( status = OK, description = "User found in database and fetched", body = User, ), ( status = NOT_FOUND, description = "User not found in database" ), ( status = UNAUTHORIZED, description = "You did not login before calling this endpoint", ), ( status = FORBIDDEN, description = "The current logged in user is not allowed to access this end-point." ), ( status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String ) ), params( ( "id" = UserId, description = "User id" ), ) )] #[get("/user/{id}")] async fn user_by_id( id: web::Path, app: web::Data, user: Identity, ) -> Result { let id: UserId = id.into_inner().into(); if user.id().expect("to have one") != id.to_string() { return Ok(HttpResponse::Forbidden() .body("You must be logged-in as the same user, you request the info for.")); } match User::from_id(&app, id).await? { Some(user) => Ok(HttpResponse::Ok().json(user)), None => Ok(HttpResponse::NotFound().finish()), } }