crates/rocie-server/src/api/get/auth/user.rs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

// rocie - An enterprise grocery management system
//
// Copyright (C) 2026 Benedikt Peetz <benedikt.peetz@b-peetz.de>
// SPDX-License-Identifier: GPL-3.0-or-later
//
// This file is part of Rocie.
//
// You should have received a copy of the License along with this program.
// If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>.

use actix_identity::Identity;
use actix_web::{HttpResponse, Responder, Result, get, web};

use crate::{
    app::App,
    storage::sql::user::{User, UserId, UserIdStub},
};

/// Get all registered users.
#[utoipa::path(
    responses(
        (
            status = OK,
            description = "Users found in database and fetched",
            body = Vec<User>,
        ),
        (
            status = UNAUTHORIZED,
            description = "You did not login before calling this endpoint",
        ),
        (
            status = INTERNAL_SERVER_ERROR,
            description = "Server encountered error",
            body = String
        )
    ),
)]
#[get("/users")]
async fn users(app: web::Data<App>, _user: Identity) -> Result<impl Responder> {
    let output = User::get_all(&app).await?;

    Ok(HttpResponse::Ok().json(output))
}

/// Get an specific user by id.
#[utoipa::path(
    responses(
        (
            status = OK,
            description = "User found in database and fetched",
            body = User,
        ),
        (
            status = NOT_FOUND,
            description = "User not found in database"
        ),
        (
            status = UNAUTHORIZED,
            description = "You did not login before calling this endpoint",
        ),
        (
            status = FORBIDDEN,
            description = "The current logged in user is not allowed to access this end-point."
        ),
        (
            status = INTERNAL_SERVER_ERROR,
            description = "Server encountered error",
            body = String
        )
    ),
    params(
        (
            "id" = UserId,
            description = "User id"
        ),
    )
)]
#[get("/user/{id}")]
async fn user_by_id(
    id: web::Path<UserIdStub>,
    app: web::Data<App>,
    user: Identity,
) -> Result<impl Responder> {
    let id: UserId = id.into_inner().into();

    if user.id().expect("to have one") != id.to_string() {
        return Ok(HttpResponse::Forbidden()
            .body("You must be logged-in as the same user, you request the info for."));
    }

    match User::from_id(&app, id).await? {
        Some(user) => Ok(HttpResponse::Ok().json(user)),
        None => Ok(HttpResponse::NotFound().finish()),
    }
}