add: user permissions level builder ui

2025-04-06 13:43:12 -04:00 · 2025-04-06 13:43:12 -04:00 · 31f63c90cd
commit 31f63c90cd
parent a167da017e
16 changed files with 511 additions and 371 deletions
--- a/crates/app/src/routes/pages/mod.rs
+++ b/crates/app/src/routes/pages/mod.rs
@ -30,6 +30,10 @@ pub fn routes() -> Router {
            get(mod_panel::file_report_request),
        )
        .route("/mod_panel/ip_bans", get(mod_panel::ip_bans_request))
+        .route(
+            "/mod_panel/profile/{id}",
+            get(mod_panel::manage_profile_request),
+        )
        // auth
        .route("/auth/register", get(auth::register_request))
        .route("/auth/login", get(auth::login_request))
--- a/crates/app/src/routes/pages/mod_panel.rs
+++ b/crates/app/src/routes/pages/mod_panel.rs
@ -1,9 +1,9 @@
 use super::{PaginatedQuery, render_error};
 use crate::{State, assets::initial_context, get_lang, get_user_from_token};
 use axum::{
-    Extension,
-    extract::Query,
+    extract::{Path, Query},
    response::{Html, IntoResponse},
+    Extension,
 };
 use axum_extra::extract::CookieJar;
 use serde::Deserialize;
@ -149,3 +149,38 @@ pub async fn ip_bans_request(
    // return
    Ok(Html(data.1.render("mod/ip_bans.html", &context).unwrap()))
 }
+
+/// `/mod_panel/profile/{id}`
+pub async fn manage_profile_request(
+    jar: CookieJar,
+    Extension(data): Extension<State>,
+    Path(id): Path<usize>,
+) -> impl IntoResponse {
+    let data = data.read().await;
+    let user = match get_user_from_token!(jar, data.0) {
+        Some(ua) => ua,
+        None => {
+            return Err(Html(
+                render_error(Error::NotAllowed, &jar, &data, &None).await,
+            ));
+        }
+    };
+
+    if !user.permissions.check(FinePermission::MANAGE_USERS) {
+        return Err(Html(
+            render_error(Error::NotAllowed, &jar, &data, &None).await,
+        ));
+    }
+
+    let profile = match data.0.get_user_by_id(id).await {
+        Ok(p) => p,
+        Err(e) => return Err(Html(render_error(e, &jar, &data, &Some(user)).await)),
+    };
+
+    let lang = get_lang!(jar, data.0);
+    let mut context = initial_context(&data.0.0, lang, &Some(user)).await;
+    context.insert("profile", &profile);
+
+    // return
+    Ok(Html(data.1.render("mod/profile.html", &context).unwrap()))
+}
--- a/crates/app/src/routes/pages/profile.rs
+++ b/crates/app/src/routes/pages/profile.rs
@ -8,9 +8,7 @@ use axum::{
 use axum_extra::extract::CookieJar;
 use serde::Deserialize;
 use tera::Context;
-use tetratto_core::model::{
-    Error, auth::User, communities::Community, permissions::FinePermission,
-};
+use tetratto_core::model::{Error, auth::User, communities::Community, permissions::FinePermission};

 #[derive(Deserialize)]
 pub struct SettingsProps {
@ -87,6 +85,11 @@ pub fn profile_context(
    context.insert("is_following", &is_following);
    context.insert("is_following_you", &is_following_you);
    context.insert("is_blocking", &is_blocking);
+
+    context.insert(
+        "is_supporter",
+        &profile.permissions.check(FinePermission::SUPPORTER),
+    );
 }

 /// `/@{username}`
@ -121,11 +124,14 @@ pub async fn posts_request(
    // check for private profile
    if other_user.settings.private_profile {
        if let Some(ref ua) = user {
-            if (ua.id != other_user.id) && !ua.permissions.check(FinePermission::MANAGE_USERS) && data
+            if (ua.id != other_user.id)
+                && !ua.permissions.check(FinePermission::MANAGE_USERS)
+                && data
                    .0
                    .get_userfollow_by_initiator_receiver(other_user.id, ua.id)
                    .await
-                    .is_err() {
+                    .is_err()
+            {
                return Err(Html(
                    render_error(Error::NotAllowed, &jar, &data, &user).await,
                ));
@ -243,11 +249,13 @@ pub async fn following_request(
    // check for private profile
    if other_user.settings.private_profile {
        if let Some(ref ua) = user {
-            if ua.id != other_user.id && data
+            if ua.id != other_user.id
+                && data
                    .0
                    .get_userfollow_by_initiator_receiver(other_user.id, ua.id)
                    .await
-                    .is_err() {
+                    .is_err()
+            {
                return Err(Html(
                    render_error(Error::NotAllowed, &jar, &data, &user).await,
                ));
@ -367,11 +375,13 @@ pub async fn followers_request(
    // check for private profile
    if other_user.settings.private_profile {
        if let Some(ref ua) = user {
-            if ua.id != other_user.id && data
+            if ua.id != other_user.id
+                && data
                    .0
                    .get_userfollow_by_initiator_receiver(other_user.id, ua.id)
                    .await
-                    .is_err() {
+                    .is_err()
+            {
                return Err(Html(
                    render_error(Error::NotAllowed, &jar, &data, &user).await,
                ));