add: profile moderation ui

add: pagination ui
2025-04-01 16:12:13 -04:00 · 2025-04-01 16:12:13 -04:00 · 9a9b72bdbb
commit 9a9b72bdbb
parent d0c1fbcf9a
14 changed files with 417 additions and 38 deletions
--- a/crates/app/src/routes/api/v1/auth/profile.rs
+++ b/crates/app/src/routes/api/v1/auth/profile.rs
@ -1,7 +1,7 @@
 use crate::{
    State, get_user_from_token,
    model::{ApiReturn, Error},
-    routes::api::v1::{UpdateUserIsVerified, UpdateUserPassword, UpdateUserUsername},
+    routes::api::v1::{DeleteUser, UpdateUserIsVerified, UpdateUserPassword, UpdateUserUsername},
 };
 use axum::{
    Extension, Json,
@ -32,7 +32,7 @@ pub async fn redirect_from_id(
 }

 /// Update the settings of the given user.
-pub async fn update_profile_settings_request(
+pub async fn update_user_settings_request(
    jar: CookieJar,
    Path(id): Path<usize>,
    Extension(data): Extension<State>,
@ -59,7 +59,7 @@ pub async fn update_profile_settings_request(
 }

 /// Update the password of the given user.
-pub async fn update_profile_password_request(
+pub async fn update_user_password_request(
    jar: CookieJar,
    Path(id): Path<usize>,
    Extension(data): Extension<State>,
@ -88,7 +88,7 @@ pub async fn update_profile_password_request(
    }
 }

-pub async fn update_profile_username_request(
+pub async fn update_user_username_request(
    jar: CookieJar,
    Path(id): Path<usize>,
    Extension(data): Extension<State>,
@ -119,7 +119,7 @@ pub async fn update_profile_username_request(
 }

 /// Update the tokens of the given user.
-pub async fn update_profile_tokens_request(
+pub async fn update_user_tokens_request(
    jar: CookieJar,
    Path(id): Path<usize>,
    Extension(data): Extension<State>,
@ -146,7 +146,7 @@ pub async fn update_profile_tokens_request(
 }

 /// Update the verification status of the given user.
-pub async fn update_profile_is_verified_request(
+pub async fn update_user_is_verified_request(
    jar: CookieJar,
    Path(id): Path<usize>,
    Extension(data): Extension<State>,
@ -170,3 +170,33 @@ pub async fn update_profile_is_verified_request(
        Err(e) => Json(e.into()),
    }
 }
+
+/// Delete the given user.
+pub async fn delete_user_request(
+    jar: CookieJar,
+    Path(id): Path<usize>,
+    Extension(data): Extension<State>,
+    Json(req): Json<DeleteUser>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let user = match get_user_from_token!(jar, data) {
+        Some(ua) => ua,
+        None => return Json(Error::NotAllowed.into()),
+    };
+
+    if user.id != id && !user.permissions.check(FinePermission::MANAGE_USERS) {
+        return Json(Error::NotAllowed.into());
+    }
+
+    match data
+        .delete_user(id, &req.password, user.permissions.check_manager())
+        .await
+    {
+        Ok(_) => Json(ApiReturn {
+            ok: true,
+            message: "User deleted".to_string(),
+            payload: (),
+        }),
+        Err(e) => Json(e.into()),
+    }
+}
--- a/crates/app/src/routes/api/v1/mod.rs
+++ b/crates/app/src/routes/api/v1/mod.rs
@ -119,23 +119,27 @@ pub fn routes() -> Router {
        )
        .route(
            "/auth/profile/{id}/settings",
-            post(auth::profile::update_profile_settings_request),
+            post(auth::profile::update_user_settings_request),
+        )
+        .route(
+            "/auth/profile/{id}",
+            delete(auth::profile::delete_user_request),
        )
        .route(
            "/auth/profile/{id}/password",
-            post(auth::profile::update_profile_password_request),
+            post(auth::profile::update_user_password_request),
        )
        .route(
            "/auth/profile/{id}/username",
-            post(auth::profile::update_profile_username_request),
+            post(auth::profile::update_user_username_request),
        )
        .route(
            "/auth/profile/{id}/tokens",
-            post(auth::profile::update_profile_tokens_request),
+            post(auth::profile::update_user_tokens_request),
        )
        .route(
            "/auth/profile/{id}/verified",
-            post(auth::profile::update_profile_is_verified_request),
+            post(auth::profile::update_user_is_verified_request),
        )
        .route(
            "/auth/profile/find/{id}",
@ -256,3 +260,8 @@ pub struct UpdateNotificationRead {
 pub struct UpdateMembershipRole {
    pub role: CommunityPermission,
 }
+
+#[derive(Deserialize)]
+pub struct DeleteUser {
+    pub password: String,
+}
--- a/crates/app/src/routes/pages/communities.rs
+++ b/crates/app/src/routes/pages/communities.rs
@ -12,6 +12,7 @@ use tetratto_core::model::{
    auth::User,
    communities::{Community, CommunityReadAccess},
    communities_permissions::CommunityPermission,
+    permissions::FinePermission,
 };

 macro_rules! check_permissions {
@ -194,6 +195,7 @@ pub async fn feed_request(
        community_context_bools!(data, user, community);

    context.insert("feed", &feed);
+    context.insert("page", &props.page);
    community_context(
        &mut context,
        &community,
@ -232,9 +234,11 @@ pub async fn settings_request(
    };

    if user.id != community.owner {
-        return Err(Html(
-            render_error(Error::NotAllowed, &jar, &data, &None).await,
-        ));
+        if !user.permissions.check(FinePermission::MANAGE_COMMUNITIES) {
+            return Err(Html(
+                render_error(Error::NotAllowed, &jar, &data, &None).await,
+            ));
+        }
    }

    // init context
@ -298,6 +302,7 @@ pub async fn post_request(

    context.insert("post", &post);
    context.insert("replies", &feed);
+    context.insert("page", &props.page);
    context.insert(
        "owner",
        &data
--- a/crates/app/src/routes/pages/profile.rs
+++ b/crates/app/src/routes/pages/profile.rs
@ -6,13 +6,23 @@ use axum::{
    response::{Html, IntoResponse},
 };
 use axum_extra::extract::CookieJar;
+use serde::Deserialize;
 use tera::Context;
-use tetratto_core::model::{Error, auth::User, communities::Community};
+use tetratto_core::model::{
+    Error, auth::User, communities::Community, permissions::FinePermission,
+};
+
+#[derive(Deserialize)]
+pub struct SettingsProps {
+    #[serde(default)]
+    pub username: String,
+}

 /// `/settings`
 pub async fn settings_request(
    jar: CookieJar,
    Extension(data): Extension<State>,
+    Query(req): Query<SettingsProps>,
 ) -> impl IntoResponse {
    let data = data.read().await;
    let user = match get_user_from_token!(jar, data.0) {
@ -24,12 +34,25 @@ pub async fn settings_request(
        }
    };

-    let settings = user.settings.clone();
-    let tokens = user.tokens.clone();
+    let profile = if req.username.is_empty() | !user.permissions.check(FinePermission::MANAGE_USERS)
+    {
+        user.clone()
+    } else {
+        match data.0.get_user_by_username(&req.username).await {
+            Ok(ua) => ua,
+            Err(e) => {
+                return Err(Html(render_error(e, &jar, &data, &None).await));
+            }
+        }
+    };
+
+    let settings = profile.settings.clone();
+    let tokens = profile.tokens.clone();

    let lang = get_lang!(jar, data.0);
    let mut context = initial_context(&data.0.0, lang, &Some(user)).await;

+    context.insert("profile", &profile);
    context.insert(
        "user_settings_serde",
        &serde_json::to_string(&settings)
@ -98,7 +121,7 @@ pub async fn posts_request(
    // check for private profile
    if other_user.settings.private_profile {
        if let Some(ref ua) = user {
-            if ua.id != other_user.id {
+            if (ua.id != other_user.id) && !ua.permissions.check(FinePermission::MANAGE_USERS) {
                if data
                    .0
                    .get_userfollow_by_initiator_receiver(other_user.id, ua.id)
@ -176,6 +199,7 @@ pub async fn posts_request(
    };

    context.insert("posts", &posts);
+    context.insert("page", &props.page);
    profile_context(
        &mut context,
        &other_user,