add: user ban_reason

2025-07-16 20:18:39 -04:00 · 2025-07-16 20:18:39 -04:00 · d1c3643574
commit d1c3643574
parent b25bda29b8
11 changed files with 100 additions and 9 deletions
--- a/crates/app/src/routes/api/v1/auth/profile.rs
+++ b/crates/app/src/routes/api/v1/auth/profile.rs
@ -4,8 +4,9 @@ use crate::{
    model::{ApiReturn, Error},
    routes::api::v1::{
        AppendAssociations, AwardAchievement, DeleteUser, DisableTotp, RefreshGrantToken,
-        UpdateSecondaryUserRole, UpdateUserAwaitingPurchase, UpdateUserInviteCode,
-        UpdateUserIsVerified, UpdateUserPassword, UpdateUserRole, UpdateUserUsername,
+        UpdateSecondaryUserRole, UpdateUserAwaitingPurchase, UpdateUserBanReason,
+        UpdateUserInviteCode, UpdateUserIsVerified, UpdateUserPassword, UpdateUserRole,
+        UpdateUserUsername,
    },
    State,
 };
@ -424,6 +425,35 @@ pub async fn update_user_secondary_role_request(
    }
 }

+/// Update the ban reason of the given user.
+///
+/// Does not support third-party grants.
+pub async fn update_user_ban_reason_request(
+    jar: CookieJar,
+    Path(id): Path<usize>,
+    Extension(data): Extension<State>,
+    Json(req): Json<UpdateUserBanReason>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let user = match get_user_from_token!(jar, data) {
+        Some(ua) => ua,
+        None => return Json(Error::NotAllowed.into()),
+    };
+
+    if !user.permissions.check(FinePermission::MANAGE_USERS) {
+        return Json(Error::NotAllowed.into());
+    }
+
+    match data.update_user_ban_reason(id, &req.reason).await {
+        Ok(_) => Json(ApiReturn {
+            ok: true,
+            message: "User updated".to_string(),
+            payload: (),
+        }),
+        Err(e) => Json(e.into()),
+    }
+}
+
 /// Update the current user's last seen value.
 pub async fn seen_request(jar: CookieJar, Extension(data): Extension<State>) -> impl IntoResponse {
    let data = &(data.read().await).0;