Limit 'superuser' status of current moderators (#386)

Resolves MOD-88 Co-authored-by: Geometrically <18202329+Geometrically@users.noreply.github.com>
2022-07-23 21:47:32 -04:00
parent 6614b56298
commit b864791fa6
9 changed files with 32 additions and 19 deletions
--- a/src/routes/users.rs
+++ b/src/routes/users.rs
@@ -255,7 +255,7 @@ pub async fn user_edit(
            }

            if let Some(role) = &new_user.role {
-                if !user.role.is_mod() {
+                if !user.role.is_admin() {
                    return Err(ApiError::CustomAuthentication(
                        "You do not have the permissions to edit the role of this user!"
                            .to_string(),
@@ -410,7 +410,7 @@ pub async fn user_delete(
    .await?;

    if let Some(id) = id_option {
-        if !user.role.is_mod() && user.id != id.into() {
+        if !user.role.is_admin() && user.id != id.into() {
            return Err(ApiError::CustomAuthentication(
                "You do not have permission to delete this user!".to_string(),
            ));
@@ -451,7 +451,7 @@ pub async fn user_follows(
    .await?;

    if let Some(id) = id_option {
-        if !user.role.is_mod() && user.id != id.into() {
+        if !user.role.is_admin() && user.id != id.into() {
            return Err(ApiError::CustomAuthentication(
                "You do not have permission to see the projects this user follows!".to_string(),
            ));
@@ -501,7 +501,7 @@ pub async fn user_notifications(
    .await?;

    if let Some(id) = id_option {
-        if !user.role.is_mod() && user.id != id.into() {
+        if !user.role.is_admin() && user.id != id.into() {
            return Err(ApiError::CustomAuthentication(
                "You do not have permission to see the notifications of this user!".to_string(),
            ));