From 51ac1ea2b674517d93629f5be13ffbede2d36c99 Mon Sep 17 00:00:00 2001 From: Will Boyd Date: Sat, 8 Jun 2024 23:08:52 -0400 Subject: [PATCH] user page --- src/http/error.rs | 2 ++ src/http/user.rs | 30 +++++++++++++++++++++++++----- templates/static/styles.css.stpl | 4 ++++ templates/user.stpl | 17 +++++++++++++++++ 4 files changed, 48 insertions(+), 5 deletions(-) create mode 100644 templates/user.stpl diff --git a/src/http/error.rs b/src/http/error.rs index cf0af89..6e07a5e 100644 --- a/src/http/error.rs +++ b/src/http/error.rs @@ -10,6 +10,7 @@ use ulid::Ulid; pub enum HttpError { BadRequest { description: String }, Unauthenticated { redirect_to: Option }, + Forbidden, NotFound, InternalError { description: String }, } @@ -48,6 +49,7 @@ impl IntoResponse for HttpError { ) ); return Redirect::to(&redirect).into_response(); }, + HttpError::Forbidden => (StatusCode::FORBIDDEN, "You do not have access to this resource.".to_string()), HttpError::NotFound => (StatusCode::NOT_FOUND, "No resource exists at this URL.".to_string()), HttpError::InternalError { description } => { let correlation_id = Ulid::new(); diff --git a/src/http/user.rs b/src/http/user.rs index 2f1fe6c..ab64a1a 100644 --- a/src/http/user.rs +++ b/src/http/user.rs @@ -4,19 +4,39 @@ use crate::http::{ AppState, AuthenticatedUser }; use crate::http::error::HttpError; use crate::model::{ UserId, UserType }; use crate::persistence::RussetPersistenceLayer; +use crate::persistence::model::User; +use sailfish::TemplateOnce; +#[derive(Clone, Debug, TemplateOnce)] +#[template(path = "user.stpl")] +pub struct UserPage<'a> { + page_user: &'a User, + user: Option<&'a User>, + page_title: &'a str, + relative_root: &'a str, +} #[tracing::instrument] pub async fn user_page( - Path(user_id): Path, + Path(page_user_id): Path, State(state): State>, auth_user: AuthenticatedUser, ) -> Result, HttpError> where Persistence: RussetPersistenceLayer { // Authentication rules. Sysops can see all user pages. Members can see only // themselves. - if auth_user.user.user_type != UserType::Sysop && auth_user.user.id != user_id { - panic!("PERMISSION DENIED!!!1!!"); + if auth_user.user.user_type != UserType::Sysop && + auth_user.user.id != page_user_id { + return Err(HttpError::Forbidden); } - let user = state.domain_service.get_user(&user_id).await?; - Ok(Html(format!("User: {}
ID: {:?}
Type: {:?}", user.name, user.id, user.user_type))) + let page_user = state.domain_service.get_user(&page_user_id).await?; + let page_title = format!("User - {}", page_user.name); + Ok(Html( + UserPage{ + page_user: &page_user, + user: Some(&auth_user.user), + page_title: &page_title, + relative_root: "../", + } + .render_once()? + ) ) } diff --git a/templates/static/styles.css.stpl b/templates/static/styles.css.stpl index 82bb409..cf689c1 100644 --- a/templates/static/styles.css.stpl +++ b/templates/static/styles.css.stpl @@ -129,6 +129,10 @@ button:active { border-color: #282; border-style: inset; } +button:disabled { + background: #444; + border-color: #555; +} /* Dialog form styles */ .dialog { diff --git a/templates/user.stpl b/templates/user.stpl new file mode 100644 index 0000000..9db329e --- /dev/null +++ b/templates/user.stpl @@ -0,0 +1,17 @@ +<% include!("head.stpl"); %> +
+
+
+ + + + + + " disabled="true" /> +
+
+ +
+
+
+<% include!("foot.stpl"); %> -- 2.45.2