tuwunel_api/client/admin/
mod.rs1mod get_nonce;
2mod is_user_locked;
3mod is_user_suspended;
4mod lock_user;
5pub(crate) mod mas;
6mod register;
7mod suspend_user;
8
9use futures::future::join3;
10use ruma::UserId;
11use tuwunel_core::{Err, Result};
12
13pub(crate) use self::{
14 get_nonce::admin_register_nonce_route, is_user_locked::is_user_locked_route,
15 is_user_suspended::is_user_suspended_route, lock_user::lock_user_route,
16 register::admin_register_route, suspend_user::suspend_user_route,
17};
18
19async fn authorize(services: &crate::State, caller: &UserId, target: &UserId) -> Result {
22 if caller == target {
23 return Err!(Request(Forbidden("You cannot suspend or lock your own account")));
24 }
25
26 if !services.globals.user_is_local(target) {
27 return Err!(Request(InvalidParam("User is not local to this server")));
28 }
29
30 let (caller_admin, target_active, target_admin) = join3(
31 services.admin.user_is_admin(caller),
32 services.users.is_active(target),
33 services.admin.user_is_admin(target),
34 )
35 .await;
36
37 if !caller_admin {
38 return Err!(Request(Forbidden("Only server administrators can use this endpoint")));
39 }
40
41 if !target_active {
42 return Err!(Request(NotFound("Unknown user")));
43 }
44
45 if target_admin {
46 return Err!(Request(Forbidden(
47 "You cannot suspend or lock another server administrator"
48 )));
49 }
50
51 Ok(())
52}