diff --git a/casbin/policy.csv b/casbin/policy.csv index 9cf66a8b..c30a1609 100644 --- a/casbin/policy.csv +++ b/casbin/policy.csv @@ -4,4 +4,5 @@ p, true, GetSettings p, true, GetSettingsSecret p, true, AddTag p, true, DeleteTag -p, true, DeleteTorrent \ No newline at end of file +p, true, DeleteTorrent +p, true, BanUser \ No newline at end of file diff --git a/src/app.rs b/src/app.rs index fd0b373f..bcac905e 100644 --- a/src/app.rs +++ b/src/app.rs @@ -126,9 +126,9 @@ pub async fn run(configuration: Configuration, api_version: &Version) -> Running user_authentication_repository.clone(), )); let ban_service = Arc::new(user::BanService::new( - user_repository.clone(), user_profile_repository.clone(), banned_user_list.clone(), + authorization_service.clone(), )); let authentication_service = Arc::new(Service::new( configuration.clone(), diff --git a/src/services/user.rs b/src/services/user.rs index 6d0e4c4e..3ee39d74 100644 --- a/src/services/user.rs +++ b/src/services/user.rs @@ -11,6 +11,7 @@ use pbkdf2::password_hash::rand_core::OsRng; use tracing::{debug, info}; use super::authentication::DbUserAuthenticationRepository; +use super::authorization::{self, ACTION}; use crate::config::{Configuration, EmailOnSignup, PasswordConstraints}; use crate::databases::database::{Database, Error}; use crate::errors::ServiceError; @@ -237,22 +238,22 @@ impl ProfileService { } pub struct BanService { - user_repository: Arc>, user_profile_repository: Arc, banned_user_list: Arc, + authorization_service: Arc, } impl BanService { #[must_use] pub fn new( - user_repository: Arc>, user_profile_repository: Arc, banned_user_list: Arc, + authorization_service: Arc, ) -> Self { Self { - user_repository, user_profile_repository, banned_user_list, + authorization_service, } } @@ -268,12 +269,7 @@ impl BanService { pub async fn ban_user(&self, username_to_be_banned: &str, user_id: &UserId) -> Result<(), ServiceError> { debug!("user with ID {user_id} banning username: {username_to_be_banned}"); - let user = self.user_repository.get_compact(user_id).await?; - - // Check if user is administrator - if !user.administrator { - return Err(ServiceError::Unauthorized); - } + self.authorization_service.authorize(ACTION::BanUser, Some(*user_id)).await?; let user_profile = self .user_profile_repository