feat: admin role

crates/presentation/src/extractors.rs

@@ -1,6 +1,6 @@
 use axum::{
     extract::{FromRef, FromRequestParts},
-    http::{header, header::AUTHORIZATION, request::Parts},
+    http::{StatusCode, header, header::AUTHORIZATION, request::Parts},
     response::{IntoResponse, Redirect},
 };
 use domain::{errors::DomainError, value_objects::UserId};
@@ -91,6 +91,33 @@ where
     }
 }
 
+pub struct AdminUser(pub UserId);
+
+impl<S> FromRequestParts<S> for AdminUser
+where
+    AppState: FromRef<S>,
+    S: Send + Sync,
+{
+    type Rejection = axum::response::Response;
+
+    async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
+        let app_state = AppState::from_ref(state);
+        let RequiredCookieUser(user_id) =
+            RequiredCookieUser::from_request_parts(parts, state).await?;
+        let user = app_state
+            .app_ctx
+            .user_repository
+            .find_by_id(&user_id)
+            .await
+            .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR.into_response())?
+            .ok_or_else(|| StatusCode::UNAUTHORIZED.into_response())?;
+        match user.role() {
+            domain::models::UserRole::Admin => Ok(AdminUser(user_id)),
+            _ => Err(StatusCode::FORBIDDEN.into_response()),
+        }
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;

crates/presentation/src/handlers.rs

@@ -203,6 +203,7 @@ pub mod html {
                 email: form.email,
                 username: form.username,
                 password: form.password,
+                role: domain::models::UserRole::Standard,
             },
         )
         .await
@@ -1181,6 +1182,7 @@ pub mod api {
                 email: req.email,
                 username: req.username,
                 password: req.password,
+                role: domain::models::UserRole::Standard,
             },
         )
         .await?;