feat: admin role

2026-05-10 01:15:48 +02:00
parent be30a1d77c
commit 9be7af50d2
16 changed files with 109 additions and 341 deletions
--- a/crates/presentation/src/extractors.rs
+++ b/crates/presentation/src/extractors.rs
@@ -1,6 +1,6 @@
 use axum::{
    extract::{FromRef, FromRequestParts},
-    http::{header, header::AUTHORIZATION, request::Parts},
+    http::{StatusCode, header, header::AUTHORIZATION, request::Parts},
    response::{IntoResponse, Redirect},
 };
 use domain::{errors::DomainError, value_objects::UserId};
@@ -91,6 +91,33 @@ where
    }
 }

+pub struct AdminUser(pub UserId);
+
+impl<S> FromRequestParts<S> for AdminUser
+where
+    AppState: FromRef<S>,
+    S: Send + Sync,
+{
+    type Rejection = axum::response::Response;
+
+    async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
+        let app_state = AppState::from_ref(state);
+        let RequiredCookieUser(user_id) =
+            RequiredCookieUser::from_request_parts(parts, state).await?;
+        let user = app_state
+            .app_ctx
+            .user_repository
+            .find_by_id(&user_id)
+            .await
+            .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR.into_response())?
+            .ok_or_else(|| StatusCode::UNAUTHORIZED.into_response())?;
+        match user.role() {
+            domain::models::UserRole::Admin => Ok(AdminUser(user_id)),
+            _ => Err(StatusCode::FORBIDDEN.into_response()),
+        }
+    }
+}
+
 #[cfg(test)]
 mod tests {
    use super::*;