Optimized permissions

server/src/routes/member/migrate.rs

@@ -4,7 +4,7 @@ use axum::{extract::State, http::HeaderMap, Json};
 use sqlx::PgPool;
 
 use crate::{
-    auth::{get_user_from_header, AuthError},
+    auth::get_user_from_header,
     database::model::Member as DbMember,
     model::{
         member::{Groups, Name, Roles},
@@ -14,16 +14,15 @@ use crate::{
     AppState,
 };
 
-pub async fn migrate_request<'a>(
+pub async fn migrate_request(
     State(state): State<AppState>,
     headers: HeaderMap,
     body: String,
 ) -> Result<Json<MigrationResponse>, crate::Error> {
-    let (roles, _user) = get_user_from_header(&state.pool, &headers).await?;
+    let user = get_user_from_header(&state.pool, &headers).await?;
 
-    if !roles.contains(Roles::ADMIN) {
-        return Err(AuthError::NoPermssions.into());
-    }
+    user.authorize(&state.pool, Some(Roles::ADMIN), None)
+        .await?;
 
     tracing::info!("Migration is requested");
 
@@ -46,10 +45,15 @@ pub async fn migrate_request<'a>(
     Ok(Json(MigrationResponse::from((count, members_diff))))
 }
 
-pub async fn migrate_confirm<'a>(
+pub async fn migrate_confirm(
     State(state): State<AppState>,
+    headers: HeaderMap,
     body: String,
 ) -> Result<(), crate::Error> {
+    let user = get_user_from_header(&state.pool, &headers).await?;
+    user.authorize(&state.pool, Some(Roles::ADMIN), None)
+        .await?;
+
     tracing::info!("Migration is confirmed");
 
     let count = match body.trim().parse::<u32>() {