NetsBlox
diff --git a/‎Cargo.lock‎
Lines changed: 5 additions & 5 deletions b/‎Cargo.lock‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎crates/api-common/bindings/UpdateUserData.ts‎
Lines changed: 5 additions & 0 deletions b/‎crates/api-common/bindings/UpdateUserData.ts‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎crates/api-common/src/lib.rs‎
Lines changed: 9 additions & 0 deletions b/‎crates/api-common/src/lib.rs‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎crates/api/src/common.rs‎
Lines changed: 1 addition & 11 deletions b/‎crates/api/src/common.rs‎
Lines changed: 1 addition & 11 deletions
diff --git a/‎crates/api/src/lib.rs‎
Lines changed: 18 additions & 1 deletion b/‎crates/api/src/lib.rs‎
Lines changed: 18 additions & 1 deletion
diff --git a/‎crates/cli/src/main.rs‎
Lines changed: 38 additions & 2 deletions b/‎crates/cli/src/main.rs‎
Lines changed: 38 additions & 2 deletions
diff --git a/‎crates/cloud/src/auth/users.rs‎
Lines changed: 79 additions & 12 deletions b/‎crates/cloud/src/auth/users.rs‎
Lines changed: 79 additions & 12 deletions
diff --git a/‎crates/cloud/src/errors.rs‎
Lines changed: 3 additions & 0 deletions b/‎crates/cloud/src/errors.rs‎
Lines changed: 3 additions & 0 deletions
@@ -0,0 +1,5 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { GroupId } from "./GroupId";
+import type { UserRole } from "./UserRole";
+
+export interface UpdateUserData { email: string | null, groupId: GroupId | null, role: UserRole | null, }
@@ -48,6 +48,15 @@ pub struct User {
     pub services_hosts: Option<Vec<ServiceHost>>,
 }
 
+#[derive(Serialize, Deserialize, TS, Clone)]
+#[serde(rename_all = "camelCase")]
+#[ts(export)]
+pub struct UpdateUserData {
+    pub email: Option<String>,
+    pub group_id: Option<GroupId>,
+    pub role: Option<UserRole>,
+}
+
 #[derive(Serialize, Deserialize, Debug, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export)]
 
@@ -1,11 +1 @@
-pub use netsblox_api_common::{
-    oauth, AppId, AuthorizedServiceHost, BannedAccount, ClientConfig, ClientId, ClientInfo,
-    ClientState, ClientStateData, CollaborationInvite, CreateLibraryData, CreateMagicLinkData,
-    CreateProjectData, Credentials, ExternalClient, ExternalClientState, Group, GroupId,
-    InvitationId, InvitationState, LibraryMetadata, LinkedAccount, LoginRequest, NewUser, Project,
-    ProjectId, PublishState, RoleData, RoleId, RoomState, SaveState, ServiceHost, ServiceHostScope,
-    ServiceSettings, UpdateProjectData, UpdateRoleData, UserRole,
-};
-pub use netsblox_api_common::{
-    FriendInvite, FriendLinkState, InvitationResponse, ProjectMetadata, User,
-};
+pub use netsblox_api_common::*;
@@ -4,7 +4,7 @@ pub mod error;
 use crate::common::*;
 use futures_util::SinkExt;
 use netsblox_api_common::{
-    CreateGroupData, CreateMagicLinkData, ServiceHostScope, UpdateGroupData,
+    CreateGroupData, CreateMagicLinkData, ServiceHostScope, UpdateGroupData, UpdateUserData,
 };
 use reqwest::{self, Method, RequestBuilder, Response};
 use serde::{Deserialize, Serialize};
@@ -184,6 +184,23 @@ impl Client {
         Ok(response.json::<User>().await.unwrap())
     }
 
+    pub async fn update_user(
+        &self,
+        username: &str,
+        update: &UpdateUserData,
+    ) -> Result<User, error::Error> {
+        let path = format!("/users/{}", username);
+        let response = self
+            .request(Method::PATCH, &path)
+            .json(&update)
+            .send()
+            .await
+            .map_err(error::Error::RequestError)?;
+
+        let response = check_response(response).await?;
+        Ok(response.json::<User>().await.unwrap())
+    }
+
     pub async fn set_password(&self, username: &str, password: &str) -> Result<(), error::Error> {
         let path = format!("/users/{}/password", username);
         let response = self
 
@@ -9,14 +9,38 @@ use clap::{Parser, Subcommand};
 use futures_util::StreamExt;
 use inquire::{Confirm, Password, PasswordDisplayMode};
 use netsblox_api::common::{
-    oauth, ClientId, CreateMagicLinkData, CreateProjectData, Credentials, FriendLinkState,
+    oauth, ClientId, CreateMagicLinkData, CreateProjectData, Credentials, FriendLinkState, GroupId,
     InvitationState, LinkedAccount, ProjectId, PublishState, RoleData, SaveState, ServiceHost,
-    ServiceHostScope, UserRole,
+    ServiceHostScope, UpdateUserData, UserRole,
 };
 use netsblox_api::{self, serde_json, Client};
 use std::path::Path;
 use xmlparser::{Token, Tokenizer};
 
+#[derive(Parser, Debug)]
+#[group(required = true, multiple = true)]
+struct UserUpdateOpt {
+    /// Set the user's email
+    #[clap(long, group = "update_data")]
+    email: Option<String>,
+    /// Set the user role (eg, admin, moderator)
+    #[clap(long, group = "update_data")]
+    role: Option<UserRole>,
+    /// Add the user as a member of a given group
+    #[clap(long, group = "update_data")]
+    group_id: Option<GroupId>,
+}
+
+impl From<&UserUpdateOpt> for UpdateUserData {
+    fn from(opt: &UserUpdateOpt) -> UpdateUserData {
+        UpdateUserData {
+            email: opt.email.clone(),
+            group_id: opt.group_id.clone(),
+            role: opt.role.clone(),
+        }
+    }
+}
+
 /// Manage & moderate user accounts
 #[derive(Subcommand, Debug)]
 enum Users {
@@ -50,6 +74,14 @@ enum Users {
         #[clap(short, long)]
         user: Option<String>,
     },
+    /// Update the current user
+    Update {
+        #[command(flatten)]
+        data: UserUpdateOpt,
+        /// Perform this action on behalf of this user
+        #[clap(short, long)]
+        user: Option<String>,
+    },
     /// Change the current user's password
     SetPassword {
         password: String,
@@ -800,6 +832,10 @@ async fn do_command(mut cfg: Config, args: Cli) -> Result<(), error::Error> {
                     )
                     .await?;
             }
+            Users::Update { data, user } => {
+                let username = user.clone().unwrap_or_else(|| get_current_user(cfg.host()));
+                client.update_user(&username, &data.into()).await?;
+            }
             Users::SetPassword { password, user } => {
                 let username = user.clone().unwrap_or_else(|| get_current_user(cfg.host()));
                 client.set_password(&username, password).await?;
 
@@ -4,7 +4,7 @@ use actix_session::{Session, SessionExt};
 use actix_web::HttpRequest;
 use futures::TryStreamExt;
 use mongodb::bson::doc;
-use netsblox_cloud_common::api::{self, ClientId, UserRole};
+use netsblox_cloud_common::api::{self, ClientId, UpdateUserData, UserRole};
 
 use crate::{
     app_data::AppData,
@@ -19,42 +19,63 @@ pub(crate) struct CreateUser {
     _private: (),
 }
 
+/// Authorization to view a given user
 #[derive(Debug)]
 pub(crate) struct ViewUser {
     pub(crate) username: String,
     _private: (),
 }
 
+/// Authorization to list all users
 pub(crate) struct ListUsers {
     _private: (),
 }
 
+/// Authorization to edit the user with the given username
 pub(crate) struct EditUser {
     pub(crate) username: String,
     _private: (),
 }
 
-pub(crate) struct SetPassword {
-    pub(crate) username: String,
-    _private: (),
+#[cfg(test)]
+impl EditUser {
+    pub(crate) fn test(username: String) -> Self {
+        Self {
+            username,
+            _private: (),
+        }
+    }
 }
 
-pub(crate) struct BanUser {
+/// Authorization to apply the given updates to the specified user
+pub(crate) struct UpdateUser {
     pub(crate) username: String,
+    pub(crate) update: UpdateUserData,
     _private: (),
 }
 
-// TODO: make a macro for making it when testing?
 #[cfg(test)]
-impl EditUser {
-    pub(crate) fn test(username: String) -> Self {
+impl UpdateUser {
+    pub(crate) fn test(username: String, update: UpdateUserData) -> Self {
         Self {
             username,
+            update,
             _private: (),
         }
     }
 }
 
+pub(crate) struct SetPassword {
+    pub(crate) username: String,
+    _private: (),
+}
+
+pub(crate) struct BanUser {
+    pub(crate) username: String,
+    _private: (),
+}
+
+// TODO: make a macro for making it when testing?
 #[cfg(test)]
 impl BanUser {
     pub(crate) fn test(username: String) -> Self {
@@ -99,20 +120,40 @@ pub(crate) async fn try_create_user(
     }
 
     let new_user_role = data.role.unwrap_or(UserRole::User);
-    let is_privileged = !matches!(new_user_role, UserRole::User);
+    try_assign_role(app, req, &new_user_role)
+        .await
+        .map(|_| CreateUser { data, _private: () })
+}
+
+/// Permissions for assigning a given role. Used as a helper method for related functions.
+struct AssignRole {
+    /// The role that the permissions are assigned for.
+    _role: UserRole,
+    _private: (),
+}
+
+async fn try_assign_role(
+    app: &AppData,
+    req: &HttpRequest,
+    role: &UserRole,
+) -> Result<AssignRole, UserError> {
+    let is_privileged = !matches!(role, UserRole::User);
 
     let is_authorized = if is_privileged {
         // only moderators, admins can make privileged users (up to their role)
         let username = utils::get_username(req).ok_or(UserError::LoginRequiredError)?;
         let req_role = get_user_role(app, &username).await?;
-        dbg!(&req_role, &new_user_role);
-        req_role >= UserRole::Moderator && req_role >= new_user_role
+        dbg!(&req_role, &role);
+        req_role >= UserRole::Moderator && req_role >= *role
     } else {
         true
     };
 
     if is_authorized {
-        Ok(CreateUser { data, _private: () })
+        Ok(AssignRole {
+            _role: role.to_owned(),
+            _private: (),
+        })
     } else {
         Err(UserError::PermissionsError)
     }
@@ -211,6 +252,32 @@ pub(crate) async fn try_edit_user(
     }
 }
 
+/// Try to get privileges to apply the given updates to the specified user.
+pub(crate) async fn try_update_user(
+    app: &AppData,
+    req: &HttpRequest,
+    username: &str,
+    update: UpdateUserData,
+) -> Result<UpdateUser, UserError> {
+    // If setting the group_id, we must be able to edit the group
+    if let Some(group_id) = update.group_id.as_ref() {
+        auth::try_edit_group(app, req, group_id).await?;
+    }
+
+    // If setting the user role, we must be able to assign those roles
+    if let Some(role) = update.role.as_ref() {
+        try_assign_role(app, req, role).await?;
+    }
+
+    try_edit_user(app, req, None, username)
+        .await
+        .map(|eu| UpdateUser {
+            username: eu.username.to_owned(),
+            update,
+            _private: (),
+        })
+}
+
 pub(crate) async fn try_set_password(
     app: &AppData,
     req: &HttpRequest,
 
@@ -35,6 +35,8 @@ pub enum UserError {
     ProjectUnavailableError,
     #[display(fmt = "Must specify project either using url or xml")]
     MissingUrlOrXmlError,
+    #[display(fmt = "Must specify email, role, or groupId to update.")]
+    UserUpdateFieldRequiredError,
     #[display(fmt = "Password reset link already sent. Only 1 can be sent per hour.")]
     PasswordResetLinkSentError,
     #[display(fmt = "Magic link already sent. Only 1 can be sent per hour.")]
@@ -221,6 +223,7 @@ impl error::ResponseError for UserError {
             | Self::OAuthFlowError(..)
             | Self::ProjectUnavailableError
             | Self::MissingUrlOrXmlError
+            | Self::UserUpdateFieldRequiredError
             | Self::ProjectNotActiveError => StatusCode::BAD_REQUEST,
             Self::InviteAlreadyExistsError => StatusCode::CONFLICT,
         }