feat: allow other users to reschedule

cjustinobi · cjustinobi · commit 0022027f299f · 2026-03-09T13:47:44.000+01:00
diff --git a/src/handlers/appointments.rs b/src/handlers/appointments.rs
@@ -110,7 +110,7 @@ pub async fn confirm_appointment(
     Ok(ApiResponse::success(appt))
 }
 
-/// Reschedule an appointment. Used by Hospital staff
+/// Reschedule an appointment
 #[utoipa::path(
     put,
     path = "/api/appointments/reschedule/{appointment_id}",
diff --git a/src/hospitals/appointments.rs b/src/hospitals/appointments.rs
@@ -93,14 +93,16 @@ pub fn reschedule_appointment(
     user: &User,
     new_time: DateTime<Utc>,
 ) -> Result<Appointment, AppError> {
-    if user.role != Role::Hospital {
-        return Err(AppError::Unauthorized(
-            "Only hospitals can reschedule appointments".into(),
-        ));
+    match user.role {
+        Role::Hospital => {
+            assert_hospital_owns_appointment(conn, appointment_id, user.id)?;
+        }
+        Role::Donor | Role::Patient => {
+            assert_user_owns_appointment(conn, appointment_id, user.id)?;
+        }
+        _ => return Err(AppError::Unauthorized("Invalid role".into())),
     }
 
-    assert_hospital_owns_appointment(conn, appointment_id, user.id)?;
-
     diesel::update(appointments::table.find(appointment_id))
         .set((
             appointments::status.eq(AppointmentStatusEnum::Rescheduled),

Original file line number	Diff line number	Diff line change
`@@ -110,7 +110,7 @@ pub async fn confirm_appointment(`
`110`	`110`	`Ok(ApiResponse::success(appt))`
`111`	`111`	`}`
`112`	`112`
`113`		`-/// Reschedule an appointment. Used by Hospital staff`
	`113`	`+/// Reschedule an appointment`
`114`	`114`	`#[utoipa::path(`
`115`	`115`	`put,`
`116`	`116`	`path = "/api/appointments/reschedule/{appointment_id}",`