Expose the legacy guest/non-guest flag on users in the admin API

crates/data-model/src/users.rs

@@ -21,6 +21,7 @@ pub struct User {
     pub locked_at: Option<DateTime<Utc>>,
     pub deactivated_at: Option<DateTime<Utc>>,
     pub can_request_admin: bool,
+    pub is_guest: bool,
 }
 
 impl User {
@@ -43,6 +44,7 @@ impl User {
             locked_at: None,
             deactivated_at: None,
             can_request_admin: false,
+            is_guest: false,
         }]
     }
 }

crates/handlers/src/admin/model.rs

@@ -52,6 +52,9 @@ pub struct User {
 
     /// Whether the user can request admin privileges.
     admin: bool,
+
+    /// Whether the user was a guest before migrating to MAS,
+    legacy_guest: bool,
 }
 
 impl User {
@@ -65,6 +68,7 @@ impl User {
                 locked_at: None,
                 deactivated_at: None,
                 admin: false,
+                legacy_guest: false,
             },
             Self {
                 id: Ulid::from_bytes([0x02; 16]),
@@ -73,6 +77,7 @@ impl User {
                 locked_at: None,
                 deactivated_at: None,
                 admin: true,
+                legacy_guest: false,
             },
             Self {
                 id: Ulid::from_bytes([0x03; 16]),
@@ -81,6 +86,7 @@ impl User {
                 locked_at: Some(DateTime::default()),
                 deactivated_at: None,
                 admin: false,
+                legacy_guest: true,
             },
         ]
     }
@@ -95,6 +101,7 @@ impl From<mas_data_model::User> for User {
             locked_at: user.locked_at,
             deactivated_at: user.deactivated_at,
             admin: user.can_request_admin,
+            legacy_guest: user.is_guest,
         }
     }
 }

crates/handlers/src/admin/v1/users/deactivate.rs

@@ -209,7 +209,8 @@ mod tests {
               "created_at": "2022-01-16T14:40:00Z",
               "locked_at": null,
               "deactivated_at": "2022-01-16T14:40:00Z",
-              "admin": false
+              "admin": false,
+              "legacy_guest": false
             },
             "links": {
               "self": "/api/admin/v1/users/01FSHN9AG0MZAA6S4AF7CTV32E"
@@ -289,7 +290,8 @@ mod tests {
               "created_at": "2022-01-16T14:40:00Z",
               "locked_at": "2022-01-16T14:40:00Z",
               "deactivated_at": "2022-01-16T14:41:00Z",
-              "admin": false
+              "admin": false,
+              "legacy_guest": false
             },
             "links": {
               "self": "/api/admin/v1/users/01FSHN9AG0MZAA6S4AF7CTV32E"

crates/handlers/src/admin/v1/users/list.rs

@@ -54,6 +54,10 @@ pub struct FilterParams {
     #[serde(rename = "filter[admin]")]
     admin: Option<bool>,
 
+    /// Retrieve users with (or without) the `legacy_guest` flag set
+    #[serde(rename = "filter[legacy-guest]")]
+    legacy_guest: Option<bool>,
+
     /// Retrieve the items with the given status
     ///
     /// Defaults to retrieve all users, including locked ones.
@@ -75,6 +79,10 @@ impl std::fmt::Display for FilterParams {
             write!(f, "{sep}filter[admin]={admin}")?;
             sep = '&';
         }
+        if let Some(legacy_guest) = self.legacy_guest {
+            write!(f, "{sep}filter[legacy-guest]={legacy_guest}")?;
+            sep = '&';
+        }
         if let Some(status) = self.status {
             write!(f, "{sep}filter[status]={status}")?;
             sep = '&';
@@ -143,6 +151,12 @@ pub async fn handler(
         None => filter,
     };
 
+    let filter = match params.legacy_guest {
+        Some(true) => filter.guest_only(),
+        Some(false) => filter.non_guest_only(),
+        None => filter,
+    };
+
     let filter = match params.status {
         Some(UserStatus::Active) => filter.active_only(),
         Some(UserStatus::Locked) => filter.locked_only(),

crates/handlers/src/rate_limit.rs

@@ -328,6 +328,7 @@ mod tests {
             locked_at: None,
             deactivated_at: None,
             can_request_admin: false,
+            is_guest: true,
         };
 
         let bob = User {
@@ -338,6 +339,7 @@ mod tests {
             locked_at: None,
             deactivated_at: None,
             can_request_admin: false,
+            is_guest: true,
         };
 
         // Three times the same IP address should be allowed

crates/storage-pg/src/iden.rs

@@ -39,6 +39,7 @@ pub enum Users {
     LockedAt,
     DeactivatedAt,
     CanRequestAdmin,
+    IsGuest,
 }
 
 #[derive(sea_query::Iden)]

crates/storage-pg/src/user/mod.rs

@@ -73,6 +73,7 @@ mod priv_ {
         pub(super) locked_at: Option<DateTime<Utc>>,
         pub(super) deactivated_at: Option<DateTime<Utc>>,
         pub(super) can_request_admin: bool,
+        pub(super) is_guest: bool,
     }
 }
 
@@ -89,6 +90,7 @@ impl From<UserLookup> for User {
             locked_at: value.locked_at,
             deactivated_at: value.deactivated_at,
             can_request_admin: value.can_request_admin,
+            is_guest: value.is_guest,
         }
     }
 }
@@ -114,6 +116,10 @@ impl Filter for UserFilter<'_> {
             .add_option(self.can_request_admin().map(|can_request_admin| {
                 Expr::col((Users::Table, Users::CanRequestAdmin)).eq(can_request_admin)
             }))
+            .add_option(
+                self.is_guest()
+                    .map(|is_guest| Expr::col((Users::Table, Users::IsGuest)).eq(is_guest)),
+            )
     }
 }
 
@@ -140,6 +146,7 @@ impl UserRepository for PgUserRepository<'_> {
                      , locked_at
                      , deactivated_at
                      , can_request_admin
+                     , is_guest
                 FROM users
                 WHERE user_id = $1
             "#,
@@ -176,6 +183,7 @@ impl UserRepository for PgUserRepository<'_> {
                      , locked_at
                      , deactivated_at
                      , can_request_admin
+                     , is_guest
                 FROM users
                 WHERE LOWER(username) = LOWER($1)
             "#,
@@ -249,6 +257,7 @@ impl UserRepository for PgUserRepository<'_> {
             locked_at: None,
             deactivated_at: None,
             can_request_admin: false,
+            is_guest: false,
         })
     }
 
@@ -487,6 +496,10 @@ impl UserRepository for PgUserRepository<'_> {
                 Expr::col((Users::Table, Users::CanRequestAdmin)),
                 UserLookupIden::CanRequestAdmin,
             )
+            .expr_as(
+                Expr::col((Users::Table, Users::IsGuest)),
+                UserLookupIden::IsGuest,
+            )
             .from(Users::Table)
             .apply_filter(filter)
             .generate_pagination((Users::Table, Users::UserId), pagination)

crates/storage-pg/src/user/session.rs

@@ -61,6 +61,7 @@ struct SessionLookup {
     user_locked_at: Option<DateTime<Utc>>,
     user_deactivated_at: Option<DateTime<Utc>>,
     user_can_request_admin: bool,
+    user_is_guest: bool,
 }
 
 impl TryFrom<SessionLookup> for BrowserSession {
@@ -76,6 +77,7 @@ impl TryFrom<SessionLookup> for BrowserSession {
             locked_at: value.user_locked_at,
             deactivated_at: value.user_deactivated_at,
             can_request_admin: value.user_can_request_admin,
+            is_guest: value.user_is_guest,
         };
 
         Ok(BrowserSession {
@@ -201,6 +203,7 @@ impl BrowserSessionRepository for PgBrowserSessionRepository<'_> {
                      , u.locked_at             AS "user_locked_at"
                      , u.deactivated_at        AS "user_deactivated_at"
                      , u.can_request_admin     AS "user_can_request_admin"
+                     , u.is_guest              AS "user_is_guest"
                 FROM user_sessions s
                 INNER JOIN users u
                     USING (user_id)
@@ -391,6 +394,10 @@ impl BrowserSessionRepository for PgBrowserSessionRepository<'_> {
                 Expr::col((Users::Table, Users::CanRequestAdmin)),
                 SessionLookupIden::UserCanRequestAdmin,
             )
+            .expr_as(
+                Expr::col((Users::Table, Users::IsGuest)),
+                SessionLookupIden::UserIsGuest,
+            )
             .from(UserSessions::Table)
             .inner_join(
                 Users::Table,

crates/storage/src/user/mod.rs

@@ -75,6 +75,7 @@ impl UserState {
 pub struct UserFilter<'a> {
     state: Option<UserState>,
     can_request_admin: Option<bool>,
+    is_guest: Option<bool>,
     _phantom: std::marker::PhantomData<&'a ()>,
 }
 
@@ -120,6 +121,20 @@ impl UserFilter<'_> {
         self
     }
 
+    /// Filter for guest users
+    #[must_use]
+    pub fn guest_only(mut self) -> Self {
+        self.is_guest = Some(true);
+        self
+    }
+
+    /// Filter for non-guest users
+    #[must_use]
+    pub fn non_guest_only(mut self) -> Self {
+        self.is_guest = Some(false);
+        self
+    }
+
     /// Get the state filter
     ///
     /// Returns [`None`] if no state filter was set
@@ -135,6 +150,14 @@ impl UserFilter<'_> {
     pub fn can_request_admin(&self) -> Option<bool> {
         self.can_request_admin
     }
+
+    /// Get the is guest filter
+    ///
+    /// Returns [`None`] if no is guest filter was set
+    #[must_use]
+    pub fn is_guest(&self) -> Option<bool> {
+        self.is_guest
+    }
 }
 
 /// A [`UserRepository`] helps interacting with [`User`] saved in the storage