"Can request admin" flag on user

Author: sandhose

crates/data-model/src/users.rs

@@ -27,6 +27,7 @@ pub struct User {
     pub primary_user_email_id: Option<Ulid>,
     pub created_at: DateTime<Utc>,
     pub locked_at: Option<DateTime<Utc>>,
+    pub can_request_admin: bool,
 }
 
 impl User {
@@ -47,6 +48,7 @@ impl User {
             primary_user_email_id: None,
             created_at: now,
             locked_at: None,
+            can_request_admin: false,
         }]
     }
 }

crates/graphql/src/model/users.rs

@@ -73,6 +73,11 @@ impl User {
         self.0.locked_at
     }
 
+    /// Whether the user can request admin privileges.
+    pub async fn can_request_admin(&self) -> bool {
+        self.0.can_request_admin
+    }
+
     /// Access to the user's Matrix account information.
     async fn matrix(&self, ctx: &Context<'_>) -> Result<MatrixUser, async_graphql::Error> {
         let state = ctx.state();

crates/graphql/src/mutations/user.rs

@@ -126,6 +126,37 @@ impl LockUserPayload {
     }
 }
 
+/// The input for the `setCanRequestAdmin` mutation.
+#[derive(InputObject)]
+struct SetCanRequestAdminInput {
+    /// The ID of the user to update.
+    user_id: ID,
+
+    /// Whether the user can request admin.
+    can_request_admin: bool,
+}
+
+/// The payload for the `setCanRequestAdmin` mutation.
+#[derive(Description)]
+enum SetCanRequestAdminPayload {
+    /// The user was updated.
+    Updated(mas_data_model::User),
+
+    /// The user was not found.
+    NotFound,
+}
+
+#[Object(use_type_description)]
+impl SetCanRequestAdminPayload {
+    /// The user that was updated.
+    async fn user(&self) -> Option<User> {
+        match self {
+            Self::Updated(user) => Some(User(user.clone())),
+            Self::NotFound => None,
+        }
+    }
+}
+
 fn valid_username_character(c: char) -> bool {
     c.is_ascii_lowercase()
         || c.is_ascii_digit()
@@ -232,4 +263,37 @@ impl UserMutations {
 
         Ok(LockUserPayload::Locked(user))
     }
+
+    /// Set whether a user can request admin. This is only available to
+    /// administrators.
+    async fn set_can_request_admin(
+        &self,
+        ctx: &Context<'_>,
+        input: SetCanRequestAdminInput,
+    ) -> Result<SetCanRequestAdminPayload, async_graphql::Error> {
+        let state = ctx.state();
+        let requester = ctx.requester();
+
+        if !requester.is_admin() {
+            return Err(async_graphql::Error::new("Unauthorized"));
+        }
+
+        let mut repo = state.repository().await?;
+
+        let user_id = NodeType::User.extract_ulid(&input.user_id)?;
+        let user = repo.user().lookup(user_id).await?;
+
+        let Some(user) = user else {
+            return Ok(SetCanRequestAdminPayload::NotFound);
+        };
+
+        let user = repo
+            .user()
+            .set_can_request_admin(user, input.can_request_admin)
+            .await?;
+
+        repo.save().await?;
+
+        Ok(SetCanRequestAdminPayload::Updated(user))
+    }
 }

crates/storage-pg/.sqlx/query-e0ea7d93ab3f565828b2faab4cc5e1a6ac868c95bfaee3a6960df1cf484d53da.json renamed to crates/storage-pg/.sqlx/query-0d892dc8589ba54bb886972b6db00eaf7e41ff0db98fabdff5dcba0a7aa4e77d.json

@@ -0,0 +1,17 @@
+-- Copyright 2023 The Matrix.org Foundation C.I.C.
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+-- Adds a `can_request_admin` column to the `users` table
+ALTER TABLE users
+    ADD COLUMN can_request_admin BOOLEAN NOT NULL DEFAULT FALSE;

crates/storage-pg/.sqlx/query-1dbc50cdab36da307c569891ab7b1ab4aaf128fed6be67ca0f139d697614c63b.json

@@ -34,6 +34,7 @@ pub enum Users {
     PrimaryUserEmailId,
     CreatedAt,
     LockedAt,
+    CanRequestAdmin,
 }
 
 #[derive(sea_query::Iden)]

crates/storage-pg/.sqlx/query-bfa5eaeaa5b4574bb083c86711eb4599f6374c96bb4a6827d400acb22fb0fd39.json renamed to crates/storage-pg/.sqlx/query-423e6aa88e0b8a01a90e108107a3d3998418fa43638b6510f28b56a2d6952222.json

@@ -57,6 +57,7 @@ struct UserLookup {
     primary_user_email_id: Option<Uuid>,
     created_at: DateTime<Utc>,
     locked_at: Option<DateTime<Utc>>,
+    can_request_admin: bool,
 }
 
 impl From<UserLookup> for User {
@@ -69,6 +70,7 @@ impl From<UserLookup> for User {
             primary_user_email_id: value.primary_user_email_id.map(Into::into),
             created_at: value.created_at,
             locked_at: value.locked_at,
+            can_request_admin: value.can_request_admin,
         }
     }
 }
@@ -95,6 +97,7 @@ impl<'c> UserRepository for PgUserRepository<'c> {
                      , primary_user_email_id
                      , created_at
                      , locked_at
+                     , can_request_admin
                 FROM users
                 WHERE user_id = $1
             "#,
@@ -127,6 +130,7 @@ impl<'c> UserRepository for PgUserRepository<'c> {
                      , primary_user_email_id
                      , created_at
                      , locked_at
+                     , can_request_admin
                 FROM users
                 WHERE username = $1
             "#,
@@ -186,6 +190,7 @@ impl<'c> UserRepository for PgUserRepository<'c> {
             primary_user_email_id: None,
             created_at,
             locked_at: None,
+            can_request_admin: false,
         })
     }
 
@@ -281,4 +286,39 @@ impl<'c> UserRepository for PgUserRepository<'c> {
 
         Ok(user)
     }
+
+    #[tracing::instrument(
+        name = "db.user.set_can_request_admin",
+        skip_all,
+        fields(
+            db.statement,
+            %user.id,
+            user.can_request_admin = can_request_admin,
+        ),
+        err,
+    )]
+    async fn set_can_request_admin(
+        &mut self,
+        mut user: User,
+        can_request_admin: bool,
+    ) -> Result<User, Self::Error> {
+        let res = sqlx::query!(
+            r#"
+                UPDATE users
+                SET can_request_admin = $2
+                WHERE user_id = $1
+            "#,
+            Uuid::from(user.id),
+            can_request_admin,
+        )
+        .traced()
+        .execute(&mut *self.conn)
+        .await?;
+
+        DatabaseError::ensure_affected_rows(&res, 1)?;
+
+        user.can_request_admin = can_request_admin;
+
+        Ok(user)
+    }
 }