From 5f458b288a7a7892f075087348ebcd3dab9a771b Mon Sep 17 00:00:00 2001
From: Carl Dong <accounts@carldong.me>
Date: Mon, 3 May 2021 19:42:29 -0400
Subject: [PATCH 1/2] admin: Return newly-created user in invite_user

Instead of having the caller dig through /admin/users for the right one,
just return the user upon creation.
---
 src/api/admin.rs | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/api/admin.rs b/src/api/admin.rs
index 6e168e7a..c3e53784 100644
--- a/src/api/admin.rs
+++ b/src/api/admin.rs
@@ -12,7 +12,7 @@ use rocket::{
 use rocket_contrib::json::Json;
 
 use crate::{
-    api::{ApiResult, EmptyResult, NumberOrString},
+    api::{ApiResult, EmptyResult, JsonResult, NumberOrString},
     auth::{decode_admin, encode_jwt, generate_admin_claims, ClientIp},
     config::ConfigBuilder,
     db::{backup_database, get_sql_server_version, models::*, DbConn, DbConnType},
@@ -279,7 +279,7 @@ struct InviteData {
 }
 
 #[post("/invite", data = "<data>")]
-fn invite_user(data: Json<InviteData>, _token: AdminToken, conn: DbConn) -> EmptyResult {
+fn invite_user(data: Json<InviteData>, _token: AdminToken, conn: DbConn) -> JsonResult {
     let data: InviteData = data.into_inner();
     let email = data.email.clone();
     if User::find_by_mail(&data.email, &conn).is_some() {
@@ -287,14 +287,16 @@ fn invite_user(data: Json<InviteData>, _token: AdminToken, conn: DbConn) -> Empt
     }
 
     let mut user = User::new(email);
-    user.save(&conn)?;
 
     if CONFIG.mail_enabled() {
-        mail::send_invite(&user.email, &user.uuid, None, None, &CONFIG.invitation_org_name(), None)
+        mail::send_invite(&user.email, &user.uuid, None, None, &CONFIG.invitation_org_name(), None)?;
     } else {
         let invitation = Invitation::new(data.email);
-        invitation.save(&conn)
+        invitation.save(&conn)?;
     }
+
+    user.save(&conn)?;
+    Ok(Json(user.to_json(&conn)))
 }
 
 #[post("/test/smtp", data = "<data>")]

From cccd8262fa78dabc8e1949c4dcb490b99fb0cd84 Mon Sep 17 00:00:00 2001
From: Carl Dong <accounts@carldong.me>
Date: Sat, 8 May 2021 16:03:03 -0400
Subject: [PATCH 2/2] admin: Add /users/<uuid> route

Individual user information can now be looked up by UUID.
---
 src/api/admin.rs | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/api/admin.rs b/src/api/admin.rs
index c3e53784..34875d7a 100644
--- a/src/api/admin.rs
+++ b/src/api/admin.rs
@@ -30,6 +30,7 @@ pub fn routes() -> Vec<Route> {
     routes![
         admin_login,
         get_users_json,
+        get_user_json,
         post_admin_login,
         admin_page,
         invite_user,
@@ -349,6 +350,13 @@ fn users_overview(_token: AdminToken, conn: DbConn) -> ApiResult<Html<String>> {
     Ok(Html(text))
 }
 
+#[get("/users/<uuid>")]
+fn get_user_json(uuid: String, _token: AdminToken, conn: DbConn) -> JsonResult {
+    let user = User::find_by_uuid(&uuid, &conn).map_res("User doesn't exist")?;
+
+    Ok(Json(user.to_json(&conn)))
+}
+
 #[post("/users/<uuid>/delete")]
 fn delete_user(uuid: String, _token: AdminToken, conn: DbConn) -> EmptyResult {
     let user = User::find_by_uuid(&uuid, &conn).map_res("User doesn't exist")?;