jwt: get user roles in jwt

crates/ezidam/src/guards/jwt.rs

@@ -7,6 +7,7 @@ use hash::SecretString;
 use id::{KeyID, UserID};
 use jwt::database::Key;
 use jwt::{JwtClaims, PrivateKey};
+use permissions::Permission;
 use refresh_tokens::RefreshToken;
 use rocket::http::Status;
 use rocket::http::{Cookie, CookieJar, SameSite};
@@ -53,6 +54,7 @@ pub enum Error {
     ImportKey(jwt::Error),
     JwtValidation(jwt::Error),
     BlockingTask(String),
+    GetPermissions(permissions::Error),
 }
 
 pub struct SpecificUser<'a> {
@@ -382,8 +384,16 @@ pub async fn use_refresh_token(
             }
         };
 
-    // TODO: get user roles
-    let roles = vec![];
+    // Get user roles
+    let roles = match Permission::get_all(&mut transaction, Some(user.id()), None).await {
+        Ok(roles) => roles
+            .into_iter()
+            .map(|role| role.role().to_string())
+            .collect(),
+        Err(e) => {
+            return Outcome::Failure((Status::InternalServerError, Error::GetPermissions(e)));
+        }
+    };
 
     // Create jwt, sign and serialize
     let jwt_claims = JwtClaims::new(home_page.clone(), "ezidam", &user, roles);

crates/ezidam/src/tokens.rs

@@ -1,6 +1,7 @@
 use hash::SecretString;
 use id::{AppID, UserID};
 use jwt::{JwtClaims, PrivateKey};
+use permissions::Permission;
 use refresh_tokens::RefreshToken;
 use rocket::tokio::task;
 use rocket_db_pools::sqlx::SqliteExecutor;
@@ -46,8 +47,13 @@ pub async fn generate_jwt(
     audience: &str,
     user: &User,
 ) -> Result<String, String> {
-    // TODO: get user roles
-    let roles = vec![];
+    // Get user roles
+    let roles = Permission::get_all(conn, Some(user.id()), None)
+        .await
+        .map_err(|e| e.to_string())?
+        .into_iter()
+        .map(|role| role.role().to_string())
+        .collect();
 
     // Create jwt, sign and serialize
     let jwt = JwtClaims::new(issuer, audience, user, roles)