Allow admin users to yank/unyank versions

Author: Turbo87

src/controllers/version/yank.rs

@@ -70,7 +70,12 @@ fn modify_yank(
     let owners = krate.owners(conn)?;
 
     if Handle::current().block_on(user.rights(state, &owners))? < Rights::Publish {
-        return Err(cargo_err("must already be an owner to yank or unyank"));
+        if user.is_admin {
+            let action = if yanked { "yanking" } else { "unyanking" };
+            warn!("Admin {} is {action} crate {}", user.gh_login, krate.name);
+        } else {
+            return Err(cargo_err("must already be an owner to yank or unyank"));
+        }
     }
 
     if version.yanked == yanked {

src/tests/routes/crates/versions/yank_unyank.rs

@@ -97,7 +97,7 @@ mod auth {
     use crate::util::{MockAnonymousUser, MockCookieUser};
     use chrono::{Duration, Utc};
     use crates_io::models::token::{CrateScope, EndpointScope};
-    use crates_io::schema::{crates, versions};
+    use crates_io::schema::{crates, users, versions};
     use diesel::prelude::*;
 
     const CRATE_NAME: &str = "fyk";
@@ -360,4 +360,28 @@ mod auth {
         );
         assert!(!is_yanked(&app));
     }
+
+    #[test]
+    fn admin() {
+        let (app, _, _) = prepare();
+
+        let admin = app.db_new_user("admin");
+
+        app.db(|conn| {
+            diesel::update(admin.as_model())
+                .set(users::is_admin.eq(true))
+                .execute(conn)
+                .unwrap();
+        });
+
+        let response = admin.yank(CRATE_NAME, CRATE_VERSION);
+        assert_eq!(response.status(), StatusCode::OK);
+        assert_eq!(response.into_json(), json!({ "ok": true }));
+        assert!(is_yanked(&app));
+
+        let response = admin.unyank(CRATE_NAME, CRATE_VERSION);
+        assert_eq!(response.status(), StatusCode::OK);
+        assert_eq!(response.into_json(), json!({ "ok": true }));
+        assert!(!is_yanked(&app));
+    }
 }