Ruderverein-Donau-Linz/rowt
1
1
Fork 0
Code Issues 30 Pull Requests Actions Packages Projects Wiki Activity

Merge pull request 'allow-admin-to-delete-logbook-entries' (#665) from allow-admin-to-delete-logbook-entries into staging
All checks were successful
CI/CD Pipeline / test (push) Successful in 19m9s
Details
CI/CD Pipeline / deploy-staging (push) Successful in 20m15s
Details
CI/CD Pipeline / deploy-main (push) Has been skipped
Details

Browse Source 
Reviewed-on: #665
This commit is contained in:
philipp 2024-08-12 20:56:06 +02:00
commit 0bf7094770
4 changed files with 62 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fd
View File

@ -1,5 +1,5 @@
#!/bin/bash
scp read@128.140.64.118:/home/rowing/db.sqlite db.sqlite
scp root@128.140.64.118:/home/rowing/db.sqlite db.sqlite
#sqlite3 db.sqlite < seeds.sql

11
src/model/logbook.rs
View File

@ -699,6 +699,7 @@ ORDER BY departure DESC
pub async fn delete(&self, db: &SqlitePool, user: &User) -> Result<(), LogbookDeleteError> {
Log::create(db, format!("{} deleted trip: {self:?}", user.name)).await;
if self.arrival.is_none() {
if user.has_role(db, "admin").await
|| user.has_role(db, "Vorstand").await
|| user.id == self.shipmaster
@ -740,6 +741,16 @@ ORDER BY departure DESC
.unwrap(); //Okay, because we can only create a Logbook of a valid id
return Ok(());
}
} else {
// Only admins can delete completed logbook entries
if user.has_role(db, "admin").await {
sqlx::query!("DELETE FROM logbook WHERE id=?", self.id)
.execute(db)
.await
.unwrap(); //Okay, because we can only create a Logbook of a valid id
return Ok(());
}
}
Err(LogbookDeleteError::NotYourEntry)
}
}

11
src/tera/log.rs
View File

@ -400,6 +400,11 @@ async fn home(
async fn delete(db: &State<SqlitePool>, logbook_id: i64, user: DonauLinzUser) -> Flash<Redirect> {
let logbook = Logbook::find_by_id(db, logbook_id).await;
if let Some(logbook) = logbook {
let redirect = if logbook.arrival.is_some() {
"/log/show"
} else {
"/log"
};
Log::create(
db,
format!("User {} tries to delete log entry {logbook_id}", &user.name),
@ -407,11 +412,11 @@ async fn delete(db: &State<SqlitePool>, logbook_id: i64, user: DonauLinzUser) ->
.await;
match logbook.delete(db, &user).await {
Ok(_) => Flash::success(
Redirect::to("/log"),
format!("Eintrag {} gelöscht!", logbook_id),
Redirect::to(redirect),
format!("Eintrag {} von {} gelöscht!", logbook_id, user.name),
),
Err(LogbookDeleteError::NotYourEntry) => Flash::error(
Redirect::to("/log"),
Redirect::to(redirect),
"Du hast nicht die Berechtigung, den Eintrag zu löschen!",
),
}

6
templates/includes/forms/log.html.tera
View File

@ -262,6 +262,12 @@
<input type="hidden" name="logtype" value="{{ log.logtype }}" />
<input type="submit" value="Updaten" />
</form>
<a href="/log/{{ log.id }}/delete"
class="w-28 btn btn-alert"
onclick="return confirm('Willst du diesen Logbucheintrag wirklich löschen?');">
{% include "includes/delete-icon" %}
Löschen
</a>
{% endif %}
</details>
</div>