From a75c892cfb1a1216ce6939de337b528b26be579e Mon Sep 17 00:00:00 2001 From: philipp Date: Mon, 12 Aug 2024 20:55:31 +0200 Subject: [PATCH] allow admins to delete logbook entries --- fd | 2 +- src/model/logbook.rs | 83 +++++++++++++++----------- src/tera/log.rs | 11 +++- templates/includes/forms/log.html.tera | 6 ++ 4 files changed, 62 insertions(+), 40 deletions(-) diff --git a/fd b/fd index deb623b..20b3a1f 100755 --- a/fd +++ b/fd @@ -1,5 +1,5 @@ #!/bin/bash -scp read@128.140.64.118:/home/rowing/db.sqlite db.sqlite +scp root@128.140.64.118:/home/rowing/db.sqlite db.sqlite #sqlite3 db.sqlite < seeds.sql diff --git a/src/model/logbook.rs b/src/model/logbook.rs index 5c68214..861c21f 100644 --- a/src/model/logbook.rs +++ b/src/model/logbook.rs @@ -699,46 +699,57 @@ ORDER BY departure DESC pub async fn delete(&self, db: &SqlitePool, user: &User) -> Result<(), LogbookDeleteError> { Log::create(db, format!("{} deleted trip: {self:?}", user.name)).await; - if user.has_role(db, "admin").await - || user.has_role(db, "Vorstand").await - || user.id == self.shipmaster - { - let now = Local::now().naive_local(); - let difference = now - self.departure; - if difference > Duration::hours(1) { - let vorstand = Role::find_by_name(db, "Vorstand").await.unwrap(); - let logbook = LogbookWithBoatAndRowers::from(db, self.clone()).await; - let mut msg = format!("{} hat folgenden Logbuch-Eintrag jetzt gelöscht, welcher bereits vor über einer Stunde begonnen wurde: Schiffsführer: {}, Steuerperson: {}, Abfahrt: {}", user.name, logbook.steering_user.name, logbook.steering_user.name, logbook.logbook.departure.format("%Y-%m-%d %H:%M")); - if let Some(destination) = logbook.logbook.destination { - msg.push_str(&format!(", Ziel: {}", destination)); - } else { - msg.push_str(", kein Ziel eingegeben"); - } - msg.push_str(", Ruderer: "); - let mut it = logbook.rowers.clone().into_iter().peekable(); - while let Some(rower) = it.next() { - msg.push_str(&rower.name); - if it.peek().is_some() { - msg.push_str(" + "); + if self.arrival.is_none() { + if user.has_role(db, "admin").await + || user.has_role(db, "Vorstand").await + || user.id == self.shipmaster + { + let now = Local::now().naive_local(); + let difference = now - self.departure; + if difference > Duration::hours(1) { + let vorstand = Role::find_by_name(db, "Vorstand").await.unwrap(); + let logbook = LogbookWithBoatAndRowers::from(db, self.clone()).await; + let mut msg = format!("{} hat folgenden Logbuch-Eintrag jetzt gelöscht, welcher bereits vor über einer Stunde begonnen wurde: Schiffsführer: {}, Steuerperson: {}, Abfahrt: {}", user.name, logbook.steering_user.name, logbook.steering_user.name, logbook.logbook.departure.format("%Y-%m-%d %H:%M")); + if let Some(destination) = logbook.logbook.destination { + msg.push_str(&format!(", Ziel: {}", destination)); + } else { + msg.push_str(", kein Ziel eingegeben"); } + msg.push_str(", Ruderer: "); + let mut it = logbook.rowers.clone().into_iter().peekable(); + while let Some(rower) = it.next() { + msg.push_str(&rower.name); + if it.peek().is_some() { + msg.push_str(" + "); + } + } + + Notification::create_for_role( + db, + &vorstand, + &msg, + "Ungewöhnliches Verhalten", + None, + None, + ) + .await; } - Notification::create_for_role( - db, - &vorstand, - &msg, - "Ungewöhnliches Verhalten", - None, - None, - ) - .await; + sqlx::query!("DELETE FROM logbook WHERE id=?", self.id) + .execute(db) + .await + .unwrap(); //Okay, because we can only create a Logbook of a valid id + return Ok(()); + } + } else { + // Only admins can delete completed logbook entries + if user.has_role(db, "admin").await { + sqlx::query!("DELETE FROM logbook WHERE id=?", self.id) + .execute(db) + .await + .unwrap(); //Okay, because we can only create a Logbook of a valid id + return Ok(()); } - - sqlx::query!("DELETE FROM logbook WHERE id=?", self.id) - .execute(db) - .await - .unwrap(); //Okay, because we can only create a Logbook of a valid id - return Ok(()); } Err(LogbookDeleteError::NotYourEntry) } diff --git a/src/tera/log.rs b/src/tera/log.rs index 91c342f..2086f77 100644 --- a/src/tera/log.rs +++ b/src/tera/log.rs @@ -400,6 +400,11 @@ async fn home( async fn delete(db: &State, logbook_id: i64, user: DonauLinzUser) -> Flash { let logbook = Logbook::find_by_id(db, logbook_id).await; if let Some(logbook) = logbook { + let redirect = if logbook.arrival.is_some() { + "/log/show" + } else { + "/log" + }; Log::create( db, format!("User {} tries to delete log entry {logbook_id}", &user.name), @@ -407,11 +412,11 @@ async fn delete(db: &State, logbook_id: i64, user: DonauLinzUser) -> .await; match logbook.delete(db, &user).await { Ok(_) => Flash::success( - Redirect::to("/log"), - format!("Eintrag {} gelöscht!", logbook_id), + Redirect::to(redirect), + format!("Eintrag {} von {} gelöscht!", logbook_id, user.name), ), Err(LogbookDeleteError::NotYourEntry) => Flash::error( - Redirect::to("/log"), + Redirect::to(redirect), "Du hast nicht die Berechtigung, den Eintrag zu löschen!", ), } diff --git a/templates/includes/forms/log.html.tera b/templates/includes/forms/log.html.tera index 6f1de37..2ad3b08 100644 --- a/templates/includes/forms/log.html.tera +++ b/templates/includes/forms/log.html.tera @@ -262,6 +262,12 @@ + + {% include "includes/delete-icon" %} + Löschen + {% endif %}