push

2023-03-14 16:49:32 +01:00
parent c79a342ce8
commit 48c9a481cc
4 changed files with 28 additions and 50 deletions
--- a/src/rest/restreg.rs
+++ b/src/rest/restreg.rs
@ -67,10 +67,7 @@ async fn register(

 #[derive(FromForm)]
 struct DeleteForm {
-    day: NaiveDateForm,
-    user: i32,
-    cox_id: Option<i32>,
-    begin: Option<String>,
+    id: i32,
 }

 #[delete("/", data = "<delete>")]
@ -79,40 +76,31 @@ async fn delete(
    delete: Form<DeleteForm>,
    user: user::Model,
 ) -> Flash<Redirect> {
-    let day = day::Entity::find_by_id(*delete.day)
-        .one(db.inner())
-        .await
-        .unwrap()
-        .expect("There's no trip on this date (yet)");
-
-    if delete.user != user.id {
-        log::error!("{} tried to delete a registration from user_id {} on day {:?} (probably hand-crafted request)", user.name, delete.user, delete.day);
-        return Flash::error(
-            Redirect::to("/"),
-            "Du kannst nur deine eigenen Anmeldungen löschen!",
-        );
-    }
-
-    let trip = trip::Entity::find()
-        .filter(trip::Column::Day.eq(format!("{}", day.day.format("%Y-%m-%d"))))
-        .filter(trip::Column::UserId.eq(user.id))
-        .filter(trip::Column::CoxId.eq(delete.cox_id))
-        .filter(trip::Column::Begin.eq(delete.begin.clone()))
+    let trip = trip::Entity::find_by_id(delete.id)
        .one(db.inner())
        .await
        .unwrap();
+
    match trip {
        None => {
-            log::error!("Tried to register w/o being authenticated (prob. hand crafted request (user.name = {})", user.name);
+            log::error!("Tried to delete registration of non-existing trip (prob. hand crafted request (user.name = {})", user.name);
            return Flash::error(Redirect::to("/"), "Du bist gar nicht angemeldet!");
        }
        Some(trip) => {
+            if trip.user_id != user.id {
+                log::error!(
+            "{} tried to delete a registration from user_id {} (probably hand-crafted request)",
+            user.name,
+            delete.id
+        );
+                return Flash::error(
+                    Redirect::to("/"),
+                    "Du kannst nur deine eigenen Anmeldungen löschen!",
+                );
+            }
            log::info!("User {} deleted the registration for {:?}", user.name, trip);
            trip::Entity::delete(trip::ActiveModel {
-                day: Set(trip.day),
-                user_id: Set(trip.user_id),
-                //cox_id: Set(delete.cox_id),
-                begin: Set(delete.begin.clone()),
+                id: Set(trip.id),
                ..Default::default()
            })
            .exec(db.inner())