allow users to delete trips

This commit is contained in:
philipp 2023-09-24 09:55:51 +02:00
parent fd4d097d72
commit 57e540f450
2 changed files with 29 additions and 12 deletions

View File

@ -68,6 +68,11 @@ pub enum LogbookUpdateError {
ArrivalNotAfterDeparture, ArrivalNotAfterDeparture,
} }
#[derive(Debug, PartialEq)]
pub enum LogbookDeleteError {
NotYourEntry,
}
#[derive(Debug, PartialEq)] #[derive(Debug, PartialEq)]
pub enum LogbookCreateError { pub enum LogbookCreateError {
BoatAlreadyOnWater, BoatAlreadyOnWater,
@ -327,11 +332,15 @@ ORDER BY departure DESC
Ok(()) Ok(())
} }
pub async fn delete(&self, db: &SqlitePool) { pub async fn delete(&self, db: &SqlitePool, user: &User) -> Result<(), LogbookDeleteError> {
sqlx::query!("DELETE FROM logbook WHERE id=?", self.id) if user.is_admin || user.id == self.shipmaster {
.execute(db) sqlx::query!("DELETE FROM logbook WHERE id=?", self.id)
.await .execute(db)
.unwrap(); //Okay, because we can only create a Logbook of a valid id .await
.unwrap(); //Okay, because we can only create a Logbook of a valid id
return Ok(());
}
Err(LogbookDeleteError::NotYourEntry)
} }
} }

View File

@ -15,7 +15,10 @@ use tera::Context;
use crate::model::{ use crate::model::{
boat::Boat, boat::Boat,
logbook::{LogToAdd, LogToFinalize, Logbook, LogbookCreateError, LogbookUpdateError}, logbook::{
LogToAdd, LogToFinalize, Logbook, LogbookCreateError, LogbookDeleteError,
LogbookUpdateError,
},
logtype::LogType, logtype::LogType,
user::{AdminUser, User, UserWithWaterStatus}, user::{AdminUser, User, UserWithWaterStatus},
}; };
@ -224,14 +227,19 @@ async fn home(
} }
#[get("/<logbook_id>/delete")] #[get("/<logbook_id>/delete")]
async fn delete(db: &State<SqlitePool>, logbook_id: i32, _adminuser: AdminUser) -> Flash<Redirect> { async fn delete(db: &State<SqlitePool>, logbook_id: i32, user: User) -> Flash<Redirect> {
let logbook = Logbook::find_by_id(db, logbook_id).await; let logbook = Logbook::find_by_id(db, logbook_id).await;
if let Some(logbook) = logbook { if let Some(logbook) = logbook {
logbook.delete(db).await; match logbook.delete(db, &user).await {
Flash::success( Ok(_) => Flash::success(
Redirect::to("/log"), Redirect::to("/log"),
format!("Logbook with ID {} successfully deleted!", logbook_id), format!("Logbook with ID {} successfully deleted!", logbook_id),
) ),
Err(LogbookDeleteError::NotYourEntry) => Flash::error(
Redirect::to("/log"),
"Du hast nicht die Berechtigung, den Eintrag zu löschen!",
),
}
} else { } else {
Flash::error( Flash::error(
Redirect::to("/log"), Redirect::to("/log"),