Merge branch 'allow_to_add_real_guests' into 'staging'

Allow to add real guests See merge request PhilippHofer/rot!28
2023-08-09 20:30:37 +00:00 · 2023-08-09 20:30:37 +00:00 · 662f952807
commit 662f952807
parent 723ada09b0 590b41aa33
8 changed files with 308 additions and 91 deletions
--- a/migration.sql
+++ b/migration.sql
@ -48,10 +48,10 @@ CREATE TABLE IF NOT EXISTS "trip" (
 );
 CREATE TABLE IF NOT EXISTS "user_trip" (
-	"user_id" INTEGER NOT NULL REFERENCES user(id),
+	"user_id" INTEGER REFERENCES user(id),
 	"user_note" text, -- only shown if user_id = none
 	"trip_details_id" INTEGER NOT NULL REFERENCES trip_details(id),
-	"created_at" text NOT NULL DEFAULT CURRENT_TIMESTAMP,
+	"created_at" text NOT NULL DEFAULT CURRENT_TIMESTAMP
 	CONSTRAINT unq UNIQUE (user_id, trip_details_id) -- allow user to participate only once for each trip
 );
 CREATE TABLE IF NOT EXISTS "log" (
--- a/src/model/planned_event.rs
+++ b/src/model/planned_event.rs
@ -37,11 +37,12 @@ pub struct PlannedEventWithUserAndTriptype {
 }
 //TODO: move to appropriate place
-#[derive(Serialize)]
+#[derive(Serialize, Debug)]
 pub struct Registration {
    pub name: String,
    pub registered_at: String,
    pub is_guest: bool,
    pub is_real_guest: bool,
 }
 impl PlannedEvent {
@ -120,29 +121,40 @@ INNER JOIN trip_details ON planned_event.trip_details_id = trip_details.id",
    async fn get_all_cox(&self, db: &SqlitePool) -> Vec<Registration> {
        //TODO: switch to join
-        sqlx::query_as!(
+        sqlx::query!(
            Registration,
            "
 SELECT
    (SELECT name FROM user WHERE cox_id = id) as name,
    (SELECT created_at FROM user WHERE cox_id = id) as registered_at,
-    (SELECT is_guest FROM user WHERE cox_id = id) as is_guest
+    (SELECT is_guest FROM user WHERE cox_id = id) as is_guest,
    0 as is_real_guest
 FROM trip WHERE planned_event_id = ?
        ",
            self.id
        )
        .fetch_all(db)
        .await
-        .unwrap() //Okay, as PlannedEvent can only be created with proper DB backing
+        .unwrap()
        .into_iter()
        .map(|r| Registration {
            name: r.name,
            registered_at: r.registered_at,
            is_guest: r.is_guest,
            is_real_guest: r.is_real_guest == 1,
        })
        .collect() //Okay, as PlannedEvent can only be created with proper DB backing
    }
    async fn get_all_rower(&self, db: &SqlitePool) -> Vec<Registration> {
        //TODO: switch to join
-        sqlx::query_as!(
+        sqlx::query!(
            Registration,
            "
 SELECT
-    (SELECT name FROM user WHERE user_trip.user_id = user.id) as name, 
+    CASE 
        WHEN user_id IS NOT NULL THEN (SELECT name FROM user WHERE user_trip.user_id = user.id)
        ELSE user_note
    END as name,
    user_id IS NULL as is_real_guest,
    (SELECT created_at FROM user WHERE user_trip.user_id = user.id) as registered_at,
    (SELECT is_guest FROM user WHERE user_trip.user_id = user.id) as is_guest
 FROM user_trip WHERE trip_details_id = (SELECT trip_details_id FROM planned_event WHERE id = ?)
@ -151,7 +163,15 @@ FROM user_trip WHERE trip_details_id = (SELECT trip_details_id FROM planned_even
        )
        .fetch_all(db)
        .await
-        .unwrap() //Okay, as PlannedEvent can only be created with proper DB backing
+        .unwrap()
        .into_iter()
        .map(|r| Registration {
            name: r.name.unwrap(),
            registered_at: r.registered_at,
            is_guest: r.is_guest,
            is_real_guest: r.is_real_guest == 1,
        })
        .collect()
    }
    //TODO: add tests
--- a/src/model/trip.rs
+++ b/src/model/trip.rs
@ -126,11 +126,14 @@ WHERE day=?
    }
    async fn get_all_rower(&self, db: &SqlitePool) -> Vec<Registration> {
-        sqlx::query_as!(
+        sqlx::query!(
            Registration,
            "
 SELECT
-    (SELECT name FROM user WHERE user_trip.user_id = user.id) as name,
+    CASE 
        WHEN user_id IS NOT NULL THEN (SELECT name FROM user WHERE user_trip.user_id = user.id)
        ELSE user_note
    END as name,
    user_id IS NULL as is_real_guest,
    (SELECT created_at FROM user WHERE user_trip.user_id = user.id) as registered_at,
    (SELECT is_guest FROM user WHERE user_trip.user_id = user.id) as is_guest
 FROM user_trip WHERE trip_details_id = (SELECT trip_details_id FROM trip WHERE id = ?)",
@ -138,7 +141,15 @@ FROM user_trip WHERE trip_details_id = (SELECT trip_details_id FROM trip WHERE i
        )
        .fetch_all(db)
        .await
-        .unwrap() //Okay, as Trip can only be created with proper DB backing
+        .unwrap()
        .into_iter()
        .map(|r| Registration {
            name: r.name.unwrap(),
            registered_at: r.registered_at,
            is_guest: r.is_guest,
            is_real_guest: r.is_real_guest == 1,
        })
        .collect()
    }
    /// Cox decides to update own trip.
@ -497,7 +508,9 @@ mod test {
            .unwrap();
        let user = User::find_by_name(&pool, "rower".into()).await.unwrap();
-        UserTrip::create(&pool, &user, &trip_details).await.unwrap();
+        UserTrip::create(&pool, &user, &trip_details, None)
            .await
            .unwrap();
        let result = trip
            .delete(&pool, &cox)
--- a/src/model/tripdetails.rs
+++ b/src/model/tripdetails.rs
@ -1,3 +1,4 @@
 use crate::model::user::User;
 use chrono::NaiveDate;
 use rocket::FromForm;
 use serde::{Deserialize, Serialize};
@ -89,6 +90,91 @@ ORDER BY day;",
            .map(|a| NaiveDate::parse_from_str(&a, "%Y-%m-%d").unwrap())
            .collect()
    }
    pub(crate) async fn user_is_rower(&self, db: &SqlitePool, user: &User) -> bool {
        //check if cox if planned_event
        let is_rower = sqlx::query!(
            "SELECT count(*) as amount
            FROM user_trip 
            WHERE trip_details_id = ? AND user_id = ?",
            self.id,
            user.id
        )
        .fetch_one(db)
        .await
        .unwrap();
        is_rower.amount > 0
    }
    async fn belongs_to_event(&self, db: &SqlitePool) -> bool {
        let amount = sqlx::query!(
            "SELECT count(*) as amount
            FROM planned_event
            WHERE trip_details_id = ?",
            self.id,
        )
        .fetch_one(db)
        .await
        .unwrap();
        amount.amount > 0
    }
    pub(crate) async fn user_allowed_to_change(&self, db: &SqlitePool, user: &User) -> bool {
        if self.belongs_to_event(db).await {
            return user.is_admin;
        } else {
            return self.user_is_cox(db, user).await != CoxAtTrip::No;
        }
    }
    pub(crate) async fn user_is_cox(&self, db: &SqlitePool, user: &User) -> CoxAtTrip {
        //check if cox if planned_event
        let is_cox = sqlx::query!(
            "SELECT count(*) as amount
            FROM trip 
            WHERE planned_event_id = (
                SELECT id FROM planned_event WHERE trip_details_id = ?
            ) 
            AND cox_id = ?",
            self.id,
            user.id
        )
        .fetch_one(db)
        .await
        .unwrap();
        if is_cox.amount > 0 {
            return CoxAtTrip::Yes(Action::Helping);
        }
        //check if cox if own event
        let is_cox = sqlx::query!(
            "SELECT count(*) as amount
            FROM trip 
            WHERE trip_details_id = ? 
            AND cox_id = ?",
            self.id,
            user.id
        )
        .fetch_one(db)
        .await
        .unwrap();
        if is_cox.amount > 0 {
            return CoxAtTrip::Yes(Action::Own);
        }
        CoxAtTrip::No
    }
 }
 #[derive(PartialEq, Debug)]
 pub(crate) enum CoxAtTrip {
    No,
    Yes(Action),
 }
 #[derive(PartialEq, Debug)]
 pub(crate) enum Action {
    Helping,
    Own,
 }
 #[cfg(test)]
--- a/src/model/usertrip.rs
+++ b/src/model/usertrip.rs
@ -1,6 +1,7 @@
 use sqlx::SqlitePool;
 use super::{tripdetails::TripDetails, user::User};
 use crate::model::tripdetails::{Action, CoxAtTrip::Yes};
 pub struct UserTrip {}
@ -9,6 +10,7 @@ impl UserTrip {
        db: &SqlitePool,
        user: &User,
        trip_details: &TripDetails,
        user_note: Option<String>,
    ) -> Result<(), UserTripError> {
        if trip_details.is_full(db).await {
            return Err(UserTripError::EventAlreadyFull);
@ -22,74 +24,84 @@ impl UserTrip {
            return Err(UserTripError::GuestNotAllowedForThisEvent);
        }
-        //TODO: Check if user sees the event (otherwise she could forge trip_details_id
+        //TODO: Check if user sees the event (otherwise she could forge trip_details_id)
-        //check if cox if own event
+        let is_cox = trip_details.user_is_cox(db, user).await;
-        let is_cox = sqlx::query!(
+        if user_note.is_none() {
-            "SELECT count(*) as amount
+            if let Yes(action) = is_cox {
-            FROM trip 
+                match action {
-            WHERE trip_details_id = ? 
+                    Action::Helping => return Err(UserTripError::AlreadyRegisteredAsCox),
-            AND cox_id = ?",
+                    Action::Own => return Err(UserTripError::CantRegisterAtOwnEvent),
-            trip_details.id,
+                };
-            user.id
+            }
        )
        .fetch_one(db)
        .await
        .unwrap();
        if is_cox.amount > 0 {
            return Err(UserTripError::CantRegisterAtOwnEvent);
        }
-        //TODO: can probably move to trip.rs?
+            if trip_details.user_is_rower(db, user).await {
-        //check if cox if planned_event
+                return Err(UserTripError::AlreadyRegistered);
-        let is_cox = sqlx::query!(
+            }
-            "SELECT count(*) as amount
+
-            FROM trip 
+            sqlx::query!(
-            WHERE planned_event_id = (
+                "INSERT INTO user_trip (user_id, trip_details_id) VALUES(?, ?)",
-                SELECT id FROM planned_event WHERE trip_details_id = ?
+                user.id,
                trip_details.id,
            )
-            AND cox_id = ?",
+            .execute(db)
-            trip_details.id,
+            .await
-            user.id
+            .unwrap();
-        )
+        } else {
-        .fetch_one(db)
+            if !trip_details.user_allowed_to_change(db, user).await {
-        .await
+                return Err(UserTripError::NotAllowedToAddGuest);
-        .unwrap();
+            }
-        if is_cox.amount > 0 {
+            sqlx::query!(
-            return Err(UserTripError::AlreadyRegisteredAsCox);
+                "INSERT INTO user_trip (user_note, trip_details_id) VALUES(?, ?)",
                user_note,
                trip_details.id,
            )
            .execute(db)
            .await
            .unwrap();
        }
-        match sqlx::query!(
+        Ok(())
            "INSERT INTO user_trip (user_id, trip_details_id) VALUES(?, ?)",
            user.id,
            trip_details.id
        )
        .execute(db)
        .await
        {
            Ok(_) => Ok(()),
            Err(_) => Err(UserTripError::AlreadyRegistered),
        }
    }
    pub async fn delete(
        db: &SqlitePool,
        user: &User,
        trip_details: &TripDetails,
        name: Option<String>,
    ) -> Result<(), UserTripDeleteError> {
        if trip_details.is_locked {
            return Err(UserTripDeleteError::DetailsLocked);
        }
-        let _ = sqlx::query!(
+        if let Some(name) = name {
-            "DELETE FROM user_trip WHERE user_id = ? AND trip_details_id = ?",
+            if !trip_details.user_allowed_to_change(db, user).await {
-            user.id,
+                return Err(UserTripDeleteError::NotAllowedToDeleteGuest);
-            trip_details.id
+            }
        )
        .execute(db)
        .await
        .unwrap();
            if sqlx::query!(
                "DELETE FROM user_trip WHERE user_note = ? AND trip_details_id = ?",
                name,
                trip_details.id
            )
            .execute(db)
            .await
            .unwrap()
            .rows_affected()
                == 0
            {
                return Err(UserTripDeleteError::GuestNotParticipating);
            }
        } else {
            let _ = sqlx::query!(
                "DELETE FROM user_trip WHERE user_id = ? AND trip_details_id = ?",
                user.id,
                trip_details.id
            )
            .execute(db)
            .await
            .unwrap();
        }
        Ok(())
    }
 }
@ -102,11 +114,14 @@ pub enum UserTripError {
    DetailsLocked,
    CantRegisterAtOwnEvent,
    GuestNotAllowedForThisEvent,
    NotAllowedToAddGuest,
 }
 #[derive(Debug, PartialEq)]
 pub enum UserTripDeleteError {
    DetailsLocked,
    GuestNotParticipating,
    NotAllowedToDeleteGuest,
 }
 #[cfg(test)]
@ -130,7 +145,9 @@ mod test {
        let trip_details = TripDetails::find_by_id(&pool, 1).await.unwrap();
-        UserTrip::create(&pool, &user, &trip_details).await.unwrap();
+        UserTrip::create(&pool, &user, &trip_details, None)
            .await
            .unwrap();
    }
    #[sqlx::test]
@ -143,12 +160,14 @@ mod test {
        let trip_details = TripDetails::find_by_id(&pool, 1).await.unwrap();
-        UserTrip::create(&pool, &user, &trip_details).await.unwrap();
+        UserTrip::create(&pool, &user, &trip_details, None)
-        UserTrip::create(&pool, &user2, &trip_details)
+            .await
            .unwrap();
        UserTrip::create(&pool, &user2, &trip_details, None)
            .await
            .unwrap();
-        let result = UserTrip::create(&pool, &user3, &trip_details)
+        let result = UserTrip::create(&pool, &user3, &trip_details, None)
            .await
            .expect_err("Expect registration to fail because trip is already full");
@ -162,9 +181,11 @@ mod test {
        let user = User::find_by_name(&pool, "cox".into()).await.unwrap();
        let trip_details = TripDetails::find_by_id(&pool, 1).await.unwrap();
-        UserTrip::create(&pool, &user, &trip_details).await.unwrap();
+        UserTrip::create(&pool, &user, &trip_details, None)
            .await
            .unwrap();
-        let result = UserTrip::create(&pool, &user, &trip_details)
+        let result = UserTrip::create(&pool, &user, &trip_details, None)
            .await
            .expect_err("Expect registration to fail because user is same as responsible cox");
@ -179,7 +200,7 @@ mod test {
        let trip_details = TripDetails::find_by_id(&pool, 2).await.unwrap();
-        let result = UserTrip::create(&pool, &user, &trip_details)
+        let result = UserTrip::create(&pool, &user, &trip_details, None)
            .await
            .expect_err("Expect registration to fail because user is same as responsible cox");
@ -196,12 +217,11 @@ mod test {
            .try_into()
            .unwrap();
        let trip_details = TripDetails::find_by_id(&pool, 1).await.unwrap();
        let planned_event = PlannedEvent::find_by_id(&pool, 1).await.unwrap();
        Trip::new_join(&pool, &cox, &planned_event).await.unwrap();
-        let result = UserTrip::create(&pool, &cox, &trip_details)
+        let trip_details = TripDetails::find_by_id(&pool, 1).await.unwrap();
        let result = UserTrip::create(&pool, &cox, &trip_details, None)
            .await
            .expect_err("Expect registration to fail because user is already registered as cox");
@ -216,7 +236,7 @@ mod test {
        let trip_details = TripDetails::find_by_id(&pool, 1).await.unwrap();
-        let result = UserTrip::create(&pool, &user, &trip_details)
+        let result = UserTrip::create(&pool, &user, &trip_details, None)
            .await
            .expect_err("Not allowed for guests");
--- a/src/tera/mod.rs
+++ b/src/tera/mod.rs
@ -46,13 +46,18 @@ async fn index(db: &State<SqlitePool>, user: User, flash: Option<FlashMessage<'_
    Template::render("index", context.into_json())
 }
-#[get("/join/<trip_details_id>")]
+#[get("/join/<trip_details_id>?<user_note>")]
-async fn join(db: &State<SqlitePool>, trip_details_id: i64, user: User) -> Flash<Redirect> {
+async fn join(
    db: &State<SqlitePool>,
    trip_details_id: i64,
    user: User,
    user_note: Option<String>,
 ) -> Flash<Redirect> {
    let Some(trip_details) = TripDetails::find_by_id(db, trip_details_id).await else {
        return Flash::error(Redirect::to("/"), "Trip_details do not exist.");
    };
-    match UserTrip::create(db, &user, &trip_details).await {
+    match UserTrip::create(db, &user, &trip_details, user_note).await {
        Ok(_) => {
            Log::create(
                db,
@ -81,6 +86,10 @@ async fn join(db: &State<SqlitePool>, trip_details_id: i64, user: User) -> Flash
            Redirect::to("/"),
            "Bei dieser Ausfahrt können leider keine Gäste mitfahren.",
        ),
        Err(UserTripError::NotAllowedToAddGuest) => Flash::error(
            Redirect::to("/"),
            "Du darfst keine Gäste hinzufügen.",
        ),
        Err(UserTripError::DetailsLocked) => Flash::error(
            Redirect::to("/"),
            "Das Boot ist bereits eingeteilt. Bitte kontaktiere den Schiffsführer (Nummern siehe Signalgruppe) falls du dich doch abmelden willst.",
@ -88,13 +97,18 @@ async fn join(db: &State<SqlitePool>, trip_details_id: i64, user: User) -> Flash
    }
 }
-#[get("/remove/<trip_details_id>")]
+#[get("/remove/<trip_details_id>/<name>")]
-async fn remove(db: &State<SqlitePool>, trip_details_id: i64, user: User) -> Flash<Redirect> {
+async fn remove_guest(
    db: &State<SqlitePool>,
    trip_details_id: i64,
    user: User,
    name: String,
 ) -> Flash<Redirect> {
    let Some(trip_details) = TripDetails::find_by_id(db, trip_details_id).await else {
        return Flash::error(Redirect::to("/"), "TripDetailsId does not exist");
    };
-    match UserTrip::delete(db, &user, &trip_details).await {
+    match UserTrip::delete(db, &user, &trip_details, Some(name)).await {
        Ok(_) => {
            Log::create(
                db,
@ -119,6 +133,50 @@ async fn remove(db: &State<SqlitePool>, trip_details_id: i64, user: User) -> Fla
            Flash::error(Redirect::to("/"), "Das Boot ist bereits eingeteilt. Bitte kontaktiere den Schiffsführer (Nummern siehe Signalgruppe) falls du dich doch abmelden willst.")
        }
        Err(UserTripDeleteError::GuestNotParticipating) => {
            Flash::error(Redirect::to("/"), "Gast nicht angemeldet.")
        }
        Err(UserTripDeleteError::NotAllowedToDeleteGuest) => Flash::error(
            Redirect::to("/"),
            "Keine Berechtigung um den Gast zu entfernen.",
        ),
    }
 }
 #[get("/remove/<trip_details_id>")]
 async fn remove(db: &State<SqlitePool>, trip_details_id: i64, user: User) -> Flash<Redirect> {
    let Some(trip_details) = TripDetails::find_by_id(db, trip_details_id).await else {
        return Flash::error(Redirect::to("/"), "TripDetailsId does not exist");
    };
    match UserTrip::delete(db, &user, &trip_details, None).await {
        Ok(_) => {
            Log::create(
                db,
                format!(
                    "User {} unregistered for trip_details.id={}",
                    user.name, trip_details_id
                ),
            )
            .await;
            Flash::success(Redirect::to("/"), "Erfolgreich abgemeldet!")
        }
        Err(UserTripDeleteError::DetailsLocked) => {
            Log::create(
                db,
                format!(
                    "User {} tried to unregister for locked trip_details.id={}",
                    user.name, trip_details_id
                ),
            )
            .await;
            Flash::error(Redirect::to("/"), "Das Boot ist bereits eingeteilt. Bitte kontaktiere den Schiffsführer (Nummern siehe Signalgruppe) falls du dich doch abmelden willst.")
        }
        Err(_) => {
            panic!("Not possible to be here");
        }
    }
 }
@ -135,7 +193,7 @@ pub struct Config {
 pub fn config(rocket: Rocket<Build>) -> Rocket<Build> {
    rocket
-        .mount("/", routes![index, join, remove])
+        .mount("/", routes![index, join, remove, remove_guest])
        .mount("/auth", auth::routes())
        .mount("/log", log::routes())
        .mount("/stat", stat::routes())
--- a/templates/includes/macros.html.tera
+++ b/templates/includes/macros.html.tera
@ -103,7 +103,7 @@
 	</div>
 {% endmacro alert %}
-{% macro box(participants, empty_seats='', header='Freie Plätze:', text='Keine Ruderer angemeldet', bg='primary-600', color='white') %}
+{% macro box(participants, empty_seats='', header='Freie Plätze:', text='Keine Ruderer angemeldet', bg='primary-600', color='white', trip_details_id='', allow_removing=false) %}
 	<div class="text-{{ color }} bg-{{ bg }} text-center p-1 mt-1 rounded-t-md">{{ header }}
 		{{ empty_seats }}</div>
 	<div class="p-2 border border-t-0 border-{{ bg }} mb-4 rounded-b-md">
@ -111,7 +111,13 @@
 			{% for rower in participants %}
 				{{ rower.name }}
 				{% if rower.is_guest %}
 					<small class="text-gray-600">(Scheckbuch)</small>
 				{% endif %}
 				{% if rower.is_real_guest %}
 					<small class="text-gray-600">(Gast)</small>
 					{% if allow_removing %}
 				  	<a href="/remove/{{ trip_details_id }}/{{ rower.name }}" class="btn btn-attention btn-fw">Abmelden</a>
 					{% endif %}
 				{% endif %}
 				<span class="hidden">(angemeldet seit
 					{{ rower.registered_at }})</span><br/>
--- a/templates/index.html.tera
+++ b/templates/index.html.tera
@ -115,10 +115,18 @@
 												{# --- START List Rowers --- #}
 												{% if planned_event.max_people > 0 %}
 													{% set amount_cur_rower = planned_event.rower | length %}
-													{{ macros::box(participants=planned_event.rower, empty_seats=planned_event.max_people - amount_cur_rower, bg='primary-100', color='black') }}
+													{{ macros::box(participants=planned_event.rower, empty_seats=planned_event.max_people - amount_cur_rower, bg='primary-100', color='black', trip_details_id=planned_event.trip_details_id, allow_removing=loggedin_user.is_admin) }}
 												{% endif %}
 												{# --- END List Rowers --- #}
 													{% if loggedin_user.is_admin %}
 														<form action="/join/{{ planned_event.trip_details_id }}" method="get" />
 															{{ macros::input(label='Gast', name='user_note', type='text', required=true) }}
 															<input value="Gast hinzufügen" class="btn btn-primary" type="submit"/>
 														</form>
 													{% endif %}
 												{% if planned_event.allow_guests %}
 													<div class="text-primary-900 bg-primary-50 text-center p-1 mb-4">Gäste willkommen!</div>
 												{% endif %}
@ -213,7 +221,13 @@
 													{{ macros::box(participants=trip.rower,bg='[#f43f5e]',header='Absage') }}
 												{% else %}
 													{% set amount_cur_rower = trip.rower | length %}
-													{{ macros::box(participants=trip.rower, empty_seats=trip.max_people - amount_cur_rower, bg='primary-100', color='black') }}
+													{{ macros::box(participants=trip.rower, empty_seats=trip.max_people - amount_cur_rower, bg='primary-100', color='black', trip_details_id=trip.trip_details_id, allow_removing=loggedin_user.id == trip.cox_id) }}
 													{% if trip.cox_id == loggedin_user.id %}
 														<form action="/join/{{ trip.trip_details_id }}" method="get" />
 															{{ macros::input(label='Gast', name='user_note', type='text', required=true) }}
 															<input value="Gast hinzufügen" class="btn btn-primary" type="submit"/>
 														</form>
 													{% endif %}
 												{% endif %}
 												{# --- START Edit Form --- #}