From a1a5e2ad89562a7867c47c03fe82711e55a44189 Mon Sep 17 00:00:00 2001 From: philipp Date: Mon, 22 Jan 2024 19:27:22 +0100 Subject: [PATCH] move managing events to own role --- seeds.sql | 2 ++ src/model/user.rs | 37 ++++++++++++++++++++ src/tera/admin/planned_event.rs | 30 ++++++++-------- src/tera/cox.rs | 61 +++++++++++++++++---------------- templates/planned.html.tera | 10 +++--- 5 files changed, 91 insertions(+), 49 deletions(-) diff --git a/seeds.sql b/seeds.sql index ba7b50f..8a269f6 100644 --- a/seeds.sql +++ b/seeds.sql @@ -3,10 +3,12 @@ INSERT INTO "role" (name) VALUES ('cox'); INSERT INTO "role" (name) VALUES ('scheckbuch'); INSERT INTO "role" (name) VALUES ('tech'); INSERT INTO "role" (name) VALUES ('Donau Linz'); +INSERT INTO "role" (name) VALUES ('planned_event'); INSERT INTO "user" (name, pw) VALUES('admin', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$4P4NCw4Ukhv80/eQYTsarHhnw61JuL1KMx/L9dm82YM'); INSERT INTO "user_role" (user_id, role_id) VALUES(1,1); INSERT INTO "user_role" (user_id, role_id) VALUES(1,2); INSERT INTO "user_role" (user_id, role_id) VALUES(1,5); +INSERT INTO "user_role" (user_id, role_id) VALUES(1,6); INSERT INTO "user" (name, pw) VALUES('rower', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$jWKzDmI0jqT2dqINFt6/1NjVF4Dx15n07PL1ZMBmFsY'); INSERT INTO "user_role" (user_id, role_id) VALUES(2,5); INSERT INTO "user" (name, pw) VALUES('guest', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$GF6gizbI79Bh0zA9its8S0gram956v+YIV8w8VpwJnQ'); diff --git a/src/model/user.rs b/src/model/user.rs index e38b68b..6ebc55e 100644 --- a/src/model/user.rs +++ b/src/model/user.rs @@ -850,6 +850,43 @@ impl<'r> FromRequest<'r> for VorstandUser { } } } + +#[derive(Debug, Serialize, Deserialize)] +pub struct PlannedEventUser(pub(crate) User); + +impl Into for PlannedEventUser { + fn into(self) -> User { + self.0 + } +} + +impl Deref for PlannedEventUser { + type Target = User; + + fn deref(&self) -> &Self::Target { + &self.0 + } +} + +#[async_trait] +impl<'r> FromRequest<'r> for PlannedEventUser { + type Error = LoginError; + + async fn from_request(req: &'r Request<'_>) -> request::Outcome { + let db = req.rocket().state::().unwrap(); + match User::from_request(req).await { + Outcome::Success(user) => { + if user.has_role(db, "planned_event").await { + Outcome::Success(PlannedEventUser(user)) + } else { + Outcome::Error((Status::Forbidden, LoginError::NotACox)) + } + } + Outcome::Error(f) => Outcome::Error(f), + Outcome::Forward(f) => Outcome::Forward(f), + } + } +} #[cfg(test)] mod test { use std::collections::HashMap; diff --git a/src/tera/admin/planned_event.rs b/src/tera/admin/planned_event.rs index 5208f18..293e022 100644 --- a/src/tera/admin/planned_event.rs +++ b/src/tera/admin/planned_event.rs @@ -10,7 +10,7 @@ use sqlx::SqlitePool; use crate::model::{ planned_event::PlannedEvent, tripdetails::{TripDetails, TripDetailsToAdd}, - user::AdminUser, + user::PlannedEventUser, }; //TODO: add constraints (e.g. planned_amount_cox > 0) @@ -25,7 +25,7 @@ struct AddPlannedEventForm<'r> { async fn create( db: &State, data: Form>, - _admin: AdminUser, + _admin: PlannedEventUser, ) -> Flash { let data = data.into_inner(); @@ -36,7 +36,7 @@ async fn create( PlannedEvent::create(db, data.name, data.planned_amount_cox, trip_details).await; - Flash::success(Redirect::to("/"), "Event hinzugefügt") + Flash::success(Redirect::to("/planned"), "Event hinzugefügt") } //TODO: add constraints (e.g. planned_amount_cox > 0) @@ -54,7 +54,7 @@ struct UpdatePlannedEventForm<'r> { async fn update( db: &State, data: Form>, - _admin: AdminUser, + _admin: PlannedEventUser, ) -> Flash { match PlannedEvent::find_by_id(db, data.id).await { Some(planned_event) => { @@ -68,20 +68,20 @@ async fn update( data.is_locked, ) .await; - Flash::success(Redirect::to("/"), "Successfully edited the event") + Flash::success(Redirect::to("/planned"), "Event erfolgreich bearbeitet") } - None => Flash::error(Redirect::to("/"), "Planned event id not found"), + None => Flash::error(Redirect::to("/planned"), "Planned event id not found"), } } #[get("/planned-event//delete")] -async fn delete(db: &State, id: i64, _admin: AdminUser) -> Flash { +async fn delete(db: &State, id: i64, _admin: PlannedEventUser) -> Flash { match PlannedEvent::find_by_id(db, id).await { Some(planned_event) => { planned_event.delete(db).await; - Flash::success(Redirect::to("/"), "Event gelöscht") + Flash::success(Redirect::to("/planned"), "Event gelöscht") } - None => Flash::error(Redirect::to("/"), "PlannedEvent does not exist"), + None => Flash::error(Redirect::to("/planned"), "PlannedEvent does not exist"), } } @@ -120,7 +120,7 @@ mod test { let response = req.dispatch().await; assert_eq!(response.status(), Status::SeeOther); - assert_eq!(response.headers().get("Location").next(), Some("/")); + assert_eq!(response.headers().get("Location").next(), Some("/planned")); let flash_cookie = response .cookies() @@ -151,7 +151,7 @@ mod test { let response = req.dispatch().await; assert_eq!(response.status(), Status::SeeOther); - assert_eq!(response.headers().get("Location").next(), Some("/")); + assert_eq!(response.headers().get("Location").next(), Some("/planned")); let flash_cookie = response .cookies() @@ -187,7 +187,7 @@ mod test { let response = req.dispatch().await; assert_eq!(response.status(), Status::SeeOther); - assert_eq!(response.headers().get("Location").next(), Some("/")); + assert_eq!(response.headers().get("Location").next(), Some("/planned")); let flash_cookie = response .cookies() @@ -196,7 +196,7 @@ mod test { assert_eq!( flash_cookie.value(), - "7:successSuccessfully edited the event" + "7:successEvent erfolgreich bearbeitet" ); let event = PlannedEvent::find_by_id(&db, 1).await.unwrap(); @@ -224,7 +224,7 @@ mod test { let response = req.dispatch().await; assert_eq!(response.status(), Status::SeeOther); - assert_eq!(response.headers().get("Location").next(), Some("/")); + assert_eq!(response.headers().get("Location").next(), Some("/planned")); let flash_cookie = response .cookies() @@ -255,7 +255,7 @@ mod test { let response = req.dispatch().await; assert_eq!(response.status(), Status::SeeOther); - assert_eq!(response.headers().get("Location").next(), Some("/")); + assert_eq!(response.headers().get("Location").next(), Some("/planned")); let flash_cookie = response .cookies() diff --git a/src/tera/cox.rs b/src/tera/cox.rs index 808f842..0a04e8e 100644 --- a/src/tera/cox.rs +++ b/src/tera/cox.rs @@ -34,7 +34,7 @@ async fn create( //) //.await; - Flash::success(Redirect::to("/"), "Ausfahrt erfolgreich erstellt.") + Flash::success(Redirect::to("/planned"), "Ausfahrt erfolgreich erstellt.") } #[derive(FromForm)] @@ -66,16 +66,19 @@ async fn update( ) .await { - Ok(_) => Flash::success(Redirect::to("/"), "Ausfahrt erfolgreich aktualisiert."), + Ok(_) => Flash::success( + Redirect::to("/planned"), + "Ausfahrt erfolgreich aktualisiert.", + ), Err(TripUpdateError::NotYourTrip) => { - Flash::error(Redirect::to("/"), "Nicht deine Ausfahrt!") + Flash::error(Redirect::to("/planned"), "Nicht deine Ausfahrt!") } Err(TripUpdateError::TripDetailsDoesNotExist) => { - Flash::error(Redirect::to("/"), "Ausfahrt gibt's nicht") + Flash::error(Redirect::to("/planned"), "Ausfahrt gibt's nicht") } } } else { - Flash::error(Redirect::to("/"), "Ausfahrt gibt's nicht") + Flash::error(Redirect::to("/planned"), "Ausfahrt gibt's nicht") } } @@ -92,21 +95,21 @@ async fn join(db: &State, planned_event_id: i64, cox: CoxUser) -> Fl ), ) .await; - Flash::success(Redirect::to("/"), "Danke für's helfen!") + Flash::success(Redirect::to("/planned"), "Danke für's helfen!") } Err(CoxHelpError::AlreadyRegisteredAsCox) => { - Flash::error(Redirect::to("/"), "Du hilfst bereits aus!") + Flash::error(Redirect::to("/planned"), "Du hilfst bereits aus!") } Err(CoxHelpError::AlreadyRegisteredAsRower) => Flash::error( - Redirect::to("/"), + Redirect::to("/planned"), "Du hast dich bereits als Ruderer angemeldet!", ), Err(CoxHelpError::DetailsLocked) => { - Flash::error(Redirect::to("/"), "Boot ist bereits eingeteilt.") + Flash::error(Redirect::to("/planned"), "Boot ist bereits eingeteilt.") } } } else { - Flash::error(Redirect::to("/"), "Event gibt's nicht") + Flash::error(Redirect::to("/planned"), "Event gibt's nicht") } } @@ -114,18 +117,18 @@ async fn join(db: &State, planned_event_id: i64, cox: CoxUser) -> Fl async fn remove_trip(db: &State, trip_id: i64, cox: CoxUser) -> Flash { let trip = Trip::find_by_id(db, trip_id).await; match trip { - None => Flash::error(Redirect::to("/"), "Trip gibt's nicht!"), + None => Flash::error(Redirect::to("/planned"), "Trip gibt's nicht!"), Some(trip) => match trip.delete(db, &cox).await { Ok(_) => { Log::create(db, format!("Cox {} deleted trip.id={}", cox.name, trip_id)).await; - Flash::success(Redirect::to("/"), "Erfolgreich gelöscht!") + Flash::success(Redirect::to("/planned"), "Erfolgreich gelöscht!") } Err(TripDeleteError::SomebodyAlreadyRegistered) => Flash::error( - Redirect::to("/"), + Redirect::to("/planned"), "Ausfahrt kann nicht gelöscht werden, da bereits jemand registriert ist!", ), Err(TripDeleteError::NotYourTrip) => { - Flash::error(Redirect::to("/"), "Nicht deine Ausfahrt!") + Flash::error(Redirect::to("/planned"), "Nicht deine Ausfahrt!") } }, } @@ -145,17 +148,17 @@ async fn remove(db: &State, planned_event_id: i64, cox: CoxUser) -> ) .await; - Flash::success(Redirect::to("/"), "Erfolgreich abgemeldet!") + Flash::success(Redirect::to("/planned"), "Erfolgreich abgemeldet!") } Err(TripHelpDeleteError::DetailsLocked) => { - Flash::error(Redirect::to("/"), "Boot bereits eingeteilt") + Flash::error(Redirect::to("/planned"), "Boot bereits eingeteilt") } Err(TripHelpDeleteError::CoxNotHelping) => { - Flash::error(Redirect::to("/"), "Steuermann hilft nicht aus...") + Flash::error(Redirect::to("/planned"), "Steuermann hilft nicht aus...") } } } else { - Flash::error(Redirect::to("/"), "Planned_event does not exist.") + Flash::error(Redirect::to("/planned"), "Planned_event does not exist.") } } @@ -202,7 +205,7 @@ mod test { let response = req.dispatch().await; assert_eq!(response.status(), Status::SeeOther); - assert_eq!(response.headers().get("Location").next(), Some("/")); + assert_eq!(response.headers().get("Location").next(), Some("/planned")); let flash_cookie = response .cookies() @@ -250,7 +253,7 @@ mod test { let response = req.dispatch().await; assert_eq!(response.status(), Status::SeeOther); - assert_eq!(response.headers().get("Location").next(), Some("/")); + assert_eq!(response.headers().get("Location").next(), Some("/planned")); let flash_cookie = response .cookies() @@ -288,7 +291,7 @@ mod test { let response = req.dispatch().await; assert_eq!(response.status(), Status::SeeOther); - assert_eq!(response.headers().get("Location").next(), Some("/")); + assert_eq!(response.headers().get("Location").next(), Some("/planned")); let flash_cookie = response .cookies() @@ -326,7 +329,7 @@ mod test { let response = req.dispatch().await; assert_eq!(response.status(), Status::SeeOther); - assert_eq!(response.headers().get("Location").next(), Some("/")); + assert_eq!(response.headers().get("Location").next(), Some("/planned")); let flash_cookie = response .cookies() @@ -354,7 +357,7 @@ mod test { let response = req.dispatch().await; assert_eq!(response.status(), Status::SeeOther); - assert_eq!(response.headers().get("Location").next(), Some("/")); + assert_eq!(response.headers().get("Location").next(), Some("/planned")); let flash_cookie = response .cookies() @@ -367,7 +370,7 @@ mod test { let response = req.dispatch().await; assert_eq!(response.status(), Status::SeeOther); - assert_eq!(response.headers().get("Location").next(), Some("/")); + assert_eq!(response.headers().get("Location").next(), Some("/planned")); let flash_cookie = response .cookies() @@ -398,7 +401,7 @@ mod test { let response = req.dispatch().await; assert_eq!(response.status(), Status::SeeOther); - assert_eq!(response.headers().get("Location").next(), Some("/")); + assert_eq!(response.headers().get("Location").next(), Some("/planned")); let flash_cookie = response .cookies() @@ -429,7 +432,7 @@ mod test { let response = req.dispatch().await; assert_eq!(response.status(), Status::SeeOther); - assert_eq!(response.headers().get("Location").next(), Some("/")); + assert_eq!(response.headers().get("Location").next(), Some("/planned")); let flash_cookie = response .cookies() @@ -470,7 +473,7 @@ mod test { let response = req.dispatch().await; assert_eq!(response.status(), Status::SeeOther); - assert_eq!(response.headers().get("Location").next(), Some("/")); + assert_eq!(response.headers().get("Location").next(), Some("/planned")); let flash_cookie = response .cookies() @@ -498,7 +501,7 @@ mod test { let response = req.dispatch().await; assert_eq!(response.status(), Status::SeeOther); - assert_eq!(response.headers().get("Location").next(), Some("/")); + assert_eq!(response.headers().get("Location").next(), Some("/planned")); let flash_cookie = response .cookies() @@ -526,7 +529,7 @@ mod test { let response = req.dispatch().await; assert_eq!(response.status(), Status::SeeOther); - assert_eq!(response.headers().get("Location").next(), Some("/")); + assert_eq!(response.headers().get("Location").next(), Some("/planned")); let flash_cookie = response .cookies() diff --git a/templates/planned.html.tera b/templates/planned.html.tera index 1603228..ddc2293 100644 --- a/templates/planned.html.tera +++ b/templates/planned.html.tera @@ -304,9 +304,9 @@ {# --- START Add Buttons --- #} - {% if "admin" in loggedin_user.roles or "cox" in loggedin_user.roles %} -