diff --git a/seeds.sql b/seeds.sql index 1fef9af..783f219 100644 --- a/seeds.sql +++ b/seeds.sql @@ -6,6 +6,7 @@ INSERT INTO "role" (name) VALUES ('Donau Linz'); INSERT INTO "role" (name) VALUES ('planned_event'); INSERT INTO "role" (name) VALUES ('Rennrudern'); INSERT INTO "role" (name) VALUES ('paid'); +INSERT INTO "role" (name) VALUES ('Vorstand'); INSERT INTO "user" (name, pw) VALUES('admin', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$4P4NCw4Ukhv80/eQYTsarHhnw61JuL1KMx/L9dm82YM'); INSERT INTO "user_role" (user_id, role_id) VALUES(1,1); INSERT INTO "user_role" (user_id, role_id) VALUES(1,2); @@ -30,6 +31,9 @@ INSERT INTO "user_role" (user_id, role_id) VALUES(7,5); INSERT INTO "user" (name, pw) VALUES('teen', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$jWKzDmI0jqT2dqINFt6/1NjVF4Dx15n07PL1ZMBmFsY'); INSERT INTO "user_role" (user_id, role_id) VALUES(8,5); INSERT INTO "user_role" (user_id, role_id) VALUES(8,7); +INSERT INTO "user" (name, pw) VALUES('Vorstandsmitglied', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$jWKzDmI0jqT2dqINFt6/1NjVF4Dx15n07PL1ZMBmFsY'); +INSERT INTO "user_role" (user_id, role_id) VALUES(9,5); +INSERT INTO "user_role" (user_id, role_id) VALUES(9,9); INSERT INTO "trip_details" (planned_starting_time, max_people, day, notes) VALUES('10:00', 2, '1970-01-01', 'trip_details for a planned event'); INSERT INTO "planned_event" (name, planned_amount_cox, trip_details_id) VALUES('test-planned-event', 2, 1); diff --git a/src/model/user.rs b/src/model/user.rs index 0127609..8dc5fcc 100644 --- a/src/model/user.rs +++ b/src/model/user.rs @@ -865,7 +865,7 @@ impl<'r> FromRequest<'r> for VorstandUser { if user.has_role(db, "Vorstand").await { Outcome::Success(VorstandUser(user)) } else { - Outcome::Error((Status::Forbidden, LoginError::NotACox)) + Outcome::Forward(Status::Forbidden) } } Outcome::Error(f) => Outcome::Error(f), diff --git a/src/tera/admin/user.rs b/src/tera/admin/user.rs index be3f7a8..dd2f4d1 100644 --- a/src/tera/admin/user.rs +++ b/src/tera/admin/user.rs @@ -49,6 +49,39 @@ async fn index( Template::render("admin/user/index", context.into_json()) } +#[get("/user", rank = 2)] +async fn index_admin( + db: &State, + user: AdminUser, + flash: Option>, +) -> Template { + let user_futures: Vec<_> = User::all(db) + .await + .into_iter() + .map(|u| async move { UserWithRoles::from_user(u, db).await }) + .collect(); + + let user: User = user.user; + let allowed_to_edit = user.has_role(db, "admin").await; + + let users: Vec = join_all(user_futures).await; + + let roles = Role::all(db).await; + let families = Family::all_with_members(db).await; + + let mut context = Context::new(); + if let Some(msg) = flash { + context.insert("flash", &msg.into_inner()); + } + context.insert("allowed_to_edit", &allowed_to_edit); + context.insert("users", &users); + context.insert("roles", &roles); + context.insert("families", &families); + context.insert("loggedin_user", &UserWithRoles::from_user(user, db).await); + + Template::render("admin/user/index", context.into_json()) +} + #[get("/user/fees")] async fn fees( db: &State, @@ -193,5 +226,14 @@ async fn create( } pub fn routes() -> Vec { - routes![index, resetpw, update, create, delete, fees, fees_paid] + routes![ + index, + index_admin, + resetpw, + update, + create, + delete, + fees, + fees_paid + ] } diff --git a/templates/includes/macros.html.tera b/templates/includes/macros.html.tera index 69f9d86..b54df4d 100644 --- a/templates/includes/macros.html.tera +++ b/templates/includes/macros.html.tera @@ -64,7 +64,7 @@ {% endif %} - {% if "admin" in loggedin_user.roles %} + {% if "admin" in loggedin_user.roles or "Vorstand" in loggedin_user.roles %}