allow admins to delete logbook entries

2024-08-12 20:55:31 +02:00 · 2024-08-12 20:55:31 +02:00 · a75c892cfb
commit a75c892cfb
parent f71ab634d7
4 changed files with 62 additions and 40 deletions
--- a/2
+++ b/2
@ -1,5 +1,5 @@
 #!/bin/bash

-scp read@128.140.64.118:/home/rowing/db.sqlite db.sqlite
+scp root@128.140.64.118:/home/rowing/db.sqlite db.sqlite
 #sqlite3 db.sqlite < seeds.sql

--- a/src/model/logbook.rs
+++ b/src/model/logbook.rs
@ -699,46 +699,57 @@ ORDER BY departure DESC
    pub async fn delete(&self, db: &SqlitePool, user: &User) -> Result<(), LogbookDeleteError> {
        Log::create(db, format!("{} deleted trip: {self:?}", user.name)).await;

-        if user.has_role(db, "admin").await
-            || user.has_role(db, "Vorstand").await
-            || user.id == self.shipmaster
-        {
-            let now = Local::now().naive_local();
-            let difference = now - self.departure;
-            if difference > Duration::hours(1) {
-                let vorstand = Role::find_by_name(db, "Vorstand").await.unwrap();
-                let logbook = LogbookWithBoatAndRowers::from(db, self.clone()).await;
-                let mut msg = format!("{} hat folgenden Logbuch-Eintrag jetzt gelöscht, welcher bereits vor über einer Stunde begonnen wurde: Schiffsführer: {}, Steuerperson: {}, Abfahrt: {}", user.name, logbook.steering_user.name, logbook.steering_user.name, logbook.logbook.departure.format("%Y-%m-%d %H:%M"));
-                if let Some(destination) = logbook.logbook.destination {
-                    msg.push_str(&format!(", Ziel: {}", destination));
-                } else {
-                    msg.push_str(", kein Ziel eingegeben");
-                }
-                msg.push_str(", Ruderer: ");
-                let mut it = logbook.rowers.clone().into_iter().peekable();
-                while let Some(rower) = it.next() {
-                    msg.push_str(&rower.name);
-                    if it.peek().is_some() {
-                        msg.push_str(" + ");
+        if self.arrival.is_none() {
+            if user.has_role(db, "admin").await
+                || user.has_role(db, "Vorstand").await
+                || user.id == self.shipmaster
+            {
+                let now = Local::now().naive_local();
+                let difference = now - self.departure;
+                if difference > Duration::hours(1) {
+                    let vorstand = Role::find_by_name(db, "Vorstand").await.unwrap();
+                    let logbook = LogbookWithBoatAndRowers::from(db, self.clone()).await;
+                    let mut msg = format!("{} hat folgenden Logbuch-Eintrag jetzt gelöscht, welcher bereits vor über einer Stunde begonnen wurde: Schiffsführer: {}, Steuerperson: {}, Abfahrt: {}", user.name, logbook.steering_user.name, logbook.steering_user.name, logbook.logbook.departure.format("%Y-%m-%d %H:%M"));
+                    if let Some(destination) = logbook.logbook.destination {
+                        msg.push_str(&format!(", Ziel: {}", destination));
+                    } else {
+                        msg.push_str(", kein Ziel eingegeben");
                    }
+                    msg.push_str(", Ruderer: ");
+                    let mut it = logbook.rowers.clone().into_iter().peekable();
+                    while let Some(rower) = it.next() {
+                        msg.push_str(&rower.name);
+                        if it.peek().is_some() {
+                            msg.push_str(" + ");
+                        }
+                    }
+
+                    Notification::create_for_role(
+                        db,
+                        &vorstand,
+                        &msg,
+                        "Ungewöhnliches Verhalten",
+                        None,
+                        None,
+                    )
+                    .await;
                }

-                Notification::create_for_role(
-                    db,
-                    &vorstand,
-                    &msg,
-                    "Ungewöhnliches Verhalten",
-                    None,
-                    None,
-                )
-                .await;
+                sqlx::query!("DELETE FROM logbook WHERE id=?", self.id)
+                    .execute(db)
+                    .await
+                    .unwrap(); //Okay, because we can only create a Logbook of a valid id
+                return Ok(());
+            }
+        } else {
+            // Only admins can delete completed logbook entries
+            if user.has_role(db, "admin").await {
+                sqlx::query!("DELETE FROM logbook WHERE id=?", self.id)
+                    .execute(db)
+                    .await
+                    .unwrap(); //Okay, because we can only create a Logbook of a valid id
+                return Ok(());
            }
-
-            sqlx::query!("DELETE FROM logbook WHERE id=?", self.id)
-                .execute(db)
-                .await
-                .unwrap(); //Okay, because we can only create a Logbook of a valid id
-            return Ok(());
        }
        Err(LogbookDeleteError::NotYourEntry)
    }
--- a/src/tera/log.rs
+++ b/src/tera/log.rs
@ -400,6 +400,11 @@ async fn home(
 async fn delete(db: &State<SqlitePool>, logbook_id: i64, user: DonauLinzUser) -> Flash<Redirect> {
    let logbook = Logbook::find_by_id(db, logbook_id).await;
    if let Some(logbook) = logbook {
+        let redirect = if logbook.arrival.is_some() {
+            "/log/show"
+        } else {
+            "/log"
+        };
        Log::create(
            db,
            format!("User {} tries to delete log entry {logbook_id}", &user.name),
@ -407,11 +412,11 @@ async fn delete(db: &State<SqlitePool>, logbook_id: i64, user: DonauLinzUser) ->
        .await;
        match logbook.delete(db, &user).await {
            Ok(_) => Flash::success(
-                Redirect::to("/log"),
-                format!("Eintrag {} gelöscht!", logbook_id),
+                Redirect::to(redirect),
+                format!("Eintrag {} von {} gelöscht!", logbook_id, user.name),
            ),
            Err(LogbookDeleteError::NotYourEntry) => Flash::error(
-                Redirect::to("/log"),
+                Redirect::to(redirect),
                "Du hast nicht die Berechtigung, den Eintrag zu löschen!",
            ),
        }
--- a/templates/includes/forms/log.html.tera
+++ b/templates/includes/forms/log.html.tera
@ -262,6 +262,12 @@
                        <input type="hidden" name="logtype" value="{{ log.logtype }}" />
                        <input type="submit" value="Updaten" />
                    </form>
+                                <a href="/log/{{ log.id }}/delete"
+                                   class="w-28 btn btn-alert"
+                                   onclick="return confirm('Willst du diesen Logbucheintrag wirklich löschen?');">
+                                    {% include "includes/delete-icon" %}
+                                    Löschen
+                                </a>
                {% endif %}
            </details>
        </div>