Merge pull request 'use proper role instead of manully validating role' (#1066) from use-proper-role into main
All checks were successful
CI/CD Pipeline / test (push) Successful in 16m17s
CI/CD Pipeline / deploy-staging (push) Has been skipped
CI/CD Pipeline / deploy-main (push) Successful in 13m21s

Reviewed-on: #1066
This commit is contained in:
philipp 2025-05-29 12:12:54 +02:00
commit aa3df2a294
2 changed files with 18 additions and 42 deletions

View File

@ -12,7 +12,7 @@ use super::{
notification::Notification,
role::Role,
rower::Rower,
user::User,
user::{User, VorstandUser},
};
use crate::model::user::VecUser;
@ -193,11 +193,6 @@ impl LogbookWithBoatAndRowers {
}
}
#[derive(Debug, PartialEq)]
pub enum LogbookAdminUpdateError {
NotAllowed,
}
#[derive(Debug, PartialEq)]
pub enum LogbookUpdateError {
NotYourEntry,
@ -634,16 +629,7 @@ ORDER BY departure DESC
Ok(ret)
}
pub async fn update(
&self,
db: &SqlitePool,
data: LogToUpdate,
user: &User,
) -> Result<(), LogbookAdminUpdateError> {
if !user.has_role(db, "Vorstand").await {
return Err(LogbookAdminUpdateError::NotAllowed);
}
pub async fn update(&self, db: &SqlitePool, data: LogToUpdate, changed_by: &VorstandUser) {
sqlx::query!(
"UPDATE logbook SET boat_id=?, shipmaster=?, steering_person=?, shipmaster_only_steering=?, departure=?, arrival=?, destination=?, distance_in_km=?, comments=?, logtype=? WHERE id=?",
data.boat_id,
@ -660,7 +646,12 @@ ORDER BY departure DESC
)
.execute(db)
.await.unwrap();
Ok(())
Log::create(
db,
format!("{changed_by} updated log entry={:?} to {:?}", self, data),
)
.await;
}
async fn remove_rowers(&self, db: &mut Transaction<'_, Sqlite>) {

View File

@ -1,7 +1,6 @@
use std::net::IpAddr;
use rocket::{
Request, Route, State,
form::Form,
get,
http::{Cookie, CookieJar},
@ -10,8 +9,9 @@ use rocket::{
response::{Flash, Redirect},
routes,
time::{Duration, OffsetDateTime},
Request, Route, State,
};
use rocket_dyn_templates::{Template, context};
use rocket_dyn_templates::{context, Template};
use sqlx::SqlitePool;
use tera::Context;
@ -22,8 +22,8 @@ use crate::{
distance::Distance,
log::Log,
logbook::{
LogToAdd, LogToFinalize, LogToUpdate, Logbook, LogbookAdminUpdateError,
LogbookCreateError, LogbookDeleteError, LogbookUpdateError,
LogToAdd, LogToFinalize, LogToUpdate, Logbook, LogbookCreateError, LogbookDeleteError,
LogbookUpdateError,
},
logtype::LogType,
planned::trip::Trip,
@ -394,27 +394,12 @@ async fn update(
);
};
match logbook.update(db, data.clone(), &user.user).await {
Ok(()) => {
Log::create(
db,
format!(
"User {} updated log entry={:?} to {:?}",
&user.name, logbook, data
),
)
.await;
logbook.update(db, data.clone(), &user).await;
Flash::success(
Redirect::to("/log/show"),
"Logbucheintrag erfolgreich bearbeitet".to_string(),
)
}
Err(LogbookAdminUpdateError::NotAllowed) => Flash::error(
Redirect::to("/log/show"),
"Du hast keine Erlaubnis, diesen Logbucheintrag zu bearbeiten!".to_string(),
),
}
Flash::success(
Redirect::to("/log/show"),
"Logbucheintrag erfolgreich bearbeitet".to_string(),
)
}
async fn home_logbook(
@ -606,7 +591,7 @@ mod test {
use sqlx::SqlitePool;
use crate::model::logbook::Logbook;
use crate::tera::{User, log::Boat};
use crate::tera::{log::Boat, User};
use crate::testdb;
#[sqlx::test]