Merge pull request 'use proper role instead of manully validating role' (#1066) from use-proper-role into main

Reviewed-on: #1066
2025-05-29 12:12:54 +02:00 · 2025-05-29 12:12:54 +02:00 · aa3df2a294
commit aa3df2a294
parent 782d68cd03 7a2743046d
2 changed files with 18 additions and 42 deletions
--- a/src/model/logbook.rs
+++ b/src/model/logbook.rs
@ -12,7 +12,7 @@ use super::{
    notification::Notification,
    role::Role,
    rower::Rower,
-    user::User,
+    user::{User, VorstandUser},
 };
 use crate::model::user::VecUser;

@ -193,11 +193,6 @@ impl LogbookWithBoatAndRowers {
    }
 }

-#[derive(Debug, PartialEq)]
-pub enum LogbookAdminUpdateError {
-    NotAllowed,
-}
-
 #[derive(Debug, PartialEq)]
 pub enum LogbookUpdateError {
    NotYourEntry,
@ -634,16 +629,7 @@ ORDER BY departure DESC
        Ok(ret)
    }

-    pub async fn update(
-        &self,
-        db: &SqlitePool,
-        data: LogToUpdate,
-        user: &User,
-    ) -> Result<(), LogbookAdminUpdateError> {
-        if !user.has_role(db, "Vorstand").await {
-            return Err(LogbookAdminUpdateError::NotAllowed);
-        }
-
+    pub async fn update(&self, db: &SqlitePool, data: LogToUpdate, changed_by: &VorstandUser) {
        sqlx::query!(
                "UPDATE logbook SET boat_id=?, shipmaster=?, steering_person=?, shipmaster_only_steering=?, departure=?, arrival=?, destination=?, distance_in_km=?, comments=?, logtype=? WHERE id=?",
                data.boat_id,
@ -660,7 +646,12 @@ ORDER BY departure DESC
            )
            .execute(db)
            .await.unwrap();
-        Ok(())
+
+        Log::create(
+            db,
+            format!("{changed_by} updated log entry={:?} to {:?}", self, data),
+        )
+        .await;
    }

    async fn remove_rowers(&self, db: &mut Transaction<'_, Sqlite>) {
--- a/src/tera/log.rs
+++ b/src/tera/log.rs
@ -1,7 +1,6 @@
 use std::net::IpAddr;

 use rocket::{
-    Request, Route, State,
    form::Form,
    get,
    http::{Cookie, CookieJar},
@ -10,8 +9,9 @@ use rocket::{
    response::{Flash, Redirect},
    routes,
    time::{Duration, OffsetDateTime},
+    Request, Route, State,
 };
-use rocket_dyn_templates::{Template, context};
+use rocket_dyn_templates::{context, Template};
 use sqlx::SqlitePool;
 use tera::Context;

@ -22,8 +22,8 @@ use crate::{
        distance::Distance,
        log::Log,
        logbook::{
-            LogToAdd, LogToFinalize, LogToUpdate, Logbook, LogbookAdminUpdateError,
-            LogbookCreateError, LogbookDeleteError, LogbookUpdateError,
+            LogToAdd, LogToFinalize, LogToUpdate, Logbook, LogbookCreateError, LogbookDeleteError,
+            LogbookUpdateError,
        },
        logtype::LogType,
        planned::trip::Trip,
@ -394,27 +394,12 @@ async fn update(
        );
    };

-    match logbook.update(db, data.clone(), &user.user).await {
-        Ok(()) => {
-            Log::create(
-                db,
-                format!(
-                    "User {} updated log entry={:?} to {:?}",
-                    &user.name, logbook, data
-                ),
-            )
-            .await;
+    logbook.update(db, data.clone(), &user).await;

-            Flash::success(
-                Redirect::to("/log/show"),
-                "Logbucheintrag erfolgreich bearbeitet".to_string(),
-            )
-        }
-        Err(LogbookAdminUpdateError::NotAllowed) => Flash::error(
-            Redirect::to("/log/show"),
-            "Du hast keine Erlaubnis, diesen Logbucheintrag zu bearbeiten!".to_string(),
-        ),
-    }
+    Flash::success(
+        Redirect::to("/log/show"),
+        "Logbucheintrag erfolgreich bearbeitet".to_string(),
+    )
 }

 async fn home_logbook(
@ -606,7 +591,7 @@ mod test {
    use sqlx::SqlitePool;

    use crate::model::logbook::Logbook;
-    use crate::tera::{User, log::Boat};
+    use crate::tera::{log::Boat, User};
    use crate::testdb;

    #[sqlx::test]