This commit is contained in:
philipp 2023-04-04 15:16:21 +02:00
parent 0bdd073d7f
commit cedaba5709
10 changed files with 453 additions and 28 deletions

View File

@ -14,20 +14,6 @@
- Link for specific trip - Link for specific trip
- Basic auth (with e.g. ekrv) to prevent spam bots? (Or on first login there are 2 input fields: name + e.g. name of "strom") - Basic auth (with e.g. ekrv) to prevent spam bots? (Or on first login there are 2 input fields: name + e.g. name of "strom")
# DB
- trip
- id: i32
- cox_id: i32 (user.id)
- trip_details: Option<i32> (trip_details.id)
- planned_event_id: Option<i32> (planned_event.id)
- created: chrono::DateTime
- user_trip
- trip_details_id: i32 (trip_details.id)
- user_id: i32 (user.id)
- created: chrono::DateTime
# TODO # TODO
- [x] User login - [x] User login
- [x] Admin - [x] Admin
@ -37,5 +23,5 @@
- [ ] Ausfahrten - [ ] Ausfahrten
- [x] CRUD planned_event - [x] CRUD planned_event
- [x] CRUD trip_details - [x] CRUD trip_details
- [ ] CRUD trip - [x] CRUD trip
- [ ] CRUD user_trip - [ ] CRUD user_trip

View File

@ -24,3 +24,24 @@ CREATE TABLE IF NOT EXISTS "planned_event" (
"created_at" text NOT NULL DEFAULT CURRENT_TIMESTAMP, "created_at" text NOT NULL DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY(trip_details_id) REFERENCES trip_details(id) ON DELETE CASCADE FOREIGN KEY(trip_details_id) REFERENCES trip_details(id) ON DELETE CASCADE
); );
CREATE TABLE IF NOT EXISTS "trip" (
"id" integer NOT NULL PRIMARY KEY AUTOINCREMENT,
"cox_id" INTEGER NOT NULL,
"trip_details_id" INTEGER,
"planned_event_id" INTEGER,
"created_at" text NOT NULL DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY(cox_id) REFERENCES user(id),
FOREIGN KEY(trip_details_id) REFERENCES trip_details(id) ON DELETE CASCADE,
FOREIGN KEY(planned_event_id) REFERENCES planned_event(id) ON DELETE CASCADE,
CONSTRAINT unq UNIQUE (cox_id, planned_event_id) -- allow cox to participate only once for each planned event
);
CREATE TABLE IF NOT EXISTS "user_trip" (
"user_id" INTEGER NOT NULL,
"trip_details_id" INTEGER NOT NULL,
"created_at" text NOT NULL DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY(user_id) REFERENCES user(id),
FOREIGN KEY(trip_details_id) REFERENCES trip_details(id),
CONSTRAINT unq UNIQUE (user_id, trip_details_id) -- allow user to participate only once for each trip
);

View File

@ -2,17 +2,23 @@ use chrono::NaiveDate;
use serde::Serialize; use serde::Serialize;
use sqlx::SqlitePool; use sqlx::SqlitePool;
use self::planned_event::PlannedEvent; use self::{
planned_event::{PlannedEvent, PlannedEventWithUser},
trip::{Trip, TripWithUser},
};
pub mod planned_event; pub mod planned_event;
pub mod trip;
pub mod tripdetails; pub mod tripdetails;
pub mod user; pub mod user;
pub mod usertrip;
//pub mod users; //pub mod users;
#[derive(Serialize)] #[derive(Serialize)]
pub struct Day { pub struct Day {
day: NaiveDate, day: NaiveDate,
planned_events: Vec<PlannedEvent>, planned_events: Vec<PlannedEventWithUser>,
trips: Vec<TripWithUser>,
} }
impl Day { impl Day {
@ -20,6 +26,7 @@ impl Day {
Self { Self {
day, day,
planned_events: PlannedEvent::get_for_day(db, day).await, planned_events: PlannedEvent::get_for_day(db, day).await,
trips: Trip::get_for_day(db, day).await,
} }
} }
} }

View File

@ -2,7 +2,7 @@ use chrono::NaiveDate;
use serde::Serialize; use serde::Serialize;
use sqlx::SqlitePool; use sqlx::SqlitePool;
#[derive(Serialize)] #[derive(Serialize, Clone)]
pub struct PlannedEvent { pub struct PlannedEvent {
id: i64, id: i64,
name: String, name: String,
@ -15,10 +15,18 @@ pub struct PlannedEvent {
notes: Option<String>, notes: Option<String>,
} }
#[derive(Serialize)]
pub struct PlannedEventWithUser {
#[serde(flatten)]
planned_event: PlannedEvent,
cox: Vec<String>,
rower: Vec<String>,
}
impl PlannedEvent { impl PlannedEvent {
pub async fn get_for_day(db: &SqlitePool, day: NaiveDate) -> Vec<Self> { pub async fn get_for_day(db: &SqlitePool, day: NaiveDate) -> Vec<PlannedEventWithUser> {
let day = format!("{}", day); let day = format!("{}", day);
sqlx::query_as!( let events = sqlx::query_as!(
PlannedEvent, PlannedEvent,
" "
SELECT planned_event.id, name, planned_amount_cox, allow_guests, trip_details_id, planned_starting_time, max_people, day, notes SELECT planned_event.id, name, planned_amount_cox, allow_guests, trip_details_id, planned_starting_time, max_people, day, notes
@ -30,7 +38,77 @@ WHERE day=?
) )
.fetch_all(db) .fetch_all(db)
.await .await
.unwrap() //TODO: fixme .unwrap(); //TODO: fixme
let mut ret = Vec::new();
for event in events {
ret.push(PlannedEventWithUser {
planned_event: event.clone(),
cox: Self::get_all_cox_for_id(db, event.id).await,
rower: Self::get_all_rower_for_id(db, event.id).await,
})
}
ret
}
pub async fn rower_can_register(db: &SqlitePool, trip_details_id: i64) -> bool {
let amount_currently_registered = sqlx::query!(
"
SELECT COUNT(*) as count FROM user_trip WHERE trip_details_id = ?
",
trip_details_id
)
.fetch_one(db)
.await
.unwrap(); //TODO: fixme
let amount_currently_registered = amount_currently_registered.count as i64;
let amount_allowed_to_register = sqlx::query!(
"
SELECT max_people FROM trip_details WHERE id = ?
",
trip_details_id
)
.fetch_one(db)
.await
.unwrap(); //TODO: fixme
let amount_allowed_to_register = amount_allowed_to_register.max_people;
amount_currently_registered < amount_allowed_to_register
}
async fn get_all_cox_for_id(db: &SqlitePool, id: i64) -> Vec<String> {
let res = sqlx::query!(
"
SELECT (SELECT name FROM user WHERE cox_id = id) as name FROM trip WHERE planned_event_id = ?
",
id
)
.fetch_all(db)
.await
.unwrap(); //TODO: fixme
let mut ret = Vec::new();
for r in res {
ret.push(r.name);
}
ret
}
async fn get_all_rower_for_id(db: &SqlitePool, id: i64) -> Vec<String> {
let res = sqlx::query!(
"
SELECT (SELECT name FROM user WHERE user_trip.user_id = user.id) as name FROM user_trip WHERE trip_details_id = (SELECT trip_details_id FROM planned_event WHERE id = ?)
",
id
)
.fetch_all(db)
.await
.unwrap(); //TODO: fixme
let mut ret = Vec::new();
for r in res {
ret.push(r.name);
}
ret
} }
pub async fn new( pub async fn new(

109
src/model/trip.rs Normal file
View File

@ -0,0 +1,109 @@
use chrono::NaiveDate;
use serde::Serialize;
use sqlx::SqlitePool;
#[derive(Serialize, Clone)]
pub struct Trip {
id: i64,
cox_id: i64,
cox_name: String,
trip_details_id: Option<i64>,
planned_starting_time: String,
max_people: i64,
day: String,
notes: Option<String>,
}
#[derive(Serialize)]
pub struct TripWithUser {
#[serde(flatten)]
trip: Trip,
rower: Vec<String>,
}
impl Trip {
pub async fn get_for_day(db: &SqlitePool, day: NaiveDate) -> Vec<TripWithUser> {
let day = format!("{}", day);
let trips = sqlx::query_as!(
Trip,
"
SELECT trip.id, cox_id, user.name as cox_name, trip_details_id, planned_starting_time, max_people, day, notes
FROM trip
INNER JOIN trip_details ON trip.trip_details_id = trip_details.id
INNER JOIN user ON trip.cox_id = user.id
WHERE day=?
",
day
)
.fetch_all(db)
.await
.unwrap(); //TODO: fixme
let mut ret = Vec::new();
for trip in trips {
ret.push(TripWithUser {
trip: trip.clone(),
rower: Self::get_all_rower_for_id(db, trip.id).await,
})
}
ret
}
async fn get_all_rower_for_id(db: &SqlitePool, id: i64) -> Vec<String> {
let res = sqlx::query!(
"
SELECT (SELECT name FROM user WHERE user_trip.user_id = user.id) as name FROM user_trip WHERE trip_details_id = (SELECT trip_details_id FROM trip WHERE id = ?)
",
id
)
.fetch_all(db)
.await
.unwrap(); //TODO: fixme
let mut ret = Vec::new();
for r in res {
ret.push(r.name);
}
ret
}
pub async fn new_own(db: &SqlitePool, cox_id: i64, trip_details_id: i64) {
sqlx::query!(
"INSERT INTO trip (cox_id, trip_details_id) VALUES(?, ?)",
cox_id,
trip_details_id
)
.execute(db)
.await
.unwrap(); //TODO: fixme
}
/// Returns true if successfully inserted; false if not (e.g. because user is already
/// participant
pub async fn new_join(db: &SqlitePool, cox_id: i64, planned_event_id: i64) -> bool {
sqlx::query!(
"INSERT INTO trip (cox_id, planned_event_id) VALUES(?, ?)",
cox_id,
planned_event_id
)
.execute(db)
.await
.is_ok()
}
pub async fn delete(db: &SqlitePool, user_id: i64, planned_event_id: i64) {
let _ = sqlx::query!(
"DELETE FROM trip WHERE cox_id = ? AND planned_event_id = ?",
user_id,
planned_event_id
)
.execute(db)
.await
.is_ok();
}
//pub async fn delete(db: &SqlitePool, id: i64) {
// sqlx::query!("DELETE FROM planned_event WHERE id = ?", id)
// .execute(db)
// .await
// .unwrap(); //TODO: fixme
//}
}

View File

@ -1,3 +1,5 @@
use std::ops::Deref;
use argon2::{password_hash::SaltString, Argon2, PasswordHasher}; use argon2::{password_hash::SaltString, Argon2, PasswordHasher};
use rocket::{ use rocket::{
async_trait, async_trait,
@ -34,12 +36,37 @@ impl TryFrom<User> for AdminUser {
} }
} }
pub struct CoxUser {
user: User,
}
impl Deref for CoxUser {
type Target = User;
fn deref(&self) -> &Self::Target {
&self.user
}
}
impl TryFrom<User> for CoxUser {
type Error = LoginError;
fn try_from(user: User) -> Result<Self, Self::Error> {
if user.is_cox {
Ok(CoxUser { user })
} else {
Err(LoginError::NotACox)
}
}
}
#[derive(Debug)] #[derive(Debug)]
pub enum LoginError { pub enum LoginError {
SqlxError(sqlx::Error), SqlxError(sqlx::Error),
InvalidAuthenticationCombo, InvalidAuthenticationCombo,
NotLoggedIn, NotLoggedIn,
NotAnAdmin, NotAnAdmin,
NotACox,
NoPasswordSet(User), NoPasswordSet(User),
} }
@ -181,6 +208,24 @@ impl<'r> FromRequest<'r> for AdminUser {
} }
} }
#[async_trait]
impl<'r> FromRequest<'r> for CoxUser {
type Error = LoginError;
async fn from_request(req: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
match req.cookies().get_private("loggedin_user") {
Some(user) => {
let user: User = serde_json::from_str(&user.value()).unwrap(); //TODO: fixme
match user.try_into() {
Ok(user) => Outcome::Success(user),
Err(_) => Outcome::Failure((Status::Unauthorized, LoginError::NotAnAdmin)),
}
}
None => Outcome::Failure((Status::Unauthorized, LoginError::NotLoggedIn)),
}
}
}
#[cfg(test)] #[cfg(test)]
mod test { mod test {
use crate::testdb; use crate::testdb;

27
src/model/usertrip.rs Normal file
View File

@ -0,0 +1,27 @@
use sqlx::SqlitePool;
pub struct UserTrip {}
impl UserTrip {
pub async fn new(db: &SqlitePool, user_id: i64, trip_details_id: i64) -> bool {
sqlx::query!(
"INSERT INTO user_trip (user_id, trip_details_id) VALUES(?, ?)",
user_id,
trip_details_id
)
.execute(db)
.await
.is_ok()
}
pub async fn delete(db: &SqlitePool, user_id: i64, trip_details_id: i64) {
let _ = sqlx::query!(
"DELETE FROM user_trip WHERE user_id = ? AND trip_details_id = ?",
user_id,
trip_details_id
)
.execute(db)
.await
.is_ok();
}
}

58
src/rest/cox.rs Normal file
View File

@ -0,0 +1,58 @@
use rocket::{
form::Form,
get, post,
response::{Flash, Redirect},
routes, FromForm, Route, State,
};
use sqlx::SqlitePool;
use crate::model::{trip::Trip, tripdetails::TripDetails, user::CoxUser};
//TODO: add constraints (e.g. planned_amount_cox > 0)
#[derive(FromForm)]
struct AddTripForm {
day: String,
planned_starting_time: String,
max_people: i32,
notes: Option<String>,
}
#[post("/trip", data = "<data>")]
async fn create(db: &State<SqlitePool>, data: Form<AddTripForm>, cox: CoxUser) -> Flash<Redirect> {
//TODO: fix clones()
let trip_details_id = TripDetails::new(
db,
data.planned_starting_time.clone(),
data.max_people,
data.day.clone(),
data.notes.clone(),
)
.await;
//TODO: fix clone()
Trip::new_own(db, cox.id, trip_details_id).await;
Flash::success(Redirect::to("/"), "Successfully planned the event")
}
#[get("/join/<planned_event_id>")]
async fn join(db: &State<SqlitePool>, planned_event_id: i64, cox: CoxUser) -> Flash<Redirect> {
if Trip::new_join(db, cox.id, planned_event_id).await {
Flash::success(Redirect::to("/"), "Danke für's helfen!")
} else {
Flash::error(Redirect::to("/"), "Du nimmst bereits teil!")
}
}
#[get("/remove/<planned_event_id>")]
async fn remove(db: &State<SqlitePool>, planned_event_id: i64, cox: CoxUser) -> Flash<Redirect> {
//TODO: Check if > 2 hrs to event
Trip::delete(db, cox.id, planned_event_id).await;
Flash::success(Redirect::to("/"), "Erfolgreich abgemeldet!")
}
pub fn routes() -> Vec<Route> {
routes![create, join, remove]
}

View File

@ -1,21 +1,57 @@
use chrono::{Duration, Local, NaiveDate}; use chrono::{Duration, Local};
use rocket::{catch, catchers, get, response::Redirect, routes, Build, Rocket, State}; use rocket::{
use rocket_dyn_templates::{context, Template}; catch, catchers, get,
request::FlashMessage,
response::{Flash, Redirect},
routes, Build, Rocket, State,
};
use rocket_dyn_templates::{context, tera::Context, Template};
use sqlx::SqlitePool; use sqlx::SqlitePool;
use crate::model::{user::User, Day}; use crate::model::{planned_event::PlannedEvent, user::User, usertrip::UserTrip, Day};
mod admin; mod admin;
mod auth; mod auth;
mod cox;
#[get("/")] #[get("/")]
async fn index(db: &State<SqlitePool>, user: User) -> Template { async fn index(db: &State<SqlitePool>, user: User, flash: Option<FlashMessage<'_>>) -> Template {
let mut days = Vec::new(); let mut days = Vec::new();
for i in 0..6 { for i in 0..6 {
let date = (Local::now() + Duration::days(i)).date_naive(); let date = (Local::now() + Duration::days(i)).date_naive();
days.push(Day::new(db, date).await); days.push(Day::new(db, date).await);
} }
Template::render("index", context! {loggedin_user: user, days})
let mut context = Context::new();
if let Some(msg) = flash {
context.insert("flash", &msg.into_inner());
}
context.insert("loggedin_user", &user);
context.insert("days", &days);
Template::render("index", context.into_json())
}
#[get("/join/<trip_details_id>")]
async fn join(db: &State<SqlitePool>, trip_details_id: i64, user: User) -> Flash<Redirect> {
if !PlannedEvent::rower_can_register(db, trip_details_id).await {
return Flash::error(Redirect::to("/"), "Bereits ausgebucht!");
}
if UserTrip::new(db, user.id, trip_details_id).await {
Flash::success(Redirect::to("/"), "Erfolgreich angemeldet!")
} else {
Flash::error(Redirect::to("/"), "Du nimmst bereits teil!")
}
}
#[get("/remove/<trip_details_id>")]
async fn remove(db: &State<SqlitePool>, trip_details_id: i64, user: User) -> Flash<Redirect> {
//TODO: Check if > 2 hrs to event
UserTrip::delete(db, user.id, trip_details_id).await;
Flash::success(Redirect::to("/"), "Erfolgreich abgemeldet!")
} }
#[catch(401)] //unauthorized #[catch(401)] //unauthorized
@ -26,8 +62,9 @@ fn unauthorized_error() -> Redirect {
pub fn start(db: SqlitePool) -> Rocket<Build> { pub fn start(db: SqlitePool) -> Rocket<Build> {
rocket::build() rocket::build()
.manage(db) .manage(db)
.mount("/", routes![index]) .mount("/", routes![index, join, remove])
.mount("/auth", auth::routes()) .mount("/auth", auth::routes())
.mount("/cox", cox::routes())
.mount("/admin", admin::routes()) .mount("/admin", admin::routes())
.register("/", catchers![unauthorized_error]) .register("/", catchers![unauthorized_error])
.attach(Template::fairing()) .attach(Template::fairing())

View File

@ -39,12 +39,56 @@
Planned starting time: {{ planned_event.planned_starting_time }}<br /> Planned starting time: {{ planned_event.planned_starting_time }}<br />
Max people: {{ planned_event.max_people }}<br /> Max people: {{ planned_event.max_people }}<br />
Notes: {{ planned_event.notes }}<br /> Notes: {{ planned_event.notes }}<br />
Folgende Steuerpersonen haben sich schon angemeldet:
{% for cox in planned_event.cox %}
{{ cox }}
{% if cox == loggedin_user.name %}
<a href="/cox/remove/{{ planned_event.id }}">ABMELDEN</a>
{% endif %}
{% endfor %}
<br />
Folgende Ruderer haben sich schon angemeldet:
{% for rower in planned_event.rower%}
{{ rower }}
{% if rower == loggedin_user.name %}
<a href="/remove/{{ planned_event.trip_details_id }}">ABMELDEN</a>
{% endif %}
{% endfor %}
{% if planned_event.max_people > planned_event.rower | length %}
<a href="/join/{{ planned_event.trip_details_id }}">MITRUDERN</a>
{% endif %}
{% if loggedin_user.is_cox %}
<a href="/cox/join/{{ planned_event.id }}">STEUERN</a>
{% endif %}
{% if loggedin_user.is_admin %} {% if loggedin_user.is_admin %}
<a href="/admin/planned-event/{{ planned_event.id }}/delete">DELETE</a> <a href="/admin/planned-event/{{ planned_event.id }}/delete">DELETE</a>
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% for trip in day.trips %}
<h3>Ausfahrt von {{ trip.cox_name }}</h3>
Planned starting time: {{ trip.planned_starting_time }}<br />
Max people: {{ trip.max_people }}<br />
Notes: {{ trip.notes }}<br />
Folgende Ruderer haben sich schon angemeldet:
{% for rower in trip.rower %}
{{ rower }}
{% if rower == loggedin_user.name %}
<a href="/remove/{{ trip.trip_details_id }}">ABMELDEN</a>
{% endif %}
{% endfor %}
{% if trip.max_people > trip.rower | length and trip.cox_id != loggedin_user.id %}
<a href="/join/{{ trip.trip_details_id }}">MITRUDERN</a>
{% endif %}
{% endfor %}
{% if loggedin_user.is_admin %} {% if loggedin_user.is_admin %}
<h3>Add planned event</h3> <h3>Add planned event</h3>
<form action="/admin/planned-event" method="post"> <form action="/admin/planned-event" method="post">
@ -60,6 +104,19 @@
</form> </form>
{% endif %} {% endif %}
{% if loggedin_user.is_cox%}
<h3>Add trip</h3>
<form action="/cox/trip" method="post">
<input type="hidden" name="day" value="{{ day.day }}" />
<input type="text" name="planned_starting_time" placeholder="Startzeit" />
<input type="number" name="max_people" placeholder="Anzahl Ruderer" />
<input type="text" name="notes" placeholder="Anmerkungen" />
<input type="submit" />
</form>
{% endif %}
<hr/> <hr/>
{% endfor %} {% endfor %}