Compare commits

..

5 Commits

Author SHA1 Message Date
94af469b33 Merge pull request 'fix-wordpress-login' (#767) from fix-wordpress-login into staging
Some checks failed
CI/CD Pipeline / test (push) Successful in 11m39s
CI/CD Pipeline / deploy-staging (push) Failing after 10m27s
CI/CD Pipeline / deploy-main (push) Has been skipped
Reviewed-on: #767
2024-10-13 15:03:33 +02:00
a53c0ede9c only allow people with access rights to login via wordpress
All checks were successful
CI/CD Pipeline / test (push) Successful in 12m6s
CI/CD Pipeline / deploy-staging (push) Has been skipped
CI/CD Pipeline / deploy-main (push) Has been skipped
2024-10-13 14:51:11 +02:00
43377fff8e Merge pull request 'fix-seeds' (#764) from fix-seeds into main
All checks were successful
CI/CD Pipeline / test (push) Successful in 12m5s
CI/CD Pipeline / deploy-staging (push) Has been skipped
CI/CD Pipeline / deploy-main (push) Successful in 8m57s
Reviewed-on: #764
2024-10-11 12:45:12 +02:00
a6a143f238 user-role-cluster (#761)
Some checks failed
CI/CD Pipeline / deploy-staging (push) Blocked by required conditions
CI/CD Pipeline / deploy-main (push) Blocked by required conditions
CI/CD Pipeline / test (push) Has been cancelled
Reviewed-on: #761
2024-10-11 12:39:23 +02:00
0cc72f17a1 Merge pull request 'docs' (#757) from docs into main
All checks were successful
CI/CD Pipeline / test (push) Successful in 10m59s
CI/CD Pipeline / deploy-staging (push) Has been skipped
CI/CD Pipeline / deploy-main (push) Successful in 22m50s
Reviewed-on: #757
2024-10-08 10:10:43 +02:00
3 changed files with 44 additions and 3 deletions

View File

@ -13,6 +13,7 @@ INSERT INTO "role" (name) VALUES ('kassier');
INSERT INTO "role" (name) VALUES ('schriftfuehrer'); INSERT INTO "role" (name) VALUES ('schriftfuehrer');
INSERT INTO "role" (name) VALUES ('no-einschreibgebuehr'); INSERT INTO "role" (name) VALUES ('no-einschreibgebuehr');
INSERT INTO "role" (name) VALUES ('schnupper-betreuer'); INSERT INTO "role" (name) VALUES ('schnupper-betreuer');
INSERT INTO "role" (name) VALUES ('allow_website_login');
INSERT INTO "user" (name, pw) VALUES('admin', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$4P4NCw4Ukhv80/eQYTsarHhnw61JuL1KMx/L9dm82YM'); INSERT INTO "user" (name, pw) VALUES('admin', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$4P4NCw4Ukhv80/eQYTsarHhnw61JuL1KMx/L9dm82YM');
INSERT INTO "user_role" (user_id, role_id) VALUES(1,1); INSERT INTO "user_role" (user_id, role_id) VALUES(1,1);
INSERT INTO "user_role" (user_id, role_id) VALUES(1,2); INSERT INTO "user_role" (user_id, role_id) VALUES(1,2);

View File

@ -106,10 +106,18 @@ async fn steering(db: &State<SqlitePool>, user: User, flash: Option<FlashMessage
#[post("/", data = "<login>")] #[post("/", data = "<login>")]
async fn wikiauth(db: &State<SqlitePool>, login: Form<LoginForm<'_>>) -> String { async fn wikiauth(db: &State<SqlitePool>, login: Form<LoginForm<'_>>) -> String {
match User::login(db, login.name, login.password).await { if let Ok(user) = User::login(db, login.name, login.password).await {
Ok(_) => "SUCC".into(), if user.has_role(db, "allow_website_login").await {
Err(_) => "FAIL".into(), return String::from("SUCC");
}
if user.has_role(db, "admin").await {
return String::from("SUCC");
}
if user.has_role(db, "Vorstand").await {
return String::from("SUCC");
}
} }
"FAIL".into()
} }
#[catch(401)] //Unauthorized #[catch(401)] //Unauthorized

View File

@ -3,3 +3,35 @@ INSERT INTO user(name) VALUES('Marie');
INSERT INTO "user_role" (user_id, role_id) VALUES((SELECT id from user where name = 'Marie'),(SELECT id FROM role where name = 'Donau Linz')); INSERT INTO "user_role" (user_id, role_id) VALUES((SELECT id from user where name = 'Marie'),(SELECT id FROM role where name = 'Donau Linz'));
INSERT INTO user(name) VALUES('Philipp'); INSERT INTO user(name) VALUES('Philipp');
INSERT INTO "user_role" (user_id, role_id) VALUES((SELECT id from user where name = 'Philipp'),(SELECT id FROM role where name = 'Donau Linz')); INSERT INTO "user_role" (user_id, role_id) VALUES((SELECT id from user where name = 'Philipp'),(SELECT id FROM role where name = 'Donau Linz'));
ALTER TABLE "role" ADD COLUMN "cluster" text;
CREATE TRIGGER IF NOT EXISTS prevent_multiple_roles_same_cluster
BEFORE INSERT ON user_role
BEGIN
SELECT CASE
WHEN EXISTS (
SELECT 1
FROM user_role ur
JOIN role r1 ON ur.role_id = r1.id
JOIN role r2 ON r1."cluster" = r2."cluster"
WHERE ur.user_id = NEW.user_id
AND r2.id = NEW.role_id
AND r1.id != NEW.role_id
)
THEN RAISE(ABORT, 'User already has a role in this cluster')
END;
END;
UPDATE role SET 'cluster'='skill' WHERE id=2;
UPDATE role SET 'cluster'='membership_type' WHERE id=3;
UPDATE role SET 'cluster'='skill' WHERE id=5;
UPDATE role SET 'cluster'='skill' WHERE id=6;
UPDATE role SET 'cluster'='membership_type' WHERE id=7;
UPDATE role SET 'cluster'='financial' WHERE id=8;
UPDATE role SET 'cluster'='membership_type' WHERE id=9;
UPDATE role SET 'cluster'='membership_type' WHERE id=14;
UPDATE role SET 'cluster'='financial' WHERE id=17;
UPDATE role SET 'cluster'='financial' WHERE id=18;
UPDATE role SET 'cluster'='membership_type' WHERE id=20;
UPDATE role SET 'cluster'='membership_type' WHERE id=22;