Compare commits
No commits in common. "94af469b339d03f46061d76929334fccaacbe8db" and "84789cf79d33ce5f32029394be66fbc2c035177d" have entirely different histories.
94af469b33
...
84789cf79d
@ -13,7 +13,6 @@ INSERT INTO "role" (name) VALUES ('kassier');
|
||||
INSERT INTO "role" (name) VALUES ('schriftfuehrer');
|
||||
INSERT INTO "role" (name) VALUES ('no-einschreibgebuehr');
|
||||
INSERT INTO "role" (name) VALUES ('schnupper-betreuer');
|
||||
INSERT INTO "role" (name) VALUES ('allow_website_login');
|
||||
INSERT INTO "user" (name, pw) VALUES('admin', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$4P4NCw4Ukhv80/eQYTsarHhnw61JuL1KMx/L9dm82YM');
|
||||
INSERT INTO "user_role" (user_id, role_id) VALUES(1,1);
|
||||
INSERT INTO "user_role" (user_id, role_id) VALUES(1,2);
|
||||
|
@ -106,18 +106,10 @@ async fn steering(db: &State<SqlitePool>, user: User, flash: Option<FlashMessage
|
||||
|
||||
#[post("/", data = "<login>")]
|
||||
async fn wikiauth(db: &State<SqlitePool>, login: Form<LoginForm<'_>>) -> String {
|
||||
if let Ok(user) = User::login(db, login.name, login.password).await {
|
||||
if user.has_role(db, "allow_website_login").await {
|
||||
return String::from("SUCC");
|
||||
match User::login(db, login.name, login.password).await {
|
||||
Ok(_) => "SUCC".into(),
|
||||
Err(_) => "FAIL".into(),
|
||||
}
|
||||
if user.has_role(db, "admin").await {
|
||||
return String::from("SUCC");
|
||||
}
|
||||
if user.has_role(db, "Vorstand").await {
|
||||
return String::from("SUCC");
|
||||
}
|
||||
}
|
||||
"FAIL".into()
|
||||
}
|
||||
|
||||
#[catch(401)] //Unauthorized
|
||||
|
@ -3,35 +3,3 @@ INSERT INTO user(name) VALUES('Marie');
|
||||
INSERT INTO "user_role" (user_id, role_id) VALUES((SELECT id from user where name = 'Marie'),(SELECT id FROM role where name = 'Donau Linz'));
|
||||
INSERT INTO user(name) VALUES('Philipp');
|
||||
INSERT INTO "user_role" (user_id, role_id) VALUES((SELECT id from user where name = 'Philipp'),(SELECT id FROM role where name = 'Donau Linz'));
|
||||
|
||||
ALTER TABLE "role" ADD COLUMN "cluster" text;
|
||||
CREATE TRIGGER IF NOT EXISTS prevent_multiple_roles_same_cluster
|
||||
BEFORE INSERT ON user_role
|
||||
BEGIN
|
||||
SELECT CASE
|
||||
WHEN EXISTS (
|
||||
SELECT 1
|
||||
FROM user_role ur
|
||||
JOIN role r1 ON ur.role_id = r1.id
|
||||
JOIN role r2 ON r1."cluster" = r2."cluster"
|
||||
WHERE ur.user_id = NEW.user_id
|
||||
AND r2.id = NEW.role_id
|
||||
AND r1.id != NEW.role_id
|
||||
)
|
||||
THEN RAISE(ABORT, 'User already has a role in this cluster')
|
||||
END;
|
||||
END;
|
||||
|
||||
|
||||
UPDATE role SET 'cluster'='skill' WHERE id=2;
|
||||
UPDATE role SET 'cluster'='membership_type' WHERE id=3;
|
||||
UPDATE role SET 'cluster'='skill' WHERE id=5;
|
||||
UPDATE role SET 'cluster'='skill' WHERE id=6;
|
||||
UPDATE role SET 'cluster'='membership_type' WHERE id=7;
|
||||
UPDATE role SET 'cluster'='financial' WHERE id=8;
|
||||
UPDATE role SET 'cluster'='membership_type' WHERE id=9;
|
||||
UPDATE role SET 'cluster'='membership_type' WHERE id=14;
|
||||
UPDATE role SET 'cluster'='financial' WHERE id=17;
|
||||
UPDATE role SET 'cluster'='financial' WHERE id=18;
|
||||
UPDATE role SET 'cluster'='membership_type' WHERE id=20;
|
||||
UPDATE role SET 'cluster'='membership_type' WHERE id=22;
|
||||
|
Loading…
Reference in New Issue
Block a user