use proper role instead of manully validating role #1066
@@ -12,7 +12,7 @@ use super::{
|
||||
notification::Notification,
|
||||
role::Role,
|
||||
rower::Rower,
|
||||
user::User,
|
||||
user::{User, VorstandUser},
|
||||
};
|
||||
use crate::model::user::VecUser;
|
||||
|
||||
@@ -193,11 +193,6 @@ impl LogbookWithBoatAndRowers {
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, PartialEq)]
|
||||
pub enum LogbookAdminUpdateError {
|
||||
NotAllowed,
|
||||
}
|
||||
|
||||
#[derive(Debug, PartialEq)]
|
||||
pub enum LogbookUpdateError {
|
||||
NotYourEntry,
|
||||
@@ -634,16 +629,7 @@ ORDER BY departure DESC
|
||||
Ok(ret)
|
||||
}
|
||||
|
||||
pub async fn update(
|
||||
&self,
|
||||
db: &SqlitePool,
|
||||
data: LogToUpdate,
|
||||
user: &User,
|
||||
) -> Result<(), LogbookAdminUpdateError> {
|
||||
if !user.has_role(db, "Vorstand").await {
|
||||
return Err(LogbookAdminUpdateError::NotAllowed);
|
||||
}
|
||||
|
||||
pub async fn update(&self, db: &SqlitePool, data: LogToUpdate, changed_by: &VorstandUser) {
|
||||
sqlx::query!(
|
||||
"UPDATE logbook SET boat_id=?, shipmaster=?, steering_person=?, shipmaster_only_steering=?, departure=?, arrival=?, destination=?, distance_in_km=?, comments=?, logtype=? WHERE id=?",
|
||||
data.boat_id,
|
||||
@@ -660,7 +646,12 @@ ORDER BY departure DESC
|
||||
)
|
||||
.execute(db)
|
||||
.await.unwrap();
|
||||
Ok(())
|
||||
|
||||
Log::create(
|
||||
db,
|
||||
format!("{changed_by} updated log entry={:?} to {:?}", self, data),
|
||||
)
|
||||
.await;
|
||||
}
|
||||
|
||||
async fn remove_rowers(&self, db: &mut Transaction<'_, Sqlite>) {
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
use std::net::IpAddr;
|
||||
|
||||
use rocket::{
|
||||
Request, Route, State,
|
||||
form::Form,
|
||||
get,
|
||||
http::{Cookie, CookieJar},
|
||||
@@ -10,8 +9,9 @@ use rocket::{
|
||||
response::{Flash, Redirect},
|
||||
routes,
|
||||
time::{Duration, OffsetDateTime},
|
||||
Request, Route, State,
|
||||
};
|
||||
use rocket_dyn_templates::{Template, context};
|
||||
use rocket_dyn_templates::{context, Template};
|
||||
use sqlx::SqlitePool;
|
||||
use tera::Context;
|
||||
|
||||
@@ -22,8 +22,8 @@ use crate::{
|
||||
distance::Distance,
|
||||
log::Log,
|
||||
logbook::{
|
||||
LogToAdd, LogToFinalize, LogToUpdate, Logbook, LogbookAdminUpdateError,
|
||||
LogbookCreateError, LogbookDeleteError, LogbookUpdateError,
|
||||
LogToAdd, LogToFinalize, LogToUpdate, Logbook, LogbookCreateError, LogbookDeleteError,
|
||||
LogbookUpdateError,
|
||||
},
|
||||
logtype::LogType,
|
||||
planned::trip::Trip,
|
||||
@@ -394,27 +394,12 @@ async fn update(
|
||||
);
|
||||
};
|
||||
|
||||
match logbook.update(db, data.clone(), &user.user).await {
|
||||
Ok(()) => {
|
||||
Log::create(
|
||||
db,
|
||||
format!(
|
||||
"User {} updated log entry={:?} to {:?}",
|
||||
&user.name, logbook, data
|
||||
),
|
||||
)
|
||||
.await;
|
||||
logbook.update(db, data.clone(), &user).await;
|
||||
|
||||
Flash::success(
|
||||
Redirect::to("/log/show"),
|
||||
"Logbucheintrag erfolgreich bearbeitet".to_string(),
|
||||
)
|
||||
}
|
||||
Err(LogbookAdminUpdateError::NotAllowed) => Flash::error(
|
||||
Redirect::to("/log/show"),
|
||||
"Du hast keine Erlaubnis, diesen Logbucheintrag zu bearbeiten!".to_string(),
|
||||
),
|
||||
}
|
||||
Flash::success(
|
||||
Redirect::to("/log/show"),
|
||||
"Logbucheintrag erfolgreich bearbeitet".to_string(),
|
||||
)
|
||||
}
|
||||
|
||||
async fn home_logbook(
|
||||
@@ -606,7 +591,7 @@ mod test {
|
||||
use sqlx::SqlitePool;
|
||||
|
||||
use crate::model::logbook::Logbook;
|
||||
use crate::tera::{User, log::Boat};
|
||||
use crate::tera::{log::Boat, User};
|
||||
use crate::testdb;
|
||||
|
||||
#[sqlx::test]
|
||||
|
||||
Reference in New Issue
Block a user