allow-reservation-edits #423

Merged
philipp merged 3 commits from allow-reservation-edits into staging 2024-04-23 23:05:49 +02:00
4 changed files with 96 additions and 13 deletions
Showing only changes of commit 61261c9816 - Show all commits

View File

@ -1,4 +1,5 @@
use crate::model::{boat::Boat, user::User};
use crate::tera::boatreservation::ReservationEditForm;
use chrono::NaiveDate;
use chrono::NaiveDateTime;
use rocket::serde::{Deserialize, Serialize};
@ -177,6 +178,20 @@ AND start_date <= ? AND end_date >= ?;",
> 0
}
pub async fn update(&self, db: &SqlitePool, data: ReservationEditForm) {
let time_desc = data.time_desc.trim();
let usage = data.usage.trim();
sqlx::query!(
"UPDATE boat_reservation SET time_desc = ?, usage = ? where id = ?",
time_desc,
usage,
self.id
)
.execute(db)
.await
.unwrap(); //Okay, because we can only create a User of a valid id
}
pub async fn delete(&self, db: &SqlitePool) {
sqlx::query!("DELETE FROM boat_reservation WHERE id=?", self.id)
.execute(db)

View File

@ -14,6 +14,7 @@ use crate::{
model::{
boat::Boat,
boatreservation::{BoatReservation, BoatReservationToAdd},
log::Log,
user::{DonauLinzUser, User, UserWithRoles},
},
tera::log::KioskCookie,
@ -90,7 +91,7 @@ pub struct FormBoatReservationToAdd<'r> {
pub user_id_applicant: Option<i64>,
}
#[post("/", data = "<data>", rank = 2)]
#[post("/new", data = "<data>", rank = 2)]
async fn create<'r>(
db: &State<SqlitePool>,
data: Form<FormBoatReservationToAdd<'r>>,
@ -115,7 +116,7 @@ async fn create<'r>(
}
}
#[post("/", data = "<data>")]
#[post("/new", data = "<data>")]
async fn create_from_kiosk<'r>(
db: &State<SqlitePool>,
data: Form<FormBoatReservationToAdd<'r>>,
@ -142,6 +143,50 @@ async fn create_from_kiosk<'r>(
}
}
#[derive(FromForm, Debug)]
pub struct ReservationEditForm {
pub(crate) id: i32,
pub(crate) time_desc: String,
pub(crate) usage: String,
}
#[post("/", data = "<data>")]
async fn update(
db: &State<SqlitePool>,
data: Form<ReservationEditForm>,
user: User,
) -> Flash<Redirect> {
let Some(reservation) = BoatReservation::find_by_id(db, data.id).await else {
return Flash::error(
Redirect::to("/boatreservation"),
format!("Reservation with ID {} does not exist!", data.id),
);
};
if user.id != reservation.user_id_applicant && !user.has_role(db, "admin").await {
return Flash::error(
Redirect::to("/boatreservation"),
format!("Not allowed to update reservation (only admins + creator do so)."),
);
}
Log::create(
db,
format!(
"{} updated reservation from {reservation:?} to {data:?}",
user.name
),
)
.await;
reservation.update(db, data.into_inner()).await;
Flash::success(
Redirect::to("/boatreservation"),
"Reservierung erfolgreich bearbeitet",
)
}
#[get("/<reservation_id>/delete")]
async fn delete<'r>(
db: &State<SqlitePool>,
@ -167,5 +212,12 @@ async fn delete<'r>(
}
pub fn routes() -> Vec<Route> {
routes![index, index_kiosk, create, create_from_kiosk, delete]
routes![
index,
index_kiosk,
create,
create_from_kiosk,
delete,
update
]
}

View File

@ -30,7 +30,7 @@ pub(crate) mod admin;
mod auth;
pub(crate) mod board;
mod boatdamage;
mod boatreservation;
pub(crate) mod boatreservation;
mod cox;
mod ergo;
mod log;

View File

@ -18,7 +18,7 @@
</h2>
<div class="hidden">
<div id="new-reservation">
<form action="/boatreservation" method="post" class="grid gap-3">
<form action="/boatreservation/new" method="post" class="grid gap-3">
{{ log::boat_select(only_ones=false, id='boat') }}
{% if not loggedin_user %}{{ macros::select(label='Reserviert von', data=user, name='user_id_applicant') }}{% endif %}
{{ macros::input(label='Beginn', name='start_date', type='date', required=true, wrapper_class='col-span-4') }}
@ -41,6 +41,12 @@
</div>
<div id="filter-result-js" class="search-result"></div>
{% for reservation in boatreservations %}
{% set allowed_to_edit = false %}
{% if loggedin_user %}
{% if loggedin_user.id == reservation.user_applicant.id or "admin" in loggedin_user.roles %}
{% set allowed_to_edit = true %}
{% endif %}
{% endif %}
<div data-filterable="true"
data-filter="{{ reservation.user_applicant.name }} {{ reservation.boat.name }}"
class="w-full border-t bg-white dark:bg-primary-900 text-black dark:text-white p-3">
@ -58,13 +64,22 @@
{{ reservation.end_date }}
{% endif %}
<br />
{% if not allowed_to_edit %}
<strong>Uhrzeit:</strong>
{{ reservation.time_desc }}
<br />
<strong>Zweck:</strong>
{{ reservation.usage }}
{% if loggedin_user %}
{% if loggedin_user.id == reservation.user_applicant.id or "admin" in loggedin_user.roles %}
{% endif %}
{% if allowed_to_edit %}
<form action="/boatreservation"
method="post"
class="bg-white dark:bg-primary-900 p-3 rounded-md w-full">
<div class="w-full grid gap-3">
<input type="hidden" name="id" value="{{ reservation.id }}" />
{{ macros::input(label='Uhrzeit', name='time_desc', id=loop.index, type="text", value=reservation.time_desc, readonly=false) }}
{{ macros::input(label='Zweck', name='usage', id=loop.index, type="text", value=reservation.usage, readonly=false) }}
</div>
<div class="mt-3 text-right">
<a href="/boatreservation/{{ reservation.id }}/delete"
class="w-28 btn btn-alert"
@ -72,8 +87,9 @@
{% include "includes/delete-icon" %}
Löschen
</a>
<input value="Ändern" type="submit" class="w-28 btn btn-primary ml-1" />
</div>
{% endif %}
</form>
{% endif %}
</div>
</div>