forked from Ruderverein-Donau-Linz/rowt
move managing events to own role
This commit is contained in:
parent
eda072c713
commit
a1a5e2ad89
@ -3,10 +3,12 @@ INSERT INTO "role" (name) VALUES ('cox');
|
||||
INSERT INTO "role" (name) VALUES ('scheckbuch');
|
||||
INSERT INTO "role" (name) VALUES ('tech');
|
||||
INSERT INTO "role" (name) VALUES ('Donau Linz');
|
||||
INSERT INTO "role" (name) VALUES ('planned_event');
|
||||
INSERT INTO "user" (name, pw) VALUES('admin', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$4P4NCw4Ukhv80/eQYTsarHhnw61JuL1KMx/L9dm82YM');
|
||||
INSERT INTO "user_role" (user_id, role_id) VALUES(1,1);
|
||||
INSERT INTO "user_role" (user_id, role_id) VALUES(1,2);
|
||||
INSERT INTO "user_role" (user_id, role_id) VALUES(1,5);
|
||||
INSERT INTO "user_role" (user_id, role_id) VALUES(1,6);
|
||||
INSERT INTO "user" (name, pw) VALUES('rower', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$jWKzDmI0jqT2dqINFt6/1NjVF4Dx15n07PL1ZMBmFsY');
|
||||
INSERT INTO "user_role" (user_id, role_id) VALUES(2,5);
|
||||
INSERT INTO "user" (name, pw) VALUES('guest', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$GF6gizbI79Bh0zA9its8S0gram956v+YIV8w8VpwJnQ');
|
||||
|
@ -850,6 +850,43 @@ impl<'r> FromRequest<'r> for VorstandUser {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Serialize, Deserialize)]
|
||||
pub struct PlannedEventUser(pub(crate) User);
|
||||
|
||||
impl Into<User> for PlannedEventUser {
|
||||
fn into(self) -> User {
|
||||
self.0
|
||||
}
|
||||
}
|
||||
|
||||
impl Deref for PlannedEventUser {
|
||||
type Target = User;
|
||||
|
||||
fn deref(&self) -> &Self::Target {
|
||||
&self.0
|
||||
}
|
||||
}
|
||||
|
||||
#[async_trait]
|
||||
impl<'r> FromRequest<'r> for PlannedEventUser {
|
||||
type Error = LoginError;
|
||||
|
||||
async fn from_request(req: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
|
||||
let db = req.rocket().state::<SqlitePool>().unwrap();
|
||||
match User::from_request(req).await {
|
||||
Outcome::Success(user) => {
|
||||
if user.has_role(db, "planned_event").await {
|
||||
Outcome::Success(PlannedEventUser(user))
|
||||
} else {
|
||||
Outcome::Error((Status::Forbidden, LoginError::NotACox))
|
||||
}
|
||||
}
|
||||
Outcome::Error(f) => Outcome::Error(f),
|
||||
Outcome::Forward(f) => Outcome::Forward(f),
|
||||
}
|
||||
}
|
||||
}
|
||||
#[cfg(test)]
|
||||
mod test {
|
||||
use std::collections::HashMap;
|
||||
|
@ -10,7 +10,7 @@ use sqlx::SqlitePool;
|
||||
use crate::model::{
|
||||
planned_event::PlannedEvent,
|
||||
tripdetails::{TripDetails, TripDetailsToAdd},
|
||||
user::AdminUser,
|
||||
user::PlannedEventUser,
|
||||
};
|
||||
|
||||
//TODO: add constraints (e.g. planned_amount_cox > 0)
|
||||
@ -25,7 +25,7 @@ struct AddPlannedEventForm<'r> {
|
||||
async fn create(
|
||||
db: &State<SqlitePool>,
|
||||
data: Form<AddPlannedEventForm<'_>>,
|
||||
_admin: AdminUser,
|
||||
_admin: PlannedEventUser,
|
||||
) -> Flash<Redirect> {
|
||||
let data = data.into_inner();
|
||||
|
||||
@ -36,7 +36,7 @@ async fn create(
|
||||
|
||||
PlannedEvent::create(db, data.name, data.planned_amount_cox, trip_details).await;
|
||||
|
||||
Flash::success(Redirect::to("/"), "Event hinzugefügt")
|
||||
Flash::success(Redirect::to("/planned"), "Event hinzugefügt")
|
||||
}
|
||||
|
||||
//TODO: add constraints (e.g. planned_amount_cox > 0)
|
||||
@ -54,7 +54,7 @@ struct UpdatePlannedEventForm<'r> {
|
||||
async fn update(
|
||||
db: &State<SqlitePool>,
|
||||
data: Form<UpdatePlannedEventForm<'_>>,
|
||||
_admin: AdminUser,
|
||||
_admin: PlannedEventUser,
|
||||
) -> Flash<Redirect> {
|
||||
match PlannedEvent::find_by_id(db, data.id).await {
|
||||
Some(planned_event) => {
|
||||
@ -68,20 +68,20 @@ async fn update(
|
||||
data.is_locked,
|
||||
)
|
||||
.await;
|
||||
Flash::success(Redirect::to("/"), "Successfully edited the event")
|
||||
Flash::success(Redirect::to("/planned"), "Event erfolgreich bearbeitet")
|
||||
}
|
||||
None => Flash::error(Redirect::to("/"), "Planned event id not found"),
|
||||
None => Flash::error(Redirect::to("/planned"), "Planned event id not found"),
|
||||
}
|
||||
}
|
||||
|
||||
#[get("/planned-event/<id>/delete")]
|
||||
async fn delete(db: &State<SqlitePool>, id: i64, _admin: AdminUser) -> Flash<Redirect> {
|
||||
async fn delete(db: &State<SqlitePool>, id: i64, _admin: PlannedEventUser) -> Flash<Redirect> {
|
||||
match PlannedEvent::find_by_id(db, id).await {
|
||||
Some(planned_event) => {
|
||||
planned_event.delete(db).await;
|
||||
Flash::success(Redirect::to("/"), "Event gelöscht")
|
||||
Flash::success(Redirect::to("/planned"), "Event gelöscht")
|
||||
}
|
||||
None => Flash::error(Redirect::to("/"), "PlannedEvent does not exist"),
|
||||
None => Flash::error(Redirect::to("/planned"), "PlannedEvent does not exist"),
|
||||
}
|
||||
}
|
||||
|
||||
@ -120,7 +120,7 @@ mod test {
|
||||
let response = req.dispatch().await;
|
||||
|
||||
assert_eq!(response.status(), Status::SeeOther);
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/"));
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/planned"));
|
||||
|
||||
let flash_cookie = response
|
||||
.cookies()
|
||||
@ -151,7 +151,7 @@ mod test {
|
||||
let response = req.dispatch().await;
|
||||
|
||||
assert_eq!(response.status(), Status::SeeOther);
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/"));
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/planned"));
|
||||
|
||||
let flash_cookie = response
|
||||
.cookies()
|
||||
@ -187,7 +187,7 @@ mod test {
|
||||
let response = req.dispatch().await;
|
||||
|
||||
assert_eq!(response.status(), Status::SeeOther);
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/"));
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/planned"));
|
||||
|
||||
let flash_cookie = response
|
||||
.cookies()
|
||||
@ -196,7 +196,7 @@ mod test {
|
||||
|
||||
assert_eq!(
|
||||
flash_cookie.value(),
|
||||
"7:successSuccessfully edited the event"
|
||||
"7:successEvent erfolgreich bearbeitet"
|
||||
);
|
||||
|
||||
let event = PlannedEvent::find_by_id(&db, 1).await.unwrap();
|
||||
@ -224,7 +224,7 @@ mod test {
|
||||
let response = req.dispatch().await;
|
||||
|
||||
assert_eq!(response.status(), Status::SeeOther);
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/"));
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/planned"));
|
||||
|
||||
let flash_cookie = response
|
||||
.cookies()
|
||||
@ -255,7 +255,7 @@ mod test {
|
||||
let response = req.dispatch().await;
|
||||
|
||||
assert_eq!(response.status(), Status::SeeOther);
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/"));
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/planned"));
|
||||
|
||||
let flash_cookie = response
|
||||
.cookies()
|
||||
|
@ -34,7 +34,7 @@ async fn create(
|
||||
//)
|
||||
//.await;
|
||||
|
||||
Flash::success(Redirect::to("/"), "Ausfahrt erfolgreich erstellt.")
|
||||
Flash::success(Redirect::to("/planned"), "Ausfahrt erfolgreich erstellt.")
|
||||
}
|
||||
|
||||
#[derive(FromForm)]
|
||||
@ -66,16 +66,19 @@ async fn update(
|
||||
)
|
||||
.await
|
||||
{
|
||||
Ok(_) => Flash::success(Redirect::to("/"), "Ausfahrt erfolgreich aktualisiert."),
|
||||
Ok(_) => Flash::success(
|
||||
Redirect::to("/planned"),
|
||||
"Ausfahrt erfolgreich aktualisiert.",
|
||||
),
|
||||
Err(TripUpdateError::NotYourTrip) => {
|
||||
Flash::error(Redirect::to("/"), "Nicht deine Ausfahrt!")
|
||||
Flash::error(Redirect::to("/planned"), "Nicht deine Ausfahrt!")
|
||||
}
|
||||
Err(TripUpdateError::TripDetailsDoesNotExist) => {
|
||||
Flash::error(Redirect::to("/"), "Ausfahrt gibt's nicht")
|
||||
Flash::error(Redirect::to("/planned"), "Ausfahrt gibt's nicht")
|
||||
}
|
||||
}
|
||||
} else {
|
||||
Flash::error(Redirect::to("/"), "Ausfahrt gibt's nicht")
|
||||
Flash::error(Redirect::to("/planned"), "Ausfahrt gibt's nicht")
|
||||
}
|
||||
}
|
||||
|
||||
@ -92,21 +95,21 @@ async fn join(db: &State<SqlitePool>, planned_event_id: i64, cox: CoxUser) -> Fl
|
||||
),
|
||||
)
|
||||
.await;
|
||||
Flash::success(Redirect::to("/"), "Danke für's helfen!")
|
||||
Flash::success(Redirect::to("/planned"), "Danke für's helfen!")
|
||||
}
|
||||
Err(CoxHelpError::AlreadyRegisteredAsCox) => {
|
||||
Flash::error(Redirect::to("/"), "Du hilfst bereits aus!")
|
||||
Flash::error(Redirect::to("/planned"), "Du hilfst bereits aus!")
|
||||
}
|
||||
Err(CoxHelpError::AlreadyRegisteredAsRower) => Flash::error(
|
||||
Redirect::to("/"),
|
||||
Redirect::to("/planned"),
|
||||
"Du hast dich bereits als Ruderer angemeldet!",
|
||||
),
|
||||
Err(CoxHelpError::DetailsLocked) => {
|
||||
Flash::error(Redirect::to("/"), "Boot ist bereits eingeteilt.")
|
||||
Flash::error(Redirect::to("/planned"), "Boot ist bereits eingeteilt.")
|
||||
}
|
||||
}
|
||||
} else {
|
||||
Flash::error(Redirect::to("/"), "Event gibt's nicht")
|
||||
Flash::error(Redirect::to("/planned"), "Event gibt's nicht")
|
||||
}
|
||||
}
|
||||
|
||||
@ -114,18 +117,18 @@ async fn join(db: &State<SqlitePool>, planned_event_id: i64, cox: CoxUser) -> Fl
|
||||
async fn remove_trip(db: &State<SqlitePool>, trip_id: i64, cox: CoxUser) -> Flash<Redirect> {
|
||||
let trip = Trip::find_by_id(db, trip_id).await;
|
||||
match trip {
|
||||
None => Flash::error(Redirect::to("/"), "Trip gibt's nicht!"),
|
||||
None => Flash::error(Redirect::to("/planned"), "Trip gibt's nicht!"),
|
||||
Some(trip) => match trip.delete(db, &cox).await {
|
||||
Ok(_) => {
|
||||
Log::create(db, format!("Cox {} deleted trip.id={}", cox.name, trip_id)).await;
|
||||
Flash::success(Redirect::to("/"), "Erfolgreich gelöscht!")
|
||||
Flash::success(Redirect::to("/planned"), "Erfolgreich gelöscht!")
|
||||
}
|
||||
Err(TripDeleteError::SomebodyAlreadyRegistered) => Flash::error(
|
||||
Redirect::to("/"),
|
||||
Redirect::to("/planned"),
|
||||
"Ausfahrt kann nicht gelöscht werden, da bereits jemand registriert ist!",
|
||||
),
|
||||
Err(TripDeleteError::NotYourTrip) => {
|
||||
Flash::error(Redirect::to("/"), "Nicht deine Ausfahrt!")
|
||||
Flash::error(Redirect::to("/planned"), "Nicht deine Ausfahrt!")
|
||||
}
|
||||
},
|
||||
}
|
||||
@ -145,17 +148,17 @@ async fn remove(db: &State<SqlitePool>, planned_event_id: i64, cox: CoxUser) ->
|
||||
)
|
||||
.await;
|
||||
|
||||
Flash::success(Redirect::to("/"), "Erfolgreich abgemeldet!")
|
||||
Flash::success(Redirect::to("/planned"), "Erfolgreich abgemeldet!")
|
||||
}
|
||||
Err(TripHelpDeleteError::DetailsLocked) => {
|
||||
Flash::error(Redirect::to("/"), "Boot bereits eingeteilt")
|
||||
Flash::error(Redirect::to("/planned"), "Boot bereits eingeteilt")
|
||||
}
|
||||
Err(TripHelpDeleteError::CoxNotHelping) => {
|
||||
Flash::error(Redirect::to("/"), "Steuermann hilft nicht aus...")
|
||||
Flash::error(Redirect::to("/planned"), "Steuermann hilft nicht aus...")
|
||||
}
|
||||
}
|
||||
} else {
|
||||
Flash::error(Redirect::to("/"), "Planned_event does not exist.")
|
||||
Flash::error(Redirect::to("/planned"), "Planned_event does not exist.")
|
||||
}
|
||||
}
|
||||
|
||||
@ -202,7 +205,7 @@ mod test {
|
||||
let response = req.dispatch().await;
|
||||
|
||||
assert_eq!(response.status(), Status::SeeOther);
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/"));
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/planned"));
|
||||
|
||||
let flash_cookie = response
|
||||
.cookies()
|
||||
@ -250,7 +253,7 @@ mod test {
|
||||
let response = req.dispatch().await;
|
||||
|
||||
assert_eq!(response.status(), Status::SeeOther);
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/"));
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/planned"));
|
||||
|
||||
let flash_cookie = response
|
||||
.cookies()
|
||||
@ -288,7 +291,7 @@ mod test {
|
||||
let response = req.dispatch().await;
|
||||
|
||||
assert_eq!(response.status(), Status::SeeOther);
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/"));
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/planned"));
|
||||
|
||||
let flash_cookie = response
|
||||
.cookies()
|
||||
@ -326,7 +329,7 @@ mod test {
|
||||
let response = req.dispatch().await;
|
||||
|
||||
assert_eq!(response.status(), Status::SeeOther);
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/"));
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/planned"));
|
||||
|
||||
let flash_cookie = response
|
||||
.cookies()
|
||||
@ -354,7 +357,7 @@ mod test {
|
||||
let response = req.dispatch().await;
|
||||
|
||||
assert_eq!(response.status(), Status::SeeOther);
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/"));
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/planned"));
|
||||
|
||||
let flash_cookie = response
|
||||
.cookies()
|
||||
@ -367,7 +370,7 @@ mod test {
|
||||
let response = req.dispatch().await;
|
||||
|
||||
assert_eq!(response.status(), Status::SeeOther);
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/"));
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/planned"));
|
||||
|
||||
let flash_cookie = response
|
||||
.cookies()
|
||||
@ -398,7 +401,7 @@ mod test {
|
||||
let response = req.dispatch().await;
|
||||
|
||||
assert_eq!(response.status(), Status::SeeOther);
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/"));
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/planned"));
|
||||
|
||||
let flash_cookie = response
|
||||
.cookies()
|
||||
@ -429,7 +432,7 @@ mod test {
|
||||
let response = req.dispatch().await;
|
||||
|
||||
assert_eq!(response.status(), Status::SeeOther);
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/"));
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/planned"));
|
||||
|
||||
let flash_cookie = response
|
||||
.cookies()
|
||||
@ -470,7 +473,7 @@ mod test {
|
||||
let response = req.dispatch().await;
|
||||
|
||||
assert_eq!(response.status(), Status::SeeOther);
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/"));
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/planned"));
|
||||
|
||||
let flash_cookie = response
|
||||
.cookies()
|
||||
@ -498,7 +501,7 @@ mod test {
|
||||
let response = req.dispatch().await;
|
||||
|
||||
assert_eq!(response.status(), Status::SeeOther);
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/"));
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/planned"));
|
||||
|
||||
let flash_cookie = response
|
||||
.cookies()
|
||||
@ -526,7 +529,7 @@ mod test {
|
||||
let response = req.dispatch().await;
|
||||
|
||||
assert_eq!(response.status(), Status::SeeOther);
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/"));
|
||||
assert_eq!(response.headers().get("Location").next(), Some("/planned"));
|
||||
|
||||
let flash_cookie = response
|
||||
.cookies()
|
||||
|
@ -304,9 +304,9 @@
|
||||
</div>
|
||||
|
||||
{# --- START Add Buttons --- #}
|
||||
{% if "admin" in loggedin_user.roles or "cox" in loggedin_user.roles %}
|
||||
<div class="grid {% if "admin" in loggedin_user.roles %} grid-cols-2 {% endif %} text-center">
|
||||
{% if "admin" in loggedin_user.roles %}
|
||||
{% if "planned_event" in loggedin_user.roles or "cox" in loggedin_user.roles %}
|
||||
<div class="grid {% if "planned_event" in loggedin_user.roles %} grid-cols-2 {% endif %} text-center">
|
||||
{% if "planned_event" in loggedin_user.roles %}
|
||||
<a href="#" data-sidebar="true" data-trigger="sidebar" data-header="<strong>Event</strong> am {{ day.day| date(format='%d.%m.%Y') }} erstellen" data-day="{{ day.day }}" data-body="#addEventForm" class="relative inline-block w-full bg-primary-900 hover:bg-primary-950 focus:bg-primary-950 dark:bg-primary-950 text-white py-2 rounded-bl-md text-sm font-semibold">
|
||||
<span class="absolute inset-y-0 left-0 flex items-center pl-3">
|
||||
{% include "includes/plus-icon" %}
|
||||
@ -316,7 +316,7 @@
|
||||
{% endif %}
|
||||
|
||||
{% if "cox" in loggedin_user.roles %}
|
||||
<a href="#" data-sidebar="true" data-trigger="sidebar" data-header="<strong>Ausfahrt</strong> am {{ day.day| date(format='%d.%m.%Y') }} erstellen" data-day="{{ day.day }}" data-body="#sidebarForm" class="relative inline-block w-full py-2 text-primary-900 hover:text-primary-950 dark:bg-primary-600 dark:text-white dark:hover:bg-primary-500 dark:hover:text-white focus:text-primary-950 text-sm font-semibold bg-gray-100 hover:bg-gray-200 focus:bg-gray-200 {% if "admin" in loggedin_user.roles %} rounded-br-md {% else %} rounded-b-md {% endif %}">
|
||||
<a href="#" data-sidebar="true" data-trigger="sidebar" data-header="<strong>Ausfahrt</strong> am {{ day.day| date(format='%d.%m.%Y') }} erstellen" data-day="{{ day.day }}" data-body="#sidebarForm" class="relative inline-block w-full py-2 text-primary-900 hover:text-primary-950 dark:bg-primary-600 dark:text-white dark:hover:bg-primary-500 dark:hover:text-white focus:text-primary-950 text-sm font-semibold bg-gray-100 hover:bg-gray-200 focus:bg-gray-200 {% if "planned_event" in loggedin_user.roles %} rounded-br-md {% else %} rounded-b-md {% endif %}">
|
||||
<span class="absolute inset-y-0 left-0 flex items-center pl-3">
|
||||
{% include "includes/plus-icon" %}
|
||||
</span>
|
||||
@ -335,6 +335,6 @@
|
||||
{% include "forms/trip" %}
|
||||
{% endif %}
|
||||
|
||||
{% if "admin" in loggedin_user.roles %}
|
||||
{% if "planned_event" in loggedin_user.roles %}
|
||||
{% include "forms/event" %}
|
||||
{% endif %}{% endblock content %}
|
||||
|
Loading…
x
Reference in New Issue
Block a user