gburri/recipes
1
0
Fork 0
Code Issues 6 Pull requests Projects Releases Packages Wiki Activity Actions

Add an admin flag to user

Browse source
This commit is contained in:
Greg Burri 2025-01-20 01:25:19 +01:00
parent f1ea7841a2
commit 4c9742af65
5 changed files with 32 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

25
backend/src/data/db/recipe.rs
View file

@ -61,7 +61,12 @@ ORDER BY [title]
pub async fn can_edit_recipe(&self, user_id: i64, recipe_id: i64) -> Result<bool> { pub async fn can_edit_recipe(&self, user_id: i64, recipe_id: i64) -> Result<bool> {
sqlx::query_scalar( sqlx::query_scalar(
r#"SELECT COUNT(*) = 1 FROM [Recipe] WHERE [id] = $1 AND [user_id] = $2"#, r#"
SELECT COUNT(*) = 1
FROM [Recipe]
INNER JOIN [User] ON [User].id = [Recipe].user_id
WHERE [Recipe].[id] = $1 AND ([is_admin] OR [user_id] = $2)
"#,
) )
.bind(recipe_id) .bind(recipe_id)
.bind(user_id) .bind(user_id)
@ -75,8 +80,9 @@ ORDER BY [title]
r#" r#"
SELECT COUNT(*) = 1 SELECT COUNT(*) = 1
FROM [Recipe] FROM [Recipe]
INNER JOIN [User] ON [User].id = [Recipe].user_id
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id] INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
WHERE [Group].[id] = $1 AND [user_id] = $2 WHERE [Group].[id] = $1 AND ([is_admin] OR [user_id] = $2)
"#, "#,
) )
.bind(group_id) .bind(group_id)
@ -98,8 +104,9 @@ WHERE [Group].[id] = $1 AND [user_id] = $2
r#" r#"
SELECT COUNT(*) SELECT COUNT(*)
FROM [Recipe] FROM [Recipe]
INNER JOIN [User] ON [User].id = [Recipe].user_id
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id] INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
WHERE [Group].[id] IN ({}) AND [user_id] = $1 WHERE [Group].[id] IN ({}) AND ([is_admin] OR [user_id] = $2)
"#, "#,
params params
); );
@ -116,9 +123,10 @@ WHERE [Group].[id] IN ({}) AND [user_id] = $1
r#" r#"
SELECT COUNT(*) = 1 SELECT COUNT(*) = 1
FROM [Recipe] FROM [Recipe]
INNER JOIN [User] ON [User].id = [Recipe].user_id
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id] INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
INNER JOIN [Step] ON [Step].[group_id] = [Group].[id] INNER JOIN [Step] ON [Step].[group_id] = [Group].[id]
WHERE [Step].[id] = $1 AND [user_id] = $2 WHERE [Step].[id] = $1 AND ([is_admin] OR [user_id] = $2)
"#, "#,
) )
.bind(step_id) .bind(step_id)
@ -136,9 +144,10 @@ WHERE [Step].[id] = $1 AND [user_id] = $2
r#" r#"
SELECT COUNT(*) SELECT COUNT(*)
FROM [Recipe] FROM [Recipe]
INNER JOIN [User] ON [User].id = [Recipe].user_id
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id] INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
INNER JOIN [Step] ON [Step].[group_id] = [Group].[id] INNER JOIN [Step] ON [Step].[group_id] = [Group].[id]
WHERE [Step].[id] IN ({}) AND [user_id] = $1 WHERE [Step].[id] IN ({}) AND ([is_admin] OR [user_id] = $2)
"#, "#,
params params
); );
@ -159,10 +168,11 @@ WHERE [Step].[id] IN ({}) AND [user_id] = $1
r#" r#"
SELECT COUNT(*) SELECT COUNT(*)
FROM [Recipe] FROM [Recipe]
INNER JOIN [User] ON [User].id = [Recipe].user_id
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id] INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
INNER JOIN [Step] ON [Step].[group_id] = [Group].[id] INNER JOIN [Step] ON [Step].[group_id] = [Group].[id]
INNER JOIN [Ingredient] ON [Ingredient].[step_id] = [Step].[id] INNER JOIN [Ingredient] ON [Ingredient].[step_id] = [Step].[id]
WHERE [Ingredient].[id] = $1 AND [user_id] = $2 WHERE [Ingredient].[id] = $1 AND ([is_admin] OR [user_id] = $2)
"#, "#,
) )
.bind(ingredient_id) .bind(ingredient_id)
@ -184,10 +194,11 @@ WHERE [Ingredient].[id] = $1 AND [user_id] = $2
r#" r#"
SELECT COUNT(*) SELECT COUNT(*)
FROM [Recipe] FROM [Recipe]
INNER JOIN [User] ON [User].id = [Recipe].user_id
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id] INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
INNER JOIN [Step] ON [Step].[group_id] = [Group].[id] INNER JOIN [Step] ON [Step].[group_id] = [Group].[id]
INNER JOIN [Ingredient] ON [Ingredient].[step_id] = [Step].[id] INNER JOIN [Ingredient] ON [Ingredient].[step_id] = [Step].[id]
WHERE [Ingredient].[id] IN ({}) AND [user_id] = $1 WHERE [Ingredient].[id] IN ({}) AND ([is_admin] OR [user_id] = $2)
"#, "#,
params params
); );

4
backend/src/data/db/user.rs
View file

@ -76,7 +76,9 @@ FROM [UserLoginToken] WHERE [token] = $1
} }
pub async fn load_user(&self, user_id: i64) -> Result<Option<model::User>> { pub async fn load_user(&self, user_id: i64) -> Result<Option<model::User>> {
sqlx::query_as("SELECT [id], [email], [name], [lang] FROM [User] WHERE [id] = $1") sqlx::query_as(
"SELECT [id], [email], [name], [lang], [is_admin] FROM [User] WHERE [id] = $1",
)
.bind(user_id) .bind(user_id)
.fetch_optional(&self.pool) .fetch_optional(&self.pool)
.await .await

5
backend/src/data/model.rs
View file

@ -8,6 +8,7 @@ pub struct User {
pub name: String, pub name: String,
pub email: String, pub email: String,
pub lang: String, pub lang: String,
pub is_admin: bool,
} }
#[derive(Debug, FromRow)] #[derive(Debug, FromRow)]
@ -39,6 +40,10 @@ pub struct Recipe {
pub groups: Vec<Group>, pub groups: Vec<Group>,
} }
pub fn can_user_edit_recipe(user: &User, recipe: &Recipe) -> bool {
user.is_admin || recipe.user_id == user.id
}
#[derive(Debug, FromRow)] #[derive(Debug, FromRow)]
pub struct Group { pub struct Group {
pub id: i64, pub id: i64,

2
backend/src/services/recipe.rs
View file

@ -36,7 +36,7 @@ pub async fn edit_recipe(
) -> Result<Response> { ) -> Result<Response> {
if let Some(user) = user { if let Some(user) = user {
if let Some(recipe) = connection.get_recipe(recipe_id, false).await? { if let Some(recipe) = connection.get_recipe(recipe_id, false).await? {
if recipe.user_id == user.id { if model::can_user_edit_recipe(&user, &recipe) {
let recipes = Recipes { let recipes = Recipes {
published: connection published: connection
.get_all_published_recipe_titles(tr.current_lang_code(), Some(user.id)) .get_all_published_recipe_titles(tr.current_lang_code(), Some(user.id))

2
backend/templates/recipe_view.html
View file

@ -5,7 +5,7 @@
<div class="content" id="recipe-view"> <div class="content" id="recipe-view">
<h2 class="recipe-title" >{{ recipe.title }}</h2> <h2 class="recipe-title" >{{ recipe.title }}</h2>
{% if user.is_some() && recipe.user_id == user.as_ref().unwrap().id %} {% if user.is_some() && crate::data::model::can_user_edit_recipe(&user.as_ref().unwrap(), &recipe) %}
<a class="edit-recipe" href="/recipe/edit/{{ recipe.id }}" >Edit</a> <a class="edit-recipe" href="/recipe/edit/{{ recipe.id }}" >Edit</a>
{% endif %} {% endif %}