Add an admin flag to user
This commit is contained in:
parent
f1ea7841a2
commit
4c9742af65
5 changed files with 32 additions and 14 deletions
|
|
@ -61,7 +61,12 @@ ORDER BY [title]
|
||||||
|
|
||||||
pub async fn can_edit_recipe(&self, user_id: i64, recipe_id: i64) -> Result<bool> {
|
pub async fn can_edit_recipe(&self, user_id: i64, recipe_id: i64) -> Result<bool> {
|
||||||
sqlx::query_scalar(
|
sqlx::query_scalar(
|
||||||
r#"SELECT COUNT(*) = 1 FROM [Recipe] WHERE [id] = $1 AND [user_id] = $2"#,
|
r#"
|
||||||
|
SELECT COUNT(*) = 1
|
||||||
|
FROM [Recipe]
|
||||||
|
INNER JOIN [User] ON [User].id = [Recipe].user_id
|
||||||
|
WHERE [Recipe].[id] = $1 AND ([is_admin] OR [user_id] = $2)
|
||||||
|
"#,
|
||||||
)
|
)
|
||||||
.bind(recipe_id)
|
.bind(recipe_id)
|
||||||
.bind(user_id)
|
.bind(user_id)
|
||||||
|
|
@ -75,8 +80,9 @@ ORDER BY [title]
|
||||||
r#"
|
r#"
|
||||||
SELECT COUNT(*) = 1
|
SELECT COUNT(*) = 1
|
||||||
FROM [Recipe]
|
FROM [Recipe]
|
||||||
|
INNER JOIN [User] ON [User].id = [Recipe].user_id
|
||||||
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
|
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
|
||||||
WHERE [Group].[id] = $1 AND [user_id] = $2
|
WHERE [Group].[id] = $1 AND ([is_admin] OR [user_id] = $2)
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.bind(group_id)
|
.bind(group_id)
|
||||||
|
|
@ -98,8 +104,9 @@ WHERE [Group].[id] = $1 AND [user_id] = $2
|
||||||
r#"
|
r#"
|
||||||
SELECT COUNT(*)
|
SELECT COUNT(*)
|
||||||
FROM [Recipe]
|
FROM [Recipe]
|
||||||
|
INNER JOIN [User] ON [User].id = [Recipe].user_id
|
||||||
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
|
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
|
||||||
WHERE [Group].[id] IN ({}) AND [user_id] = $1
|
WHERE [Group].[id] IN ({}) AND ([is_admin] OR [user_id] = $2)
|
||||||
"#,
|
"#,
|
||||||
params
|
params
|
||||||
);
|
);
|
||||||
|
|
@ -116,9 +123,10 @@ WHERE [Group].[id] IN ({}) AND [user_id] = $1
|
||||||
r#"
|
r#"
|
||||||
SELECT COUNT(*) = 1
|
SELECT COUNT(*) = 1
|
||||||
FROM [Recipe]
|
FROM [Recipe]
|
||||||
|
INNER JOIN [User] ON [User].id = [Recipe].user_id
|
||||||
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
|
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
|
||||||
INNER JOIN [Step] ON [Step].[group_id] = [Group].[id]
|
INNER JOIN [Step] ON [Step].[group_id] = [Group].[id]
|
||||||
WHERE [Step].[id] = $1 AND [user_id] = $2
|
WHERE [Step].[id] = $1 AND ([is_admin] OR [user_id] = $2)
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.bind(step_id)
|
.bind(step_id)
|
||||||
|
|
@ -136,9 +144,10 @@ WHERE [Step].[id] = $1 AND [user_id] = $2
|
||||||
r#"
|
r#"
|
||||||
SELECT COUNT(*)
|
SELECT COUNT(*)
|
||||||
FROM [Recipe]
|
FROM [Recipe]
|
||||||
|
INNER JOIN [User] ON [User].id = [Recipe].user_id
|
||||||
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
|
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
|
||||||
INNER JOIN [Step] ON [Step].[group_id] = [Group].[id]
|
INNER JOIN [Step] ON [Step].[group_id] = [Group].[id]
|
||||||
WHERE [Step].[id] IN ({}) AND [user_id] = $1
|
WHERE [Step].[id] IN ({}) AND ([is_admin] OR [user_id] = $2)
|
||||||
"#,
|
"#,
|
||||||
params
|
params
|
||||||
);
|
);
|
||||||
|
|
@ -159,10 +168,11 @@ WHERE [Step].[id] IN ({}) AND [user_id] = $1
|
||||||
r#"
|
r#"
|
||||||
SELECT COUNT(*)
|
SELECT COUNT(*)
|
||||||
FROM [Recipe]
|
FROM [Recipe]
|
||||||
|
INNER JOIN [User] ON [User].id = [Recipe].user_id
|
||||||
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
|
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
|
||||||
INNER JOIN [Step] ON [Step].[group_id] = [Group].[id]
|
INNER JOIN [Step] ON [Step].[group_id] = [Group].[id]
|
||||||
INNER JOIN [Ingredient] ON [Ingredient].[step_id] = [Step].[id]
|
INNER JOIN [Ingredient] ON [Ingredient].[step_id] = [Step].[id]
|
||||||
WHERE [Ingredient].[id] = $1 AND [user_id] = $2
|
WHERE [Ingredient].[id] = $1 AND ([is_admin] OR [user_id] = $2)
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.bind(ingredient_id)
|
.bind(ingredient_id)
|
||||||
|
|
@ -184,10 +194,11 @@ WHERE [Ingredient].[id] = $1 AND [user_id] = $2
|
||||||
r#"
|
r#"
|
||||||
SELECT COUNT(*)
|
SELECT COUNT(*)
|
||||||
FROM [Recipe]
|
FROM [Recipe]
|
||||||
|
INNER JOIN [User] ON [User].id = [Recipe].user_id
|
||||||
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
|
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
|
||||||
INNER JOIN [Step] ON [Step].[group_id] = [Group].[id]
|
INNER JOIN [Step] ON [Step].[group_id] = [Group].[id]
|
||||||
INNER JOIN [Ingredient] ON [Ingredient].[step_id] = [Step].[id]
|
INNER JOIN [Ingredient] ON [Ingredient].[step_id] = [Step].[id]
|
||||||
WHERE [Ingredient].[id] IN ({}) AND [user_id] = $1
|
WHERE [Ingredient].[id] IN ({}) AND ([is_admin] OR [user_id] = $2)
|
||||||
"#,
|
"#,
|
||||||
params
|
params
|
||||||
);
|
);
|
||||||
|
|
|
||||||
|
|
@ -76,11 +76,13 @@ FROM [UserLoginToken] WHERE [token] = $1
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn load_user(&self, user_id: i64) -> Result<Option<model::User>> {
|
pub async fn load_user(&self, user_id: i64) -> Result<Option<model::User>> {
|
||||||
sqlx::query_as("SELECT [id], [email], [name], [lang] FROM [User] WHERE [id] = $1")
|
sqlx::query_as(
|
||||||
.bind(user_id)
|
"SELECT [id], [email], [name], [lang], [is_admin] FROM [User] WHERE [id] = $1",
|
||||||
.fetch_optional(&self.pool)
|
)
|
||||||
.await
|
.bind(user_id)
|
||||||
.map_err(DBError::from)
|
.fetch_optional(&self.pool)
|
||||||
|
.await
|
||||||
|
.map_err(DBError::from)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// If a new email is given and it doesn't match the current one then it has to be
|
/// If a new email is given and it doesn't match the current one then it has to be
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ pub struct User {
|
||||||
pub name: String,
|
pub name: String,
|
||||||
pub email: String,
|
pub email: String,
|
||||||
pub lang: String,
|
pub lang: String,
|
||||||
|
pub is_admin: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, FromRow)]
|
#[derive(Debug, FromRow)]
|
||||||
|
|
@ -39,6 +40,10 @@ pub struct Recipe {
|
||||||
pub groups: Vec<Group>,
|
pub groups: Vec<Group>,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn can_user_edit_recipe(user: &User, recipe: &Recipe) -> bool {
|
||||||
|
user.is_admin || recipe.user_id == user.id
|
||||||
|
}
|
||||||
|
|
||||||
#[derive(Debug, FromRow)]
|
#[derive(Debug, FromRow)]
|
||||||
pub struct Group {
|
pub struct Group {
|
||||||
pub id: i64,
|
pub id: i64,
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,7 @@ pub async fn edit_recipe(
|
||||||
) -> Result<Response> {
|
) -> Result<Response> {
|
||||||
if let Some(user) = user {
|
if let Some(user) = user {
|
||||||
if let Some(recipe) = connection.get_recipe(recipe_id, false).await? {
|
if let Some(recipe) = connection.get_recipe(recipe_id, false).await? {
|
||||||
if recipe.user_id == user.id {
|
if model::can_user_edit_recipe(&user, &recipe) {
|
||||||
let recipes = Recipes {
|
let recipes = Recipes {
|
||||||
published: connection
|
published: connection
|
||||||
.get_all_published_recipe_titles(tr.current_lang_code(), Some(user.id))
|
.get_all_published_recipe_titles(tr.current_lang_code(), Some(user.id))
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,7 @@
|
||||||
<div class="content" id="recipe-view">
|
<div class="content" id="recipe-view">
|
||||||
<h2 class="recipe-title" >{{ recipe.title }}</h2>
|
<h2 class="recipe-title" >{{ recipe.title }}</h2>
|
||||||
|
|
||||||
{% if user.is_some() && recipe.user_id == user.as_ref().unwrap().id %}
|
{% if user.is_some() && crate::data::model::can_user_edit_recipe(&user.as_ref().unwrap(), &recipe) %}
|
||||||
<a class="edit-recipe" href="/recipe/edit/{{ recipe.id }}" >Edit</a>
|
<a class="edit-recipe" href="/recipe/edit/{{ recipe.id }}" >Edit</a>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue