Groups can now be ordered (via drag and drop)

2025-01-10 22:38:34 +01:00 · 2025-01-10 22:38:34 +01:00 · 975d1ceee2
commit 975d1ceee2
parent 16c484c2d1
14 changed files with 461 additions and 54 deletions
--- a/backend/src/data/db/recipe.rs
+++ b/backend/src/data/db/recipe.rs
@ -1,3 +1,6 @@
+use chrono::prelude::*;
+use itertools::Itertools;
+
 use super::{Connection, DBError, Result};
 use crate::data::model;

@ -17,7 +20,7 @@ impl Connection {
    SELECT [id], [title]
    FROM [Recipe]
    WHERE [is_published] = true AND ([lang] = $1 OR [user_id] = $2)
-    ORDER BY [title]
+    ORDER BY [title] COLLATE NOCASE
                "#,
            )
            .bind(lang)
@ -28,7 +31,7 @@ impl Connection {
    SELECT [id], [title]
    FROM [Recipe]
    WHERE [is_published] = true AND [lang] = $1
-    ORDER BY [title]
+    ORDER BY [title] COLLATE NOCASE
                "#,
            )
            .bind(lang)
@ -83,6 +86,31 @@ WHERE [Group].[id] = $1 AND [user_id] = $2
        .map_err(DBError::from)
    }

+    pub async fn can_edit_recipe_all_groups(
+        &self,
+        user_id: i64,
+        group_ids: &[i64],
+    ) -> Result<bool> {
+        let params = (0..group_ids.len())
+            .map(|n| format!("${}", n + 2))
+            .join(", ");
+        let query_str = format!(
+            r#"
+SELECT COUNT(*)
+FROM [Recipe]
+INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
+WHERE [Group].[id] IN ({}) AND [user_id] = $1
+            "#,
+            params
+        );
+
+        let mut query = sqlx::query_scalar::<_, u64>(&query_str).bind(user_id);
+        for id in group_ids {
+            query = query.bind(id);
+        }
+        Ok(query.fetch_one(&self.pool).await? == group_ids.len() as u64)
+    }
+
    pub async fn can_edit_recipe_step(&self, user_id: i64, step_id: i64) -> Result<bool> {
        sqlx::query_scalar(
            r#"
@ -173,10 +201,11 @@ WHERE [Recipe].[user_id] = $1
                    .await?;

                let db_result = sqlx::query(
-                    "INSERT INTO [Recipe] ([user_id], [lang], [title]) VALUES ($1, $2, '')",
+                    "INSERT INTO [Recipe] ([user_id], [lang], [title], [creation_datetime]) VALUES ($1, $2, '', $3)",
                )
                .bind(user_id)
                .bind(lang)
+                .bind(Utc::now())
                .execute(&mut *tx)
                .await?;

@ -482,6 +511,22 @@ ORDER BY [name]
            .map_err(DBError::from)
    }

+    pub async fn set_groups_order(&self, group_ids: &[i64]) -> Result<()> {
+        let mut tx = self.tx().await?;
+
+        for (order, id) in group_ids.iter().enumerate() {
+            sqlx::query("UPDATE [Group] SET [order] = $2 WHERE [id] = $1")
+                .bind(id)
+                .bind(order as i64)
+                .execute(&mut *tx)
+                .await?;
+        }
+
+        tx.commit().await?;
+
+        Ok(())
+    }
+
    pub async fn add_recipe_step(&self, group_id: i64) -> Result<i64> {
        let db_result = sqlx::query("INSERT INTO [Step] ([group_id]) VALUES ($1)")
            .bind(group_id)
--- a/backend/src/data/db/user.rs
+++ b/backend/src/data/db/user.rs
@ -410,6 +410,28 @@ WHERE [email] = $1
        Ok(GetTokenResetPasswordResult::Ok(token))
    }

+    pub async fn is_reset_password_token_valid(
+        &self,
+        token: &str,
+        validation_time: Duration,
+    ) -> Result<bool> {
+        if let Some(Some(db_datetime)) = sqlx::query_scalar::<_, Option<DateTime<Utc>>>(
+            r#"
+SELECT [password_reset_datetime]
+FROM [User]
+WHERE [password_reset_token] = $1
+            "#,
+        )
+        .bind(token)
+        .fetch_optional(&self.pool)
+        .await?
+        {
+            Ok(Utc::now() - db_datetime <= validation_time)
+        } else {
+            Ok(false)
+        }
+    }
+
    pub async fn reset_password(
        &self,
        new_password: &str,
--- a/backend/src/main.rs
+++ b/backend/src/main.rs
@ -118,6 +118,10 @@ async fn main() {
            "/recipe/set_group_comment",
            put(services::ron::set_group_comment),
        )
+        .route(
+            "/recipe/set_groups_order",
+            put(services::ron::set_group_orders),
+        )
        .route("/recipe/add_step", post(services::ron::add_step))
        .route("/recipe/remove_step", delete(services::ron::rm_step))
        .route(
--- a/backend/src/services/ron.rs
+++ b/backend/src/services/ron.rs
@ -104,6 +104,25 @@ async fn check_user_rights_recipe_group(
    }
 }

+async fn check_user_rights_recipe_groups(
+    connection: &db::Connection,
+    user: &Option<model::User>,
+    group_ids: &[i64],
+) -> Result<()> {
+    if user.is_none()
+        || !connection
+            .can_edit_recipe_all_groups(user.as_ref().unwrap().id, group_ids)
+            .await?
+    {
+        Err(ErrorResponse::from(ron_error(
+            StatusCode::UNAUTHORIZED,
+            NOT_AUTHORIZED_MESSAGE,
+        )))
+    } else {
+        Ok(())
+    }
+}
+
 async fn check_user_rights_recipe_step(
    connection: &db::Connection,
    user: &Option<model::User>,
@ -396,6 +415,17 @@ pub async fn set_group_comment(
    Ok(StatusCode::OK)
 }

+#[debug_handler]
+pub async fn set_group_orders(
+    State(connection): State<db::Connection>,
+    Extension(user): Extension<Option<model::User>>,
+    ExtractRon(ron): ExtractRon<common::ron_api::SetGroupOrders>,
+) -> Result<impl IntoResponse> {
+    check_user_rights_recipe_groups(&connection, &user, &ron.group_ids).await?;
+    connection.set_groups_order(&ron.group_ids).await?;
+    Ok(StatusCode::OK)
+}
+
 #[debug_handler]
 pub async fn add_step(
    State(connection): State<db::Connection>,
--- a/backend/src/services/user.rs
+++ b/backend/src/services/user.rs
@ -463,19 +463,34 @@ pub async fn ask_reset_password_post(

 #[debug_handler]
 pub async fn reset_password_get(
+    State(connection): State<db::Connection>,
    Extension(user): Extension<Option<model::User>>,
    Extension(tr): Extension<translation::Tr>,
    Query(query): Query<HashMap<String, String>>,
 ) -> Result<Response> {
    if let Some(reset_token) = query.get("reset_token") {
-        Ok(ResetPasswordTemplate {
-            user,
-            tr,
-            reset_token,
-            message: "",
-            message_password: "",
+        // Check if the token is valid.
+        if connection
+            .is_reset_password_token_valid(
+                reset_token,
+                Duration::seconds(consts::VALIDATION_PASSWORD_RESET_TOKEN_DURATION),
+            )
+            .await?
+        {
+            Ok(ResetPasswordTemplate {
+                user,
+                tr,
+                reset_token,
+                message: "",
+                message_password: "",
+            }
+            .into_response())
+        } else {
+            Ok(
+                MessageTemplate::new_with_user(tr.t(Sentence::AskResetTokenMissing), tr, user)
+                    .into_response(),
+            )
        }
-        .into_response())
    } else {
        Ok(
            MessageTemplate::new_with_user(tr.t(Sentence::AskResetTokenMissing), tr, user)