gractwo/mnemosyne
4
0
Fork 0
Code Pull Requests Actions Packages Activity

require permission to delete quotes

Browse Source
This commit is contained in:
jmanczak
2026-05-06 02:24:05 +02:00
parent e7c0523841
commit 84dde9cc4b
1 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/web/pages/quotes/id.rs
View File

@@ -3,6 +3,7 @@ use axum::{
http::HeaderMap, http::HeaderMap,
response::{IntoResponse, Redirect, Response}, response::{IntoResponse, Redirect, Response},
}; };
use http::StatusCode;
use maud::{PreEscaped, html}; use maud::{PreEscaped, html};
use uuid::Uuid; use uuid::Uuid;
@@ -14,6 +15,7 @@ use crate::{
users::{ users::{
User, User,
auth::{UserAuthRequired, UserAuthenticate}, auth::{UserAuthRequired, UserAuthenticate},
permissions::Permission,
}, },
web::{ web::{
components::{nav::nav, quote::quote}, components::{nav::nav, quote::quote},
@@ -33,6 +35,9 @@ pub async fn page(
None => return Ok(Redirect::to(&format!("/login?r={}", req.uri().path())).into_response()), None => return Ok(Redirect::to(&format!("/login?r={}", req.uri().path())).into_response()),
}; };
let q = Quote::get_by_id(&mut conn, id).await; let q = Quote::get_by_id(&mut conn, id).await;
let can_delete = u
.has_permission(&mut conn, Permission::DeleteQuotes)
.await?;
Ok(base( Ok(base(
"Add Quote | Mnemosyne", "Add Quote | Mnemosyne",
@@ -53,9 +58,11 @@ pub async fn page(
span class="scale-[.75]" {(PreEscaped(icons::PEN))} span class="scale-[.75]" {(PreEscaped(icons::PEN))}
"Edit" "Edit"
} }
a href=(format!("/quotes/{id}/delete")) class="px-2 py-1 cursor-pointer border rounded flex flex-row gap-1 bg-pink-400/10 border-pink-400/25 hover:bg-pink-400/20 hover:border-pink-400/45" { @if can_delete {
span class="scale-[.75]" {(PreEscaped(icons::TRASH))} a href=(format!("/quotes/{id}/delete")) class="px-2 py-1 cursor-pointer border rounded flex flex-row gap-1 bg-pink-400/10 border-pink-400/25 hover:bg-pink-400/20 hover:border-pink-400/45" {
"Delete" span class="scale-[.75]" {(PreEscaped(icons::TRASH))}
"Delete"
}
} }
} }
} @else { } @else {
@@ -126,6 +133,9 @@ pub async fn delete(
) -> Result<Response, CompositeError> { ) -> Result<Response, CompositeError> {
let mut tx = state.pool.begin().await?; let mut tx = state.pool.begin().await?;
let u = User::authenticate(&mut *tx, &headers).await?.required()?; let u = User::authenticate(&mut *tx, &headers).await?.required()?;
if !u.has_permission(&mut tx, Permission::DeleteQuotes).await? {
return Ok((StatusCode::FORBIDDEN, "No permission.").into_response());
}
let q = Quote::get_by_id(&mut *tx, id).await?; let q = Quote::get_by_id(&mut *tx, id).await?;
LogEntry::new(&mut *tx, u, LogAction::DeleteQuote { quote: q.clone() }).await?; LogEntry::new(&mut *tx, u, LogAction::DeleteQuote { quote: q.clone() }).await?;