From 8f5575736033d226580012897861fd3ca79cef4a Mon Sep 17 00:00:00 2001
From: Max Hohlfeld <maxhohlfeld@posteo.de>
Date: Mon, 11 Nov 2024 19:44:24 +0100
Subject: [PATCH] feat: edit and delete location

---
 src/endpoints/location/delete.rs    | 31 ++++++++++++++++++++---------
 src/endpoints/location/post_edit.rs |  2 +-
 src/endpoints/mod.rs                |  3 +++
 templates/location/overview.html    |  7 ++++---
 4 files changed, 30 insertions(+), 13 deletions(-)

diff --git a/src/endpoints/location/delete.rs b/src/endpoints/location/delete.rs
index ecadbbd5..d29cb169 100644
--- a/src/endpoints/location/delete.rs
+++ b/src/endpoints/location/delete.rs
@@ -1,18 +1,31 @@
-use actix_web::{http::header::LOCATION, web, HttpResponse, Responder};
+use actix_web::{web, HttpResponse, Responder};
 use sqlx::PgPool;
 
-use crate::{endpoints::IdPath, models::User, utils::ApplicationError};
-
+use crate::{
+    endpoints::IdPath,
+    models::{Location, Role, User},
+    utils::ApplicationError,
+};
 
 #[actix_web::delete("/locations/delete/{id}")]
-pub async fn delete (
+pub async fn delete(
     user: web::ReqData<User>,
     pool: web::Data<PgPool>,
-    path: web::Path<IdPath>
+    path: web::Path<IdPath>,
 ) -> Result<impl Responder, ApplicationError> {
+    if user.role != Role::AreaManager && user.role != Role::Admin {
+        return Err(ApplicationError::Unauthorized);
+    }
 
-    Ok(HttpResponse::Found()
-        .insert_header((LOCATION, "/locations"))
-        .insert_header(("HX-LOCATION", "/locations"))
-        .finish())
+    let Some(area) = Location::read_by_id(pool.get_ref(), path.id).await? else {
+        return Ok(HttpResponse::NotFound().finish());
+    };
+
+    if user.role == Role::AreaManager && area.id != user.area_id {
+        return Err(ApplicationError::Unauthorized);
+    }
+
+    Location::delete(pool.get_ref(), area.id).await?;
+
+    Ok(HttpResponse::Ok().finish())
 }
diff --git a/src/endpoints/location/post_edit.rs b/src/endpoints/location/post_edit.rs
index 1318b8b3..107abb71 100644
--- a/src/endpoints/location/post_edit.rs
+++ b/src/endpoints/location/post_edit.rs
@@ -14,7 +14,7 @@ pub async fn post(
     form: web::Form<LocationForm>,
     path: web::Path<IdPath>,
 ) -> Result<impl Responder, ApplicationError> {
-    if user.role == Role::AreaManager && user.role == Role::Admin {
+    if user.role != Role::AreaManager && user.role != Role::Admin {
         return Err(ApplicationError::Unauthorized);
     }
 
diff --git a/src/endpoints/mod.rs b/src/endpoints/mod.rs
index 21f8be70..63c89f60 100644
--- a/src/endpoints/mod.rs
+++ b/src/endpoints/mod.rs
@@ -25,6 +25,9 @@ pub fn init(cfg: &mut ServiceConfig) {
     cfg.service(location::get_overview::get);
     cfg.service(location::get_new::get);
     cfg.service(location::post_new::post);
+    cfg.service(location::get_edit::get);
+    cfg.service(location::post_edit::post);
+    cfg.service(location::delete::delete);
 
     cfg.service(user::get_overview::get_overview);
     cfg.service(user::get_new::get_new);
diff --git a/templates/location/overview.html b/templates/location/overview.html
index 4591a5de..06fbc580 100644
--- a/templates/location/overview.html
+++ b/templates/location/overview.html
@@ -62,18 +62,19 @@
           <em>{{ l.name }}</em>
         </div>
         <div clas="level-right">
-          <a class="button is-primary is-light">
+          <a class="button is-primary is-light" href="/locations/edit/{{ l.id }}">
             <svg class="icon">
               <use href="/static/feather-sprite.svg#edit" />
             </svg>
             <span>Bearbeiten</span>
           </a>
-          <a class="button is-danger is-light">
+          <button class="button is-danger is-light" hx-delete="/locations/delete/{{ l.id }}" hx-swap="delete"
+            hx-target="closest .level" hx-trigger="confirmed">
             <svg class="icon">
               <use href="/static/feather-sprite.svg#x-circle" />
             </svg>
             <span>Löschen</span>
-          </a>
+          </button>
         </div>
       </div>
       {% endfor %}