From 726c095af57889706440f89c3db1aa43d30d7309 Mon Sep 17 00:00:00 2001 From: Niklas Meinzer Date: Tue, 14 Oct 2025 21:42:21 +0200 Subject: [PATCH] feat: Add ability to delete events for admins --- src/meal_manager/main.py | 21 +++++++++++++++---- src/meal_manager/models.py | 4 ++-- src/meal_manager/templates/event.html | 29 +++++++++++++++++++++++++++ 3 files changed, 48 insertions(+), 6 deletions(-) diff --git a/src/meal_manager/main.py b/src/meal_manager/main.py index 9b987a1..ed92a88 100644 --- a/src/meal_manager/main.py +++ b/src/meal_manager/main.py @@ -54,11 +54,13 @@ def get_user(request: Request, allow_none: bool=True) -> dict | None: :raises HTTPException: If user information is not found and `allow_none` is `False`. """ - if os.environ.get("MEAL_MANAGER_FAKE_USER", False): - return {"username": "fake_user"} + if fake_user := os.environ.get("MEAL_MANAGER_FAKE_USER", False): + return {"username": "fake_user", "admin": fake_user == "admin"} if "ynh_user" in request.headers: return { "username": request.headers["ynh_user"], + # TODO: This should obviously be replaced with a role based check + "admin": request.headers["ynh_user"] == "niklas.m", } if allow_none: return None @@ -219,9 +221,20 @@ async def add_event(request: Request, session: SessionDep, user: StrictUserDep): session.commit() return RedirectResponse(url="/", status_code=status.HTTP_302_FOUND) +@app.get("/event/{event_id}/delete") +async def delete_event(request: Request, session: SessionDep, event_id: int, user: StrictUserDep): + if not user["admin"]: + raise HTTPException(status_code=403, detail="Not authorized") + + statement = select(Event).where(Event.id == event_id) + event = session.scalars(statement).one() + + session.delete(event) + session.commit() + return RedirectResponse(url="/", status_code=status.HTTP_302_FOUND) @app.get("/event/{event_id}") -async def read_event(request: Request, event_id: int, session: SessionDep): +async def read_event(request: Request, event_id: int, session: SessionDep, user: UserDep): statement = select(Event).where(Event.id == event_id) event = session.scalars(statement).one() @@ -238,7 +251,7 @@ async def read_event(request: Request, event_id: int, session: SessionDep): return templates.TemplateResponse( request=request, name="event.html", - context={"event": event, "households": households, "now": datetime.now()}, + context={"event": event, "households": households, "now": datetime.now(), "user": user}, ) diff --git a/src/meal_manager/models.py b/src/meal_manager/models.py index a43b0b2..ebad123 100644 --- a/src/meal_manager/models.py +++ b/src/meal_manager/models.py @@ -33,8 +33,8 @@ class Event(Base): team_prep_min: Mapped[int] = mapped_column(default=1, nullable=False) team_prep_max: Mapped[int] = mapped_column(default=1, nullable=False) - registrations: Mapped[list["Registration"]] = relationship("Registration") - team: Mapped[list["TeamRegistration"]] = relationship("TeamRegistration") + registrations: Mapped[list["Registration"]] = relationship("Registration", cascade="all, delete") + team: Mapped[list["TeamRegistration"]] = relationship("TeamRegistration", cascade="all, delete") def team_min_reached(self, work_type: WorkTypes): threshold = { diff --git a/src/meal_manager/templates/event.html b/src/meal_manager/templates/event.html index 62914a3..715162f 100644 --- a/src/meal_manager/templates/event.html +++ b/src/meal_manager/templates/event.html @@ -34,6 +34,11 @@ Original Rezept ansehen {% endif %} + {% if user and user.admin %} + + {% endif %}
@@ -254,4 +259,28 @@
+ + {% endblock %} \ No newline at end of file