feat: Add ability to delete events for admins

2025-10-14 21:42:21 +02:00
parent 1f0a27f3af
commit 726c095af5
3 changed files with 48 additions and 6 deletions
--- a/src/meal_manager/main.py
+++ b/src/meal_manager/main.py
@@ -54,11 +54,13 @@ def get_user(request: Request, allow_none: bool=True) -> dict | None:
    :raises HTTPException: If user information is not found and `allow_none` is
                            `False`.
    """
-    if os.environ.get("MEAL_MANAGER_FAKE_USER", False):
-        return {"username": "fake_user"}
+    if fake_user := os.environ.get("MEAL_MANAGER_FAKE_USER", False):
+        return {"username": "fake_user", "admin": fake_user == "admin"}
    if "ynh_user" in request.headers:
        return {
            "username": request.headers["ynh_user"],
+            # TODO: This should obviously be replaced with a role based check
+            "admin": request.headers["ynh_user"] == "niklas.m",
        }
    if allow_none:
        return None
@@ -219,9 +221,20 @@ async def add_event(request: Request, session: SessionDep, user: StrictUserDep):
    session.commit()
    return RedirectResponse(url="/", status_code=status.HTTP_302_FOUND)

+@app.get("/event/{event_id}/delete")
+async def delete_event(request: Request, session: SessionDep, event_id: int, user: StrictUserDep):
+    if not user["admin"]:
+        raise HTTPException(status_code=403, detail="Not authorized")
+
+    statement = select(Event).where(Event.id == event_id)
+    event = session.scalars(statement).one()
+
+    session.delete(event)
+    session.commit()
+    return RedirectResponse(url="/", status_code=status.HTTP_302_FOUND)

@app.get("/event/{event_id}")
-async def read_event(request: Request, event_id: int, session: SessionDep):
+async def read_event(request: Request, event_id: int, session: SessionDep, user: UserDep):
    statement = select(Event).where(Event.id == event_id)
    event = session.scalars(statement).one()

@@ -238,7 +251,7 @@ async def read_event(request: Request, event_id: int, session: SessionDep):
    return templates.TemplateResponse(
        request=request,
        name="event.html",
-        context={"event": event, "households": households, "now": datetime.now()},
+        context={"event": event, "households": households, "now": datetime.now(), "user": user},
    )


--- a/src/meal_manager/models.py
+++ b/src/meal_manager/models.py
@@ -33,8 +33,8 @@ class Event(Base):
    team_prep_min: Mapped[int] = mapped_column(default=1, nullable=False)
    team_prep_max: Mapped[int] = mapped_column(default=1, nullable=False)

-    registrations: Mapped[list["Registration"]] = relationship("Registration")
-    team: Mapped[list["TeamRegistration"]] = relationship("TeamRegistration")
+    registrations: Mapped[list["Registration"]] = relationship("Registration", cascade="all, delete")
+    team: Mapped[list["TeamRegistration"]] = relationship("TeamRegistration", cascade="all, delete")

    def team_min_reached(self, work_type: WorkTypes):
        threshold = {
--- a/src/meal_manager/templates/event.html
+++ b/src/meal_manager/templates/event.html
@@ -34,6 +34,11 @@
                <i class="bi bi-book"></i> Original Rezept ansehen
            </a>
            {% endif %}
+            {% if user and user.admin %}
+            <button type="button" class="btn btn-danger mb-2 w-100" data-bs-toggle="modal" data-bs-target="#deleteEvent">
+                Event Löschen
+            </button>
+            {% endif %}
        </div>
        <div class="col-md-4">
            <div class="card">
@@ -254,4 +259,28 @@
    </div>
 </div>

+<!-- Delete Event Modal -->
+<div class="modal fade" id="deleteEvent" data-bs-backdrop="static" data-bs-keyboard="false" tabindex="-1"
+     aria-labelledby="deleteEventLabel" aria-hidden="true">
+    <div class="modal-dialog">
+        <div class="modal-content">
+            <div class="modal-header bg-danger text-white">
+                <h1 class="modal-title fs-5" id="deleteEventLabel">Event endgültig löschen?</h1>
+                <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal"
+                        aria-label="Close"></button>
+            </div>
+            <div class="modal-body">
+                <div class="alert alert-danger">
+                    <i class="bi bi-exclamation-triangle-fill me-2"></i>
+                    Diese Aktion kann nicht rückgängig gemacht werden! Alle Anmeldungen und Dienstanmeldungen werden
+                    unwiderruflich gelöscht.
+                </div>
+            </div>
+            <div class="modal-footer">
+                <a href="/event/{{event.id}}/delete" class="btn btn-danger">Unwiderruflich Löschen</a>
+                <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Abbrechen</button>
+            </div>
+        </div>
+    </div>
+</div>
 {% endblock %}