niklas.m/allmende-essen
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity

feat: Add ability to delete events for admins

Browse Source
This commit is contained in:
Niklas Meinzer
2025-10-14 21:42:21 +02:00
parent 1f0a27f3af
commit 726c095af5
3 changed files with 48 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/meal_manager/main.py
View File

@@ -54,11 +54,13 @@ def get_user(request: Request, allow_none: bool=True) -> dict | None:
:raises HTTPException: If user information is not found and `allow_none` is
`False`.
"""
if os.environ.get("MEAL_MANAGER_FAKE_USER", False):
return {"username": "fake_user"}
if fake_user := os.environ.get("MEAL_MANAGER_FAKE_USER", False):
return {"username": "fake_user", "admin": fake_user == "admin"}
if "ynh_user" in request.headers:
return {
"username": request.headers["ynh_user"],
# TODO: This should obviously be replaced with a role based check
"admin": request.headers["ynh_user"] == "niklas.m",
}
if allow_none:
return None
@@ -219,9 +221,20 @@ async def add_event(request: Request, session: SessionDep, user: StrictUserDep):
session.commit()
return RedirectResponse(url="/", status_code=status.HTTP_302_FOUND)
@app.get("/event/{event_id}/delete")
async def delete_event(request: Request, session: SessionDep, event_id: int, user: StrictUserDep):
if not user["admin"]:
raise HTTPException(status_code=403, detail="Not authorized")
statement = select(Event).where(Event.id == event_id)
event = session.scalars(statement).one()
session.delete(event)
session.commit()
return RedirectResponse(url="/", status_code=status.HTTP_302_FOUND)
@app.get("/event/{event_id}")
async def read_event(request: Request, event_id: int, session: SessionDep):
async def read_event(request: Request, event_id: int, session: SessionDep, user: UserDep):
statement = select(Event).where(Event.id == event_id)
event = session.scalars(statement).one()
@@ -238,7 +251,7 @@ async def read_event(request: Request, event_id: int, session: SessionDep):
return templates.TemplateResponse(
request=request,
name="event.html",
context={"event": event, "households": households, "now": datetime.now()},
context={"event": event, "households": households, "now": datetime.now(), "user": user},
)