Commit 2126eade authored by Robert Czechowski's avatar Robert Czechowski Committed by Robert Czechowski

Add endpoints to delete users, groups and participations from admin interface

parent 5e902c3b
......@@ -1153,11 +1153,28 @@ pub fn admin_show_user<T: MedalConnection>(conn: &T, user_id: i32, session_token
Ok(("admin_user".to_string(), data))
}
#[allow(unused_variables)]
pub fn admin_delete_user<T: MedalConnection>(conn: &T, user_id: i32, session_token: &str, csrf_token: &str)
-> MedalValueResult {
let data = json_val::Map::new();
Ok(("profile".to_string(), data))
let session = conn.get_session(&session_token)
.ensure_logged_in()
.ok_or(MedalError::NotLoggedIn)?
.ensure_admin()
.ok_or(MedalError::AccessDenied)?;
if session.csrf_token != csrf_token {
return Err(MedalError::CsrfCheckFailed);
}
let parts = conn.get_all_participations_complete(user_id);
let mut data = json_val::Map::new();
if parts.len() > 0 {
data.insert("reason".to_string(), to_json(&"Benutzer hat Teilnahmen"));
Ok(("delete_fail".to_string(), data))
} else {
conn.delete_user(user_id);
Ok(("delete_ok".to_string(), data))
}
}
pub fn admin_show_group<T: MedalConnection>(conn: &T, group_id: i32, session_token: &str) -> MedalValueResult {
......@@ -1198,14 +1215,30 @@ pub fn admin_show_group<T: MedalConnection>(conn: &T, group_id: i32, session_tok
Ok(("admin_group".to_string(), data))
}
#[allow(unused_variables)]
pub fn admin_delete_group<T: MedalConnection>(conn: &T, group_id: i32, session_token: &str, csrf_token: &str)
-> MedalValueResult {
let data = json_val::Map::new();
Ok(("profile".to_string(), data))
let session = conn.get_session(&session_token)
.ensure_logged_in()
.ok_or(MedalError::NotLoggedIn)?
.ensure_admin()
.ok_or(MedalError::AccessDenied)?;
if session.csrf_token != csrf_token {
return Err(MedalError::CsrfCheckFailed);
}
let group = conn.get_group_complete(group_id).unwrap(); // TODO handle error
let mut data = json_val::Map::new();
if group.members.len() > 0 {
data.insert("reason".to_string(), to_json(&"Gruppe ist nicht leer"));
Ok(("delete_fail".to_string(), data))
} else {
conn.delete_group(group_id);
Ok(("delete_ok".to_string(), data))
}
}
#[allow(unused_variables)]
pub fn admin_show_participation<T: MedalConnection>(conn: &T, user_id: i32, contest_id: i32, session_token: &str)
-> MedalValueResult {
conn.get_session(&session_token)
......@@ -1250,13 +1283,27 @@ pub fn admin_show_participation<T: MedalConnection>(conn: &T, user_id: i32, cont
Ok(("admin_participation".to_string(), data))
}
#[allow(unused_variables)]
pub fn admin_delete_participation<T: MedalConnection>(conn: &T, user_id: i32, contest_id: i32, session_token: &str,
csrf_token: &str)
-> MedalValueResult
{
let session = conn.get_session(&session_token)
.ensure_logged_in()
.ok_or(MedalError::NotLoggedIn)?
.ensure_admin()
.ok_or(MedalError::AccessDenied)?;
if session.csrf_token != csrf_token {
return Err(MedalError::CsrfCheckFailed);
}
let user = conn.get_user_by_id(user_id).ok_or(MedalError::AccessDenied)?;
let _part =
conn.get_participation(&user.session_token.unwrap(), contest_id).ok_or(MedalError::AccessDenied)?;
let data = json_val::Map::new();
Ok(("profile".to_string(), data))
conn.delete_participation(user_id, contest_id);
Ok(("delete_ok".to_string(), data))
}
pub fn admin_show_contests<T: MedalConnection>(conn: &T, session_token: &str) -> MedalValueResult {
......
......@@ -1271,6 +1271,42 @@ impl MedalConnection for Connection {
.unwrap();
Some(group)
}
fn delete_user(&self, user_id: i32) -> () {
let query = "DELETE FROM session
WHERE id = $1";
self.execute(query, &[&user_id]).unwrap();
}
fn delete_group(&self, group_id: i32) -> () {
let query = "DELETE FROM usergroup
WHERE id = $1";
self.execute(query, &[&group_id]).unwrap();
}
fn delete_participation(&self, user_id: i32, contest_id: i32) -> () {
let query = "DELETE FROM submission
WHERE id IN (
SELECT id FROM submission
JOIN task ON submission.task = task.id
JOIN taskgroup ON task.taskgroup = taskgroup.id
WHERE taskgroup.contest = $1
AND submission.session = $2
)";
self.execute(query, &[&contest_id, &user_id]).unwrap();
let query = "DELETE FROM grade
WHERE taskgroup IN (
SELECT id FROM taskgroup
WHERE taskgroup.contest = $1
)
AND session = $2";
self.execute(query, &[&contest_id, &user_id]).unwrap();
let query = "DELETE FROM participation
WHERE contest = $1
AND session = $2";
self.execute(query, &[&contest_id, &user_id]).unwrap();
}
fn get_search_users(&self,
(s_id, s_firstname, s_lastname, s_logincode, s_groupcode, s_pms_id): (Option<i32>,
Option<String>,
......
......@@ -116,6 +116,10 @@ pub trait MedalConnection {
fn get_groups_complete(&self, session_id: i32) -> Vec<Group>;
fn get_group_complete(&self, group_id: i32) -> Option<Group>;
fn delete_user(&self, user_id: i32) -> ();
fn delete_group(&self, group_id: i32) -> ();
fn delete_participation(&self, user_id: i32, contest_id: i32) -> ();
fn get_search_users(&self,
_: (Option<i32>,
Option<String>,
......
......@@ -1383,6 +1383,42 @@ impl MedalConnection for Connection {
.unwrap();
Some(group)
}
fn delete_user(&self, user_id: i32) -> () {
let query = "DELETE FROM session
WHERE id = $1";
self.execute(query, &[&user_id]).unwrap();
}
fn delete_group(&self, group_id: i32) -> () {
let query = "DELETE FROM usergroup
WHERE id = $1";
self.execute(query, &[&group_id]).unwrap();
}
fn delete_participation(&self, user_id: i32, contest_id: i32) -> () {
let query = "DELETE FROM submission
WHERE id IN (
SELECT id FROM submission
JOIN task ON submission.task = task.id
JOIN taskgroup ON task.taskgroup = taskgroup.id
WHERE taskgroup.contest = $1
AND submission.session = $2
)";
self.execute(query, &[&contest_id, &user_id]).unwrap();
let query = "DELETE FROM grade
WHERE taskgroup IN (
SELECT id FROM taskgroup
WHERE taskgroup.contest = $1
)
AND session = $2";
self.execute(query, &[&contest_id, &user_id]).unwrap();
let query = "DELETE FROM participation
WHERE contest = $1
AND session = $2";
self.execute(query, &[&contest_id, &user_id]).unwrap();
}
fn get_search_users(&self,
(s_id, s_firstname, s_lastname, s_logincode, s_groupcode, s_pms_id): (Option<i32>,
Option<String>,
......
......@@ -1383,6 +1383,42 @@ impl MedalConnection for Connection {
.unwrap();
Some(group)
}
fn delete_user(&self, user_id: i32) -> () {
let query = "DELETE FROM session
WHERE id = ?1";
self.execute(query, &[&user_id]).unwrap();
}
fn delete_group(&self, group_id: i32) -> () {
let query = "DELETE FROM usergroup
WHERE id = ?1";
self.execute(query, &[&group_id]).unwrap();
}
fn delete_participation(&self, user_id: i32, contest_id: i32) -> () {
let query = "DELETE FROM submission
WHERE id IN (
SELECT id FROM submission
JOIN task ON submission.task = task.id
JOIN taskgroup ON task.taskgroup = taskgroup.id
WHERE taskgroup.contest = ?1
AND submission.session = ?2
)";
self.execute(query, &[&contest_id, &user_id]).unwrap();
let query = "DELETE FROM grade
WHERE taskgroup IN (
SELECT id FROM taskgroup
WHERE taskgroup.contest = ?1
)
AND session = ?2";
self.execute(query, &[&contest_id, &user_id]).unwrap();
let query = "DELETE FROM participation
WHERE contest = ?1
AND session = ?2";
self.execute(query, &[&contest_id, &user_id]).unwrap();
}
fn get_search_users(&self,
(s_id, s_firstname, s_lastname, s_logincode, s_groupcode, s_pms_id): (Option<i32>,
Option<String>,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment