filipriec/Kurt_kalendar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

working better, small changes

Browse Source
This commit is contained in:
Priec
2026-05-16 12:12:33 +02:00
parent 7d05209d48
commit 164dacb678
7 changed files with 128 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ht_booking/.gitignore vendored
View File

@@ -21,3 +21,4 @@ target/
# Local secrets (hardcoded admin credentials)
.env
todo.md

4
ht_booking/assets/i18n/en/main.ftl
View File

@@ -41,3 +41,7 @@ court-name = Name
court-surface = Surface
court-indoor = Indoor
add-court = Add Court
court-remove = Remove
court-delete-prompt = To remove this court and all its bookings, type its name below to confirm:
court-delete-mismatch = The name you typed does not match the court name.
court-delete-error = Court name did not match — nothing was removed.

4
ht_booking/assets/i18n/sk/main.ftl
View File

@@ -41,3 +41,7 @@ court-name = Názov
court-surface = Povrch
court-indoor = Krytý
add-court = Pridať kurt
court-remove = Odstrániť
court-delete-prompt = Ak chcete odstrániť tento kurt a všetky jeho rezervácie, na potvrdenie napíšte nižšie jeho názov:
court-delete-mismatch = Zadaný názov sa nezhoduje s názvom kurtu.
court-delete-error = Názov kurtu sa nezhodoval — nič sa neodstránilo.

31
ht_booking/assets/views/admin/courts.html
View File

@@ -8,6 +8,10 @@
<a href="/admin" class="text-sm text-blue-600 hover:underline">&larr; {{ t(key="back-to-calendar", lang=lang) }}</a>
</div>
{% if name_error %}
<div class="mb-3 rounded bg-red-100 px-3 py-2 text-sm text-red-700">{{ t(key="court-delete-error", lang=lang) }}</div>
{% endif %}
<div class="mb-6 overflow-auto rounded-lg border bg-white">
<table class="w-full text-sm">
<thead>
@@ -15,6 +19,7 @@
<th class="p-2">{{ t(key="court-name", lang=lang) }}</th>
<th class="p-2">{{ t(key="court-surface", lang=lang) }}</th>
<th class="p-2">{{ t(key="court-indoor", lang=lang) }}</th>
<th class="p-2">{{ t(key="court-remove", lang=lang) }}</th>
</tr>
</thead>
<tbody>
@@ -23,6 +28,15 @@
<td class="p-2">{{ c.name }}</td>
<td class="p-2">{{ c.surface }}</td>
<td class="p-2">{{ c.indoor }}</td>
<td class="p-2">
<form method="post" action="/admin/courts/{{ c.id }}/delete"
data-court-name="{{ c.name }}" onsubmit="return promptCourtDelete(this);">
<input type="hidden" name="confirm_name">
<button class="rounded bg-red-600 px-3 py-1 text-sm text-white hover:bg-red-700">
{{ t(key="delete", lang=lang) }}
</button>
</form>
</td>
</tr>
{% endfor %}
</tbody>
@@ -49,3 +63,20 @@
</form>
</div>
{% endblock content %}
{% block js %}
<script>
// The name confirmation appears only after the Delete button is pressed.
function promptCourtDelete(form) {
var expected = form.dataset.courtName;
var typed = prompt('{{ t(key="court-delete-prompt", lang=lang) }}\n\n' + expected);
if (typed === null) return false; // cancelled
if (typed.trim() !== expected) {
alert('{{ t(key="court-delete-mismatch", lang=lang) }}');
return false;
}
form.confirm_name.value = typed.trim();
return true;
}
</script>
{% endblock js %}

2
ht_booking/assets/views/base.html
View File

@@ -15,7 +15,7 @@
<a href="/" class="text-lg font-bold">{{ t(key="brand", lang=lang) }}</a>
<nav class="flex items-center gap-4 text-sm">
<a href="/" class="hover:underline">{{ t(key="nav-calendar", lang=lang) }}</a>
{% if is_admin %}
{% if logged_in | default(value=false) %}
<a href="/admin" class="hover:underline">{{ t(key="admin-title", lang=lang) }}</a>
<a href="/admin/courts" class="hover:underline">{{ t(key="manage-courts", lang=lang) }}</a>
<form method="post" action="/admin/logout" class="inline">

97
ht_booking/src/controllers/admin.rs
View File

@@ -36,6 +36,23 @@ pub struct AdminAuth {
pub user: users::Model,
}
/// Returns the logged-in admin user if the request carries a valid admin
/// cookie. Unlike the [`AdminAuth`] guard this never rejects, so public pages
/// can detect an admin visitor without redirecting non-admins away.
pub async fn current_admin(ctx: &AppContext, jar: &CookieJar) -> Option<users::Model> {
let admin = admin_email();
if admin.is_empty() {
return None;
}
let token = jar.get(AUTH_COOKIE).map(|c| c.value().to_string())?;
let (secret, _) = jwt_settings(ctx)?;
let claims = jwt::JWT::new(&secret).validate(&token).ok()?;
let user = users::Model::find_by_pid(&ctx.db, &claims.claims.pid)
.await
.ok()?;
(user.email == admin).then_some(user)
}
impl FromRequestParts<AppContext> for AdminAuth {
type Rejection = Redirect;
@@ -43,28 +60,11 @@ impl FromRequestParts<AppContext> for AdminAuth {
parts: &mut Parts,
ctx: &AppContext,
) -> std::result::Result<Self, Self::Rejection> {
let deny = || Redirect::to("/admin/login");
let admin = admin_email();
if admin.is_empty() {
return Err(deny());
}
let jar = CookieJar::from_headers(&parts.headers);
let token = jar
.get(AUTH_COOKIE)
.map(|c| c.value().to_string())
.ok_or_else(deny)?;
let (secret, _) = jwt_settings(ctx).ok_or_else(deny)?;
let claims = jwt::JWT::new(&secret)
.validate(&token)
.map_err(|_| deny())?;
let user = users::Model::find_by_pid(&ctx.db, &claims.claims.pid)
.await
.map_err(|_| deny())?;
if user.email != admin {
return Err(deny());
match current_admin(ctx, &jar).await {
Some(user) => Ok(Self { user }),
None => Err(Redirect::to("/admin/login")),
}
Ok(Self { user })
}
}
@@ -138,18 +138,25 @@ pub async fn dashboard(
Query(q): Query<calendar::CalQuery>,
) -> Result<Response> {
let lang = current_lang(&jar);
let page = build_calendar(&ctx, &lang, true, q.court, q.week).await?;
let page = build_calendar(&ctx, &lang, true, true, q.court, q.week).await?;
format::render().view(&v, "calendar/week.html", &page)
}
// ---------------------------------------------------------------- courts ---
#[derive(Debug, Deserialize)]
pub struct CourtsQuery {
/// Set to `name` when a court-delete confirmation name did not match.
pub err: Option<String>,
}
#[debug_handler]
pub async fn courts_page(
_auth: AdminAuth,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
jar: CookieJar,
Query(q): Query<CourtsQuery>,
) -> Result<Response> {
let lang = current_lang(&jar);
let list = courts::Entity::find()
@@ -170,7 +177,13 @@ pub async fn courts_page(
format::render().view(
&v,
"admin/courts.html",
data!({ "lang": lang, "is_admin": true, "courts": items }),
data!({
"lang": lang,
"is_admin": true,
"logged_in": true,
"courts": items,
"name_error": q.err.as_deref() == Some("name"),
}),
)
}
@@ -198,6 +211,43 @@ pub async fn create_court(
Ok(Redirect::to("/admin/courts").into_response())
}
#[derive(Debug, Deserialize)]
pub struct DeleteCourtForm {
/// The court name the admin retyped to confirm removal.
pub confirm_name: String,
}
/// Removes a court. As a safeguard the admin must retype the court's exact
/// name; a mismatch aborts and redirects back with an error. Deleting a court
/// also removes all of its bookings, since they would otherwise be orphaned.
#[debug_handler]
pub async fn delete_court(
_auth: AdminAuth,
State(ctx): State<AppContext>,
Path(id): Path<i32>,
Form(form): Form<DeleteCourtForm>,
) -> Result<Response> {
let court = courts::Entity::find_by_id(id)
.one(&ctx.db)
.await?
.ok_or(Error::NotFound)?;
let actual = court
.name
.clone()
.unwrap_or_else(|| format!("Court {}", court.id));
if form.confirm_name.trim() != actual {
return Ok(Redirect::to("/admin/courts?err=name").into_response());
}
bookings::Entity::delete_many()
.filter(bookings::Column::CourtId.eq(id))
.exec(&ctx.db)
.await?;
courts::Entity::delete_by_id(id).exec(&ctx.db).await?;
Ok(Redirect::to("/admin/courts").into_response())
}
// --------------------------------------------------------------- bookings --
fn hour_options() -> Vec<serde_json::Value> {
@@ -242,6 +292,7 @@ pub async fn booking_new(
data!({
"lang": lang,
"is_admin": true,
"logged_in": true,
"mode": "new",
"action": "/admin/booking",
"court_id": court_id,
@@ -321,6 +372,7 @@ pub async fn booking_edit(
data!({
"lang": lang,
"is_admin": true,
"logged_in": true,
"mode": "edit",
"action": format!("/admin/booking/{id}"),
"court_id": booking.court_id,
@@ -384,6 +436,7 @@ pub fn routes() -> Routes {
.add("/", get(dashboard))
.add("/courts", get(courts_page))
.add("/courts", post(create_court))
.add("/courts/{id}/delete", post(delete_court))
.add("/booking", get(booking_new))
.add("/booking", post(booking_create))
.add("/booking/{id}", get(booking_edit))

12
ht_booking/src/controllers/calendar.rs
View File

@@ -62,7 +62,10 @@ pub struct Row {
#[derive(Debug, Serialize)]
pub struct CalendarPage {
pub lang: String,
/// `true` only on the admin dashboard — enables the editable cells.
pub is_admin: bool,
/// `true` whenever the admin is signed in — controls the nav links.
pub logged_in: bool,
pub base_path: String,
pub has_courts: bool,
pub courts: Vec<CourtOpt>,
@@ -102,6 +105,7 @@ pub async fn build_calendar(
ctx: &AppContext,
lang: &str,
is_admin: bool,
logged_in: bool,
q_court: Option<i32>,
q_week: Option<String>,
) -> Result<CalendarPage> {
@@ -191,6 +195,7 @@ pub async fn build_calendar(
Ok(CalendarPage {
lang: lang.to_string(),
is_admin,
logged_in,
base_path: if is_admin { "/admin" } else { "/" }.to_string(),
has_courts: !courts_opts.is_empty(),
courts: courts_opts,
@@ -216,7 +221,12 @@ pub async fn index(
Query(q): Query<CalQuery>,
) -> Result<Response> {
let lang = current_lang(&jar);
let page = build_calendar(&ctx, &lang, false, q.court, q.week).await?;
// The public calendar is read-only for everyone, admin included. When an
// admin is signed in we still flag it so the nav keeps the admin links.
let logged_in = crate::controllers::admin::current_admin(&ctx, &jar)
.await
.is_some();
let page = build_calendar(&ctx, &lang, false, logged_in, q.court, q.week).await?;
format::render().view(&v, "calendar/week.html", &page)
}