Save contact info in db

2022-07-16 13:31:29 +02:00 · 2022-07-16 13:31:29 +02:00 · c5ea569727
commit c5ea569727
parent f90c46dfcb
4 changed files with 134 additions and 10 deletions
--- a/client/src/contacts/contact-info-editor.js
+++ b/client/src/contacts/contact-info-editor.js
@ -34,7 +34,7 @@ customElements.define('contact-info-editor', class extends Component {
                ${ FORM_STYLE }
            </style>
            <section>
-                <form>
+                <form method="post">
                    <div>
                        <label>Typ</label>
                        <select name="contact_type" id="contact_type">
--- a/src/model/view.rs
+++ b/src/model/view.rs
@ -203,3 +203,21 @@ pub struct CreateNewsArticleInput {
 pub struct DeleteNewsArticleInput {
    pub id: i32,
 }
+
+#[derive(Debug, Deserialize)]
+pub struct CreateContactInfoInput {
+    pub contact_type: String,
+    pub content: String,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct UpdateContactInfoInput {
+    pub id: i32,
+    pub contact_type: String,
+    pub content: String,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct DeleteContactInfoInput {
+    pub id: i32,
+}
--- a/src/queries/mod.rs
+++ b/src/queries/mod.rs
@ -879,11 +879,15 @@ RETURNING
 }

 #[tracing::instrument]
-pub async fn delete_contact(t: &mut T<'_>, id: i32) -> Result<Vec<db::ContactInfo>> {
+pub async fn delete_contact(
+    t: &mut T<'_>,
+    id: i32,
+    account_id: i32,
+) -> Result<Vec<db::ContactInfo>> {
    sqlx::query_as(
        r#"
 DELETE FROM contacts
-WHERE id = $1
+WHERE id = $1 AND owner_id = $2
 RETURNING
    id,
    owner_id,
@ -892,6 +896,7 @@ RETURNING
    "#,
    )
    .bind(id)
+    .bind(account_id)
    .fetch_all(t)
    .await
    .map_err(|e| {
--- a/src/routes/restricted/contacts.rs
+++ b/src/routes/restricted/contacts.rs
@ -1,19 +1,120 @@
-use actix_web::web::{Data, ServiceConfig};
-use actix_web::{post, HttpResponse};
+use actix_web::web::{Data, Form, ServiceConfig};
+use actix_web::{post, web, HttpResponse};
 use sqlx::PgPool;

+use crate::model::{db, view};
 use crate::routes::{Identity, Result};
+use crate::{authorize, not_xss, ok_or_internal, queries};

 #[post("/create")]
-async fn create_contact(id: Identity, db: Data<PgPool>) -> Result<HttpResponse> {
-    Ok(HttpResponse::NotImplemented().finish())
+async fn create_contact(
+    id: Identity,
+    db: Data<PgPool>,
+    form: Form<view::CreateContactInfoInput>,
+) -> Result<HttpResponse> {
+    let form = form.into_inner();
+    dbg!(&form);
+    let pool = db.into_inner();
+    let mut t = crate::ok_or_internal!(pool.begin().await);
+    let account = authorize!(&mut t, id);
+    not_xss!(&form.contact_type, t);
+    not_xss!(&form.content, t);
+
+    match queries::create_contact(
+        &mut t,
+        db::CreateContactInput {
+            owner_id: account.id,
+            contact_type: form.contact_type,
+            content: form.content,
+        },
+    )
+    .await
+    {
+        Ok(_) => {
+            t.commit().await.ok();
+            Ok(HttpResponse::SeeOther()
+                .append_header(("Location", "/account/business-items"))
+                .finish())
+        }
+        Err(e) => {
+            dbg!(e);
+            t.rollback().await.ok();
+            Ok(HttpResponse::BadRequest().body("Nie można zapisać danych kontaktowych"))
+        }
+    }
 }

 #[post("/update")]
-async fn update_contact(id: Identity, db: Data<PgPool>) -> Result<HttpResponse> {
-    Ok(HttpResponse::NotImplemented().finish())
+async fn update_contact(
+    id: Identity,
+    db: Data<PgPool>,
+    form: Form<view::UpdateContactInfoInput>,
+) -> Result<HttpResponse> {
+    let form = form.into_inner();
+    dbg!(&form);
+    let pool = db.into_inner();
+    let mut t = ok_or_internal!(pool.begin().await);
+    let account = authorize!(&mut t, id);
+    not_xss!(&form.contact_type, t);
+    not_xss!(&form.content, t);
+
+    match queries::update_contact(
+        &mut t,
+        db::UpdateContactInput {
+            id: form.id,
+            owner_id: account.id,
+            contact_type: form.contact_type,
+            content: form.content,
+        },
+    )
+    .await
+    {
+        Ok(_) => {
+            t.commit().await.ok();
+            Ok(HttpResponse::SeeOther()
+                .append_header(("Location", "/account/business-items"))
+                .finish())
+        }
+        Err(e) => {
+            dbg!(e);
+            t.rollback().await.ok();
+            Ok(HttpResponse::BadRequest().body("Nie można zmienić danych kontaktowych"))
+        }
+    }
+}
+
+#[post("/update")]
+async fn delete_contact(
+    id: Identity,
+    db: Data<PgPool>,
+    form: Form<view::DeleteContactInfoInput>,
+) -> Result<HttpResponse> {
+    let form = form.into_inner();
+    dbg!(&form);
+    let pool = db.into_inner();
+    let mut t = ok_or_internal!(pool.begin().await);
+    let account = authorize!(&mut t, id);
+
+    match queries::delete_contact(&mut t, form.id, account.id).await {
+        Ok(_) => {
+            t.commit().await.ok();
+            Ok(HttpResponse::SeeOther()
+                .append_header(("Location", "/account/business-items"))
+                .finish())
+        }
+        Err(e) => {
+            dbg!(e);
+            t.rollback().await.ok();
+            Ok(HttpResponse::BadRequest().body("Nie można usunąć danych kontaktowych"))
+        }
+    }
 }

 pub fn configure(config: &mut ServiceConfig) {
-    config.service(create_contact).service(update_contact);
+    config.service(
+        web::scope("contacts")
+            .service(create_contact)
+            .service(update_contact)
+            .service(delete_contact),
+    );
 }