Save contact info in db

client/src/contacts/contact-info-editor.js

@@ -34,7 +34,7 @@ customElements.define('contact-info-editor', class extends Component {
                 ${ FORM_STYLE }
             </style>
             <section>
-                <form>
+                <form method="post">
                     <div>
                         <label>Typ</label>
                         <select name="contact_type" id="contact_type">

src/model/view.rs

@@ -203,3 +203,21 @@ pub struct CreateNewsArticleInput {
 pub struct DeleteNewsArticleInput {
     pub id: i32,
 }
+
+#[derive(Debug, Deserialize)]
+pub struct CreateContactInfoInput {
+    pub contact_type: String,
+    pub content: String,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct UpdateContactInfoInput {
+    pub id: i32,
+    pub contact_type: String,
+    pub content: String,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct DeleteContactInfoInput {
+    pub id: i32,
+}

src/queries/mod.rs

@@ -879,11 +879,15 @@ RETURNING
 }
 
 #[tracing::instrument]
-pub async fn delete_contact(t: &mut T<'_>, id: i32) -> Result<Vec<db::ContactInfo>> {
+pub async fn delete_contact(
+    t: &mut T<'_>,
+    id: i32,
+    account_id: i32,
+) -> Result<Vec<db::ContactInfo>> {
     sqlx::query_as(
         r#"
 DELETE FROM contacts
-WHERE id = $1
+WHERE id = $1 AND owner_id = $2
 RETURNING
     id,
     owner_id,
@@ -892,6 +896,7 @@ RETURNING
     "#,
     )
     .bind(id)
+    .bind(account_id)
     .fetch_all(t)
     .await
     .map_err(|e| {

src/routes/restricted/contacts.rs

@@ -1,19 +1,120 @@
-use actix_web::web::{Data, ServiceConfig};
+use actix_web::web::{Data, Form, ServiceConfig};
-use actix_web::{post, HttpResponse};
+use actix_web::{post, web, HttpResponse};
 use sqlx::PgPool;
 
+use crate::model::{db, view};
 use crate::routes::{Identity, Result};
+use crate::{authorize, not_xss, ok_or_internal, queries};
 
 #[post("/create")]
-async fn create_contact(id: Identity, db: Data<PgPool>) -> Result<HttpResponse> {
+async fn create_contact(
-    Ok(HttpResponse::NotImplemented().finish())
+    id: Identity,
+    db: Data<PgPool>,
+    form: Form<view::CreateContactInfoInput>,
+) -> Result<HttpResponse> {
+    let form = form.into_inner();
+    dbg!(&form);
+    let pool = db.into_inner();
+    let mut t = crate::ok_or_internal!(pool.begin().await);
+    let account = authorize!(&mut t, id);
+    not_xss!(&form.contact_type, t);
+    not_xss!(&form.content, t);
+
+    match queries::create_contact(
+        &mut t,
+        db::CreateContactInput {
+            owner_id: account.id,
+            contact_type: form.contact_type,
+            content: form.content,
+        },
+    )
+    .await
+    {
+        Ok(_) => {
+            t.commit().await.ok();
+            Ok(HttpResponse::SeeOther()
+                .append_header(("Location", "/account/business-items"))
+                .finish())
+        }
+        Err(e) => {
+            dbg!(e);
+            t.rollback().await.ok();
+            Ok(HttpResponse::BadRequest().body("Nie można zapisać danych kontaktowych"))
+        }
+    }
 }
 
 #[post("/update")]
-async fn update_contact(id: Identity, db: Data<PgPool>) -> Result<HttpResponse> {
+async fn update_contact(
-    Ok(HttpResponse::NotImplemented().finish())
+    id: Identity,
+    db: Data<PgPool>,
+    form: Form<view::UpdateContactInfoInput>,
+) -> Result<HttpResponse> {
+    let form = form.into_inner();
+    dbg!(&form);
+    let pool = db.into_inner();
+    let mut t = ok_or_internal!(pool.begin().await);
+    let account = authorize!(&mut t, id);
+    not_xss!(&form.contact_type, t);
+    not_xss!(&form.content, t);
+
+    match queries::update_contact(
+        &mut t,
+        db::UpdateContactInput {
+            id: form.id,
+            owner_id: account.id,
+            contact_type: form.contact_type,
+            content: form.content,
+        },
+    )
+    .await
+    {
+        Ok(_) => {
+            t.commit().await.ok();
+            Ok(HttpResponse::SeeOther()
+                .append_header(("Location", "/account/business-items"))
+                .finish())
+        }
+        Err(e) => {
+            dbg!(e);
+            t.rollback().await.ok();
+            Ok(HttpResponse::BadRequest().body("Nie można zmienić danych kontaktowych"))
+        }
+    }
+}
+
+#[post("/update")]
+async fn delete_contact(
+    id: Identity,
+    db: Data<PgPool>,
+    form: Form<view::DeleteContactInfoInput>,
+) -> Result<HttpResponse> {
+    let form = form.into_inner();
+    dbg!(&form);
+    let pool = db.into_inner();
+    let mut t = ok_or_internal!(pool.begin().await);
+    let account = authorize!(&mut t, id);
+
+    match queries::delete_contact(&mut t, form.id, account.id).await {
+        Ok(_) => {
+            t.commit().await.ok();
+            Ok(HttpResponse::SeeOther()
+                .append_header(("Location", "/account/business-items"))
+                .finish())
+        }
+        Err(e) => {
+            dbg!(e);
+            t.rollback().await.ok();
+            Ok(HttpResponse::BadRequest().body("Nie można usunąć danych kontaktowych"))
+        }
+    }
 }
 
 pub fn configure(config: &mut ServiceConfig) {
-    config.service(create_contact).service(update_contact);
+    config.service(
+        web::scope("contacts")
+            .service(create_contact)
+            .service(update_contact)
+            .service(delete_contact),
+    );
 }