Verifiziere Mailadresse vor dem Löschen von Sprechstunden

2022-10-30 18:07:40 +01:00 · 2022-10-30 18:07:40 +01:00 · b594c7bf75
parent 8654263798
commit b594c7bf75
5 changed files with 63 additions and 15 deletions
--- a/controllers/deleteOfficeHourHandler.go
+++ b/controllers/deleteOfficeHourHandler.go
@ -2,26 +2,55 @@
 package controllers

 import (
+	"database/sql"
+	"errors"
 	"net/http"
-	//"officeHours/models"
+	"officeHours/models"
 	"officeHours/templating"
 	"strconv"
 )

 func (b *BaseHandler) DeleteOfficeHourHandler(w http.ResponseWriter, req *http.Request) {
-	// TODO: error handling here is by no means sufficient, furthermore
-	//	400 BadRequest is for technically wrong stuff (most promimently GET instead of POST)
 	if req.FormValue("id") != "" {
-		_, err := strconv.Atoi(req.FormValue("id"))
+		id, err := strconv.Atoi(req.FormValue("id"))
 		if err != nil {
 			w.WriteHeader(http.StatusBadRequest)
+			templating.ServeTemplate(w, "deleteFailure", struct{ Error string }{"Id konnte nicht gelesen werden."})
+			return
 		}
-		//officeHour, err := b.officeHourRepo.FindById(id)
+		officeHour, err := b.officeHourRepo.FindById(id)
 		if err != nil {
-			w.WriteHeader(http.StatusBadRequest)
+			if errors.Is(err, sql.ErrNoRows) {
+				w.WriteHeader(http.StatusNotFound)
+				templating.ServeTemplate(w, "deleteFailure", struct{ Error string }{"Sprechstunde wurde nicht gefunden."})
+			} else {
+				w.WriteHeader(http.StatusInternalServerError)
+				templating.ServeTemplate(w, "deleteFailure", struct{ Error error }{err})
+			}
+			return
 		}
-		//_, err = b.requestRepo.Add(officeHour, models.RequestDelete)
-		templating.ServeTemplate(w, "deleteDisabled", nil)
+		if req.FormValue("email") == "" {
+			templating.ServeTemplate(w, "deleteMailForm", struct {
+				Error      string
+				OfficeHour models.OfficeHour
+			}{"", officeHour})
+			return
+		}
+		if req.FormValue("email") != officeHour.Tutor.Email {
+			w.WriteHeader(http.StatusUnauthorized)
+			templating.ServeTemplate(w, "deleteMailForm", struct {
+				Error      string
+				OfficeHour models.OfficeHour
+			}{"Die Sprechstunde wurde nicht mit dieser Mailadresse angegeben.", officeHour})
+			return
+		}
+		_, err = b.requestRepo.Add(officeHour, models.RequestDelete)
+		if err != nil {
+			w.WriteHeader(http.StatusInternalServerError)
+			templating.ServeTemplate(w, "deleteFailure", struct{ Error error }{err})
+			return
+		}
+		templating.ServeTemplate(w, "deleteSuccess", nil)
 	} else {
 		officeHours, _ := b.officeHourRepo.GetAll(true)
 		timetable, slots := b.GetTimetable(officeHours)
--- a/templating/templates.go
+++ b/templating/templates.go
@ -43,8 +43,9 @@ func InitTemplates() error {
 		"addFailure":      {"addFailure.html", false},
 		"addMask":         {"addMask.html", false},
 		"addSuccess":      {"addSuccess.html", false},
+		"deleteFailure":   {"deleteFailure.html", false},
+		"deleteMailForm":  {"deleteMailForm.html", false},
 		"deleteSuccess":   {"deleteSuccess.html", false},
-		"deleteDisabled":  {"deleteDisabled.html", false},
 		"executeFailure":  {"executeFailure.html", false},
 		"executeSuccess":  {"executeSuccess.html", false},
 		"index":           {"index.html", false},
--- a/templating/templates/deleteDisabled.html
+++ b/templating/templates/deleteDisabled.html
@ -1,6 +0,0 @@
-{{define "title"}}Sprechstunde löschen{{end}}
-
-{{define "content"}}
-Sprechstunden zu löschen wurde wegen zu viel Spam deaktiviert. <br>
-Falls du deine Sprechstunde löschen möchtest, melde dich bitte unter <a href="mailto:sprechstundentool@mathebau.de">sprechstundentool@mathebau.de</a>.
-{{end}}
--- a/templating/templates/deleteFailure.html
+++ b/templating/templates/deleteFailure.html
@ -0,0 +1,5 @@
+{{define "title"}}Sprechstunde löschen{{end}}
+
+{{define "content"}}
+Das Löschen der Sprechstunde ist fehlgeschlagen: {{.Error}}
+{{end}}
--- a/templating/templates/deleteMailForm.html
+++ b/templating/templates/deleteMailForm.html
@ -0,0 +1,19 @@
+{{define "title"}}Sprechstunde löschen{{end}}
+
+{{define "content"}}
+{{.Error}}
+
+Willst du die Sprechstunde<br>
+  {{printf "%02d" .OfficeHour.Date.Hour}}:{{printf "%02d" .OfficeHour.Date.Minute}} - {{printf "%02d" .OfficeHour.EndDate.Hour}}:{{printf "%02d" .OfficeHour.EndDate.Minute}}<br>
+  {{if eq .OfficeHour.Date.Week 1}}in ungeraden Vorlesungswochen<br>{{end}}{{if eq .OfficeHour.Date.Week 2}}in geraden Vorlesungswochen<br>{{end}}
+  {{.OfficeHour.Course.Name}}<br>
+  {{.OfficeHour.Tutor.Name}}<br>
+  {{.OfficeHour.Room.Name}}<br>
+wirklich löschen? Bitte bestätige dies durch Angabe der Mailadresse, mit der die Sprechstunde angelegt wurde: <br>
+<form method="POST" action="deleteOfficeHour">
+<input type="hidden" name="id" value="{{.OfficeHour.Id}}">
+<label for="email">Email-Adresse</label>:
+  <input name="email" id="email" type="email" size="50" required><br>
+  <input type="submit">
+</form>
+{{end}}