Verifiziere Mailadresse vor dem Löschen von Sprechstunden

2022-10-30 18:07:40 +01:00 · 2022-10-30 18:07:40 +01:00 · b594c7bf75
commit b594c7bf75
parent 8654263798
5 changed files with 63 additions and 15 deletions
--- a/controllers/deleteOfficeHourHandler.go
+++ b/controllers/deleteOfficeHourHandler.go
@ -2,26 +2,55 @@
 package controllers

 import (
+	"database/sql"
+	"errors"
 	"net/http"
-	//"officeHours/models"
+	"officeHours/models"
 	"officeHours/templating"
 	"strconv"
 )

 func (b *BaseHandler) DeleteOfficeHourHandler(w http.ResponseWriter, req *http.Request) {
-	// TODO: error handling here is by no means sufficient, furthermore
-	//	400 BadRequest is for technically wrong stuff (most promimently GET instead of POST)
 	if req.FormValue("id") != "" {
-		_, err := strconv.Atoi(req.FormValue("id"))
+		id, err := strconv.Atoi(req.FormValue("id"))
 		if err != nil {
 			w.WriteHeader(http.StatusBadRequest)
+			templating.ServeTemplate(w, "deleteFailure", struct{ Error string }{"Id konnte nicht gelesen werden."})
+			return
 		}
-		//officeHour, err := b.officeHourRepo.FindById(id)
+		officeHour, err := b.officeHourRepo.FindById(id)
 		if err != nil {
-			w.WriteHeader(http.StatusBadRequest)
+			if errors.Is(err, sql.ErrNoRows) {
+				w.WriteHeader(http.StatusNotFound)
+				templating.ServeTemplate(w, "deleteFailure", struct{ Error string }{"Sprechstunde wurde nicht gefunden."})
+			} else {
+				w.WriteHeader(http.StatusInternalServerError)
+				templating.ServeTemplate(w, "deleteFailure", struct{ Error error }{err})
+			}
+			return
 		}
-		//_, err = b.requestRepo.Add(officeHour, models.RequestDelete)
-		templating.ServeTemplate(w, "deleteDisabled", nil)
+		if req.FormValue("email") == "" {
+			templating.ServeTemplate(w, "deleteMailForm", struct {
+				Error      string
+				OfficeHour models.OfficeHour
+			}{"", officeHour})
+			return
+		}
+		if req.FormValue("email") != officeHour.Tutor.Email {
+			w.WriteHeader(http.StatusUnauthorized)
+			templating.ServeTemplate(w, "deleteMailForm", struct {
+				Error      string
+				OfficeHour models.OfficeHour
+			}{"Die Sprechstunde wurde nicht mit dieser Mailadresse angegeben.", officeHour})
+			return
+		}
+		_, err = b.requestRepo.Add(officeHour, models.RequestDelete)
+		if err != nil {
+			w.WriteHeader(http.StatusInternalServerError)
+			templating.ServeTemplate(w, "deleteFailure", struct{ Error error }{err})
+			return
+		}
+		templating.ServeTemplate(w, "deleteSuccess", nil)
 	} else {
 		officeHours, _ := b.officeHourRepo.GetAll(true)
 		timetable, slots := b.GetTimetable(officeHours)