pub async fn can_edit_recipe(&self, user_id: i64, recipe_id: i64) -> Result<bool> {
sqlx::query_scalar(
- r#"SELECT COUNT(*) = 1 FROM [Recipe] WHERE [id] = $1 AND [user_id] = $2"#,
+ r#"
+SELECT COUNT(*) = 1
+FROM [Recipe]
+INNER JOIN [User] ON [User].id = [Recipe].user_id
+WHERE [Recipe].[id] = $1 AND ([is_admin] OR [user_id] = $2)
+ "#,
)
.bind(recipe_id)
.bind(user_id)
r#"
SELECT COUNT(*) = 1
FROM [Recipe]
+INNER JOIN [User] ON [User].id = [Recipe].user_id
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
-WHERE [Group].[id] = $1 AND [user_id] = $2
+WHERE [Group].[id] = $1 AND ([is_admin] OR [user_id] = $2)
"#,
)
.bind(group_id)
r#"
SELECT COUNT(*)
FROM [Recipe]
+INNER JOIN [User] ON [User].id = [Recipe].user_id
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
-WHERE [Group].[id] IN ({}) AND [user_id] = $1
+WHERE [Group].[id] IN ({}) AND ([is_admin] OR [user_id] = $2)
"#,
params
);
r#"
SELECT COUNT(*) = 1
FROM [Recipe]
+INNER JOIN [User] ON [User].id = [Recipe].user_id
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
INNER JOIN [Step] ON [Step].[group_id] = [Group].[id]
-WHERE [Step].[id] = $1 AND [user_id] = $2
+WHERE [Step].[id] = $1 AND ([is_admin] OR [user_id] = $2)
"#,
)
.bind(step_id)
r#"
SELECT COUNT(*)
FROM [Recipe]
+INNER JOIN [User] ON [User].id = [Recipe].user_id
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
INNER JOIN [Step] ON [Step].[group_id] = [Group].[id]
-WHERE [Step].[id] IN ({}) AND [user_id] = $1
+WHERE [Step].[id] IN ({}) AND ([is_admin] OR [user_id] = $2)
"#,
params
);
r#"
SELECT COUNT(*)
FROM [Recipe]
+INNER JOIN [User] ON [User].id = [Recipe].user_id
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
INNER JOIN [Step] ON [Step].[group_id] = [Group].[id]
INNER JOIN [Ingredient] ON [Ingredient].[step_id] = [Step].[id]
-WHERE [Ingredient].[id] = $1 AND [user_id] = $2
+WHERE [Ingredient].[id] = $1 AND ([is_admin] OR [user_id] = $2)
"#,
)
.bind(ingredient_id)
r#"
SELECT COUNT(*)
FROM [Recipe]
+INNER JOIN [User] ON [User].id = [Recipe].user_id
INNER JOIN [Group] ON [Group].[recipe_id] = [Recipe].[id]
INNER JOIN [Step] ON [Step].[group_id] = [Group].[id]
INNER JOIN [Ingredient] ON [Ingredient].[step_id] = [Step].[id]
-WHERE [Ingredient].[id] IN ({}) AND [user_id] = $1
+WHERE [Ingredient].[id] IN ({}) AND ([is_admin] OR [user_id] = $2)
"#,
params
);
}
pub async fn load_user(&self, user_id: i64) -> Result<Option<model::User>> {
- sqlx::query_as("SELECT [id], [email], [name], [lang] FROM [User] WHERE [id] = $1")
- .bind(user_id)
- .fetch_optional(&self.pool)
- .await
- .map_err(DBError::from)
+ sqlx::query_as(
+ "SELECT [id], [email], [name], [lang], [is_admin] FROM [User] WHERE [id] = $1",
+ )
+ .bind(user_id)
+ .fetch_optional(&self.pool)
+ .await
+ .map_err(DBError::from)
}
/// If a new email is given and it doesn't match the current one then it has to be
projects / recipes.git / commitdiff