From 711f08600df674d4cc54b4bffca43f54323bf6b1 Mon Sep 17 00:00:00 2001 From: Alex_Miao_WSL Date: Thu, 8 Aug 2024 15:38:34 +1000 Subject: [PATCH] For all PATCH routes, in respective model methods, return id in sql query to ensure id is valid --- backend/server/src/models/application.rs | 14 +++++---- backend/server/src/models/campaign.rs | 10 +++--- backend/server/src/models/organisation.rs | 37 ++++++++++++++--------- backend/server/src/models/role.rs | 7 +++-- 4 files changed, 41 insertions(+), 27 deletions(-) diff --git a/backend/server/src/models/application.rs b/backend/server/src/models/application.rs index 65e55d21..ae65ae94 100644 --- a/backend/server/src/models/application.rs +++ b/backend/server/src/models/application.rs @@ -355,32 +355,34 @@ impl Application { } pub async fn set_status(id: i64, new_status: ApplicationStatus, pool: &Pool) -> Result<(), ChaosError> { - sqlx::query!( + let _ = sqlx::query!( " UPDATE applications SET status = $2 - WHERE id = $1; + WHERE id = $1 + RETURNING id; ", id, new_status as ApplicationStatus ) - .execute(pool) + .fetch_one(pool) .await?; Ok(()) } pub async fn set_private_status(id: i64, new_status: ApplicationStatus, pool: &Pool) -> Result<(), ChaosError> { - sqlx::query!( + let _ = sqlx::query!( " UPDATE applications SET private_status = $2 - WHERE id = $1; + WHERE id = $1 + RETURNING id; ", id, new_status as ApplicationStatus ) - .execute(pool) + .fetch_one(pool) .await?; Ok(()) diff --git a/backend/server/src/models/campaign.rs b/backend/server/src/models/campaign.rs index 40590fee..b87eec37 100644 --- a/backend/server/src/models/campaign.rs +++ b/backend/server/src/models/campaign.rs @@ -96,11 +96,12 @@ impl Campaign { update: CampaignUpdate, pool: &Pool, ) -> Result<(), ChaosError> { - sqlx::query!( + let _ = sqlx::query!( " UPDATE campaigns SET name = $1, description = $2, starts_at = $3, ends_at = $4 WHERE id = $5 + RETURNING id; ", update.name, update.description, @@ -108,7 +109,7 @@ impl Campaign { update.ends_at, id ) - .execute(pool) + .fetch_one(pool) .await?; Ok(()) @@ -125,17 +126,18 @@ impl Campaign { let image_id = Uuid::new_v4(); let current_time = dt; - sqlx::query!( + let _ = sqlx::query!( " UPDATE campaigns SET cover_image = $1, updated_at = $2 WHERE id = $3 + RETURNING id; ", image_id, current_time, id ) - .execute(pool) + .fetch_one(pool) .await?; let upload_url = diff --git a/backend/server/src/models/organisation.rs b/backend/server/src/models/organisation.rs index 984deef3..1071637e 100644 --- a/backend/server/src/models/organisation.rs +++ b/backend/server/src/models/organisation.rs @@ -175,12 +175,14 @@ impl Organisation { admin_id_list: Vec, transaction: &mut Transaction<'_, Postgres>, ) -> Result<(), ChaosError> { - sqlx::query!( - "DELETE FROM organisation_members WHERE organisation_id = $1 AND role = $2", + let _ = sqlx::query!( + "DELETE FROM organisation_members + WHERE organisation_id = $1 AND role = $2 + RETURNING organisation_id;", organisation_id, OrganisationRole::Admin as OrganisationRole ) - .execute(transaction.deref_mut()) + .fetch_one(transaction.deref_mut()) .await?; for admin_id in admin_id_list { @@ -205,12 +207,14 @@ impl Organisation { member_id_list: Vec, transaction: &mut Transaction<'_, Postgres>, ) -> Result<(), ChaosError> { - sqlx::query!( - "DELETE FROM organisation_members WHERE organisation_id = $1 AND role = $2", + let _ = sqlx::query!( + "DELETE FROM organisation_members + WHERE organisation_id = $1 AND role = $2 + RETURNING organisation_id;", organisation_id, OrganisationRole::User as OrganisationRole ) - .execute(transaction.deref_mut()) + .fetch_one(transaction.deref_mut()) .await?; for member_id in member_id_list { @@ -235,15 +239,17 @@ impl Organisation { admin_to_remove: i64, pool: &Pool, ) -> Result<(), ChaosError> { - sqlx::query!( + let _ = sqlx::query!( " - UPDATE organisation_members SET role = $3 WHERE user_id = $1 AND organisation_id = $2 + UPDATE organisation_members SET role = $3 + WHERE user_id = $1 AND organisation_id = $2 + RETURNING (user_id, organisation_id) ", admin_to_remove, organisation_id, OrganisationRole::User as OrganisationRole ) - .execute(pool) + .fetch_one(pool) .await?; Ok(()) @@ -254,14 +260,16 @@ impl Organisation { user_id: i64, pool: &Pool, ) -> Result<(), ChaosError> { - sqlx::query!( + let _ = sqlx::query!( " - DELETE FROM organisation_members WHERE user_id = $1 AND organisation_id = $2 + DELETE FROM organisation_members + WHERE user_id = $1 AND organisation_id = $2 + RETURNING (user_id, organisation_id) ", user_id, organisation_id ) - .execute(pool) + .fetch_one(pool) .await?; Ok(()) @@ -276,17 +284,18 @@ impl Organisation { let logo_id = Uuid::new_v4(); let current_time = dt; - sqlx::query!( + let _ = sqlx::query!( " UPDATE organisations SET logo = $2, updated_at = $3 WHERE id = $1 + RETURNING id; ", id, logo_id, current_time ) - .execute(pool) + .fetch_one(pool) .await?; let upload_url = diff --git a/backend/server/src/models/role.rs b/backend/server/src/models/role.rs index a52eb1d4..f78ab76e 100644 --- a/backend/server/src/models/role.rs +++ b/backend/server/src/models/role.rs @@ -99,11 +99,12 @@ impl Role { role_data: RoleUpdate, pool: &Pool, ) -> Result<(), ChaosError> { - sqlx::query!( + let _ = sqlx::query!( " UPDATE campaign_roles SET (name, description, min_available, max_available, finalised) = ($2, $3, $4, $5, $6) - WHERE id = $1; + WHERE id = $1 + RETURNING id; ", id, role_data.name, @@ -112,7 +113,7 @@ impl Role { role_data.max_avaliable, role_data.finalised ) - .execute(pool) + .fetch_one(pool) .await?; Ok(())