From bedd8c8de27c10b402a38198306a919ce16eac92 Mon Sep 17 00:00:00 2001 From: Kavika Date: Wed, 13 Nov 2024 13:54:18 +1100 Subject: [PATCH] use `fetch_one()` to check valid id --- backend/server/src/handler/organisation.rs | 8 ++-- backend/server/src/models/application.rs | 12 +++--- backend/server/src/models/campaign.rs | 18 ++++---- backend/server/src/models/organisation.rs | 48 +++++++++++++++++----- backend/server/src/models/rating.rs | 4 +- backend/server/src/models/role.rs | 12 +++--- 6 files changed, 65 insertions(+), 37 deletions(-) diff --git a/backend/server/src/handler/organisation.rs b/backend/server/src/handler/organisation.rs index 78ec8bc6..ad084199 100644 --- a/backend/server/src/handler/organisation.rs +++ b/backend/server/src/handler/organisation.rs @@ -91,12 +91,12 @@ impl OrganisationHandler { } pub async fn remove_admin( - State(state): State, + mut transaction: DBTransaction<'_>, Path(id): Path, _super_user: SuperUser, Json(request_body): Json, ) -> Result { - Organisation::remove_admin(id, request_body.user_id, &state.db).await?; + Organisation::remove_admin(id, request_body.user_id, &mut transaction.tx).await?; Ok(( StatusCode::OK, @@ -105,12 +105,12 @@ impl OrganisationHandler { } pub async fn remove_member( - State(state): State, + mut transaction: DBTransaction<'_>, Path(id): Path, _admin: OrganisationAdmin, Json(request_body): Json, ) -> Result { - Organisation::remove_member(id, request_body.user_id, &state.db).await?; + Organisation::remove_member(id, request_body.user_id, &mut transaction.tx).await?; Ok(( StatusCode::OK, diff --git a/backend/server/src/models/application.rs b/backend/server/src/models/application.rs index 04749081..1cd9a74f 100644 --- a/backend/server/src/models/application.rs +++ b/backend/server/src/models/application.rs @@ -364,16 +364,16 @@ impl Application { new_status: ApplicationStatus, pool: &Pool, ) -> Result<(), ChaosError> { - sqlx::query!( + _ = sqlx::query!( " UPDATE applications SET status = $2 - WHERE id = $1; + WHERE id = $1 RETURNING id ", id, new_status as ApplicationStatus ) - .execute(pool) + .fetch_one(pool) .await?; Ok(()) @@ -384,16 +384,16 @@ impl Application { new_status: ApplicationStatus, pool: &Pool, ) -> Result<(), ChaosError> { - sqlx::query!( + _ = sqlx::query!( " UPDATE applications SET private_status = $2 - WHERE id = $1; + WHERE id = $1 RETURNING id ", id, new_status as ApplicationStatus ) - .execute(pool) + .fetch_one(pool) .await?; Ok(()) diff --git a/backend/server/src/models/campaign.rs b/backend/server/src/models/campaign.rs index 40590fee..eb750de7 100644 --- a/backend/server/src/models/campaign.rs +++ b/backend/server/src/models/campaign.rs @@ -96,11 +96,11 @@ impl Campaign { update: CampaignUpdate, pool: &Pool, ) -> Result<(), ChaosError> { - sqlx::query!( + _ = sqlx::query!( " UPDATE campaigns SET name = $1, description = $2, starts_at = $3, ends_at = $4 - WHERE id = $5 + WHERE id = $5 RETURNING id ", update.name, update.description, @@ -108,7 +108,7 @@ impl Campaign { update.ends_at, id ) - .execute(pool) + .fetch_one(pool) .await?; Ok(()) @@ -125,17 +125,17 @@ impl Campaign { let image_id = Uuid::new_v4(); let current_time = dt; - sqlx::query!( + _ = sqlx::query!( " UPDATE campaigns SET cover_image = $1, updated_at = $2 - WHERE id = $3 + WHERE id = $3 RETURNING id ", image_id, current_time, id ) - .execute(pool) + .fetch_one(pool) .await?; let upload_url = @@ -146,13 +146,13 @@ impl Campaign { /// Delete a campaign from the database pub async fn delete(id: i64, pool: &Pool) -> Result<(), ChaosError> { - sqlx::query!( + _ = sqlx::query!( " - DELETE FROM campaigns WHERE id = $1 + DELETE FROM campaigns WHERE id = $1 RETURNING id ", id ) - .execute(pool) + .fetch_one(pool) .await?; Ok(()) diff --git a/backend/server/src/models/organisation.rs b/backend/server/src/models/organisation.rs index 984deef3..94a34c24 100644 --- a/backend/server/src/models/organisation.rs +++ b/backend/server/src/models/organisation.rs @@ -115,13 +115,13 @@ impl Organisation { } pub async fn delete(id: i64, pool: &Pool) -> Result<(), ChaosError> { - sqlx::query!( + _ = sqlx::query!( " - DELETE FROM organisations WHERE id = $1 + DELETE FROM organisations WHERE id = $1 RETURNING id ", id ) - .execute(pool) + .fetch_one(pool) .await?; Ok(()) @@ -175,6 +175,13 @@ impl Organisation { admin_id_list: Vec, transaction: &mut Transaction<'_, Postgres>, ) -> Result<(), ChaosError> { + let _ = sqlx::query!( + "SELECT id FROM organisations WHERE id = $1", + organisation_id + ) + .fetch_one(transaction.deref_mut()) + .await?; + sqlx::query!( "DELETE FROM organisation_members WHERE organisation_id = $1 AND role = $2", organisation_id, @@ -205,6 +212,13 @@ impl Organisation { member_id_list: Vec, transaction: &mut Transaction<'_, Postgres>, ) -> Result<(), ChaosError> { + let _ = sqlx::query!( + "SELECT id FROM organisations WHERE id = $1", + organisation_id + ) + .fetch_one(transaction.deref_mut()) + .await?; + sqlx::query!( "DELETE FROM organisation_members WHERE organisation_id = $1 AND role = $2", organisation_id, @@ -233,8 +247,15 @@ impl Organisation { pub async fn remove_admin( organisation_id: i64, admin_to_remove: i64, - pool: &Pool, + transaction: &mut Transaction<'_, Postgres>, ) -> Result<(), ChaosError> { + let _ = sqlx::query!( + "SELECT id FROM organisations WHERE id = $1", + organisation_id + ) + .fetch_one(transaction.deref_mut()) + .await?; + sqlx::query!( " UPDATE organisation_members SET role = $3 WHERE user_id = $1 AND organisation_id = $2 @@ -243,7 +264,7 @@ impl Organisation { organisation_id, OrganisationRole::User as OrganisationRole ) - .execute(pool) + .execute(transaction.deref_mut()) .await?; Ok(()) @@ -252,8 +273,15 @@ impl Organisation { pub async fn remove_member( organisation_id: i64, user_id: i64, - pool: &Pool, + transaction: &mut Transaction<'_, Postgres>, ) -> Result<(), ChaosError> { + let _ = sqlx::query!( + "SELECT id FROM organisations WHERE id = $1", + organisation_id + ) + .fetch_one(transaction.deref_mut()) + .await?; + sqlx::query!( " DELETE FROM organisation_members WHERE user_id = $1 AND organisation_id = $2 @@ -261,7 +289,7 @@ impl Organisation { user_id, organisation_id ) - .execute(pool) + .execute(transaction.deref_mut()) .await?; Ok(()) @@ -276,17 +304,17 @@ impl Organisation { let logo_id = Uuid::new_v4(); let current_time = dt; - sqlx::query!( + _ = sqlx::query!( " UPDATE organisations SET logo = $2, updated_at = $3 - WHERE id = $1 + WHERE id = $1 RETURNING id ", id, logo_id, current_time ) - .execute(pool) + .fetch_one(pool) .await?; let upload_url = diff --git a/backend/server/src/models/rating.rs b/backend/server/src/models/rating.rs index de01838f..92162971 100644 --- a/backend/server/src/models/rating.rs +++ b/backend/server/src/models/rating.rs @@ -83,7 +83,7 @@ impl Rating { UPDATE application_ratings SET rating = $2, comment = $3, updated_at = $4 WHERE id = $1 - RETURNING id; + RETURNING id ", rating_id, rating, @@ -145,7 +145,7 @@ impl Rating { let _ = sqlx::query!( " DELETE FROM application_ratings WHERE id = $1 - RETURNING id; + RETURNING id ", rating_id ) diff --git a/backend/server/src/models/role.rs b/backend/server/src/models/role.rs index a52eb1d4..ff53014b 100644 --- a/backend/server/src/models/role.rs +++ b/backend/server/src/models/role.rs @@ -82,13 +82,13 @@ impl Role { } pub async fn delete(id: i64, pool: &Pool) -> Result<(), ChaosError> { - sqlx::query!( + let _ = sqlx::query!( " - DELETE FROM campaign_roles WHERE id = $1 + DELETE FROM campaign_roles WHERE id = $1 RETURNING id ", id ) - .execute(pool) + .fetch_one(pool) .await?; Ok(()) @@ -99,11 +99,11 @@ impl Role { role_data: RoleUpdate, pool: &Pool, ) -> Result<(), ChaosError> { - sqlx::query!( + let _ = sqlx::query!( " UPDATE campaign_roles SET (name, description, min_available, max_available, finalised) = ($2, $3, $4, $5, $6) - WHERE id = $1; + WHERE id = $1 RETURNING id ", id, role_data.name, @@ -112,7 +112,7 @@ impl Role { role_data.max_avaliable, role_data.finalised ) - .execute(pool) + .fetch_one(pool) .await?; Ok(())