diff --git a/src/API.hs b/src/API.hs index 0ae3112ae..1bcc47b3a 100644 --- a/src/API.hs +++ b/src/API.hs @@ -48,6 +48,7 @@ type API = :> Delete '[JSON] NoContent -- trips: List :<|> "trips" + :> SessionCookie :> Get '[JSON] [T.Trip] -- Miscellaneous diff --git a/src/App.hs b/src/App.hs index 273bb3951..4f02cb444 100644 --- a/src/App.hs +++ b/src/App.hs @@ -126,8 +126,15 @@ server T.Config{..} = createAccount liftIO $ Trips.delete dbFile tripPK pure NoContent - listTrips :: Handler [T.Trip] - listTrips = liftIO $ Trips.list dbFile + listTrips :: T.SessionCookie -> Handler [T.Trip] + listTrips cookie = do + mAccount <- liftIO $ Auth.accountFromCookie dbFile cookie + case mAccount of + Nothing -> throwError err401 { errBody = "Your session cookie is invalid. Try logging out and logging back in." } + Just T.Account{..} -> + case accountRole of + T.Admin -> liftIO $ Trips.listAll dbFile + _ -> liftIO $ Trips.list dbFile accountUsername login :: T.AccountCredentials -> Handler (Headers '[Header "Set-Cookie" SetCookie] NoContent) diff --git a/src/Trips.hs b/src/Trips.hs index 55bc6b958..ec52ec58f 100644 --- a/src/Trips.hs +++ b/src/Trips.hs @@ -22,6 +22,12 @@ delete dbFile tripPK = (tripPK |> T.tripPKFields) -- | Return a list of all of the trips in `dbFile`. -list :: FilePath -> IO [T.Trip] -list dbFile = withConnection dbFile $ \conn -> +listAll :: FilePath -> IO [T.Trip] +listAll dbFile = withConnection dbFile $ \conn -> query_ conn "SELECT username,destination,startDate,endDate,comment FROM Trips" + +-- | Return a list of all of the trips in `dbFile`. +list :: FilePath -> T.Username -> IO [T.Trip] +list dbFile username = withConnection dbFile $ \conn -> + query conn "SELECT username,destination,startDate,endDate,comment FROM Trips WHERE username = ?" + (Only username)