EinsatzOnline/src/modules/api/appointments/delete.rs

use rocket::State;
use crate::helper::settings::Settings;
use crate::helper::session_cookies::model::SessionCookie;
use rocket::serde::json::Json;


use crate::modules::api::model::api_outcome::{ApiErrorWrapper, ApiError};
use crate::modules::api::member_management::controller::parser::{parse_member_cookie, parse_uuid_string};
use crate::database::controller::members::check_access_to_resource;
use crate::helper::translate_diesel_error::translate_diesel;
use crate::database::controller::appointments::{remove_appointment, get_appointment_with_id};

/// Removes appointment
///
/// # Api Call
/// * DELETE
/// * /api/appointments/<appointment_id>
///
/// # Api Result
/// * Api returns nothing or ApiError in ApiErrorWrapper
///
/// # Permission required
/// * modules.scheduler.appointments.edit on specified entity
#[delete("/api/appointments/<appointment_id>", format = "json")]
pub fn delete_appointment(
    settings: &State<Settings>,
    cookie: SessionCookie,
    appointment_id: String,
) -> Result<(), Json<ApiErrorWrapper>> {
    let caller = parse_member_cookie(cookie.member)?;
    let ap_id : uuid::Uuid = parse_uuid_string(appointment_id)?;

    let ap = match get_appointment_with_id(settings, ap_id){
        Ok(ap) => ap,
        Err(e) => return Err(translate_diesel(e))
    };

    if !check_access_to_resource(settings, caller.entity_id, ap.entity_id, crate::permissions::modules::scheduler::appointments::EDIT){
        return Err(Json(
            ApiError::new(403, "Keine Berechtigung, Termine zu löschen!".to_string()).to_wrapper(),
        ));
    }

    match remove_appointment(settings, ap_id){
        Ok(_) => Ok(()),
        Err(e) => Err(translate_diesel(e))
    }
}