3 files changed, 50 insertions, 5 deletions

diff --git a/app.py b/app.py
index e7e44f2..b7a0516 100644
--- a/app.py
+++ b/app.py
@@ -33,7 +33,6 @@ from litestar.datastructures import State
 
 import ics
 
-# TODO admin remove attendees
 # use url_fors, timezones?
 # error handling, auth errors, sql errors, input validation
 
@@ -181,6 +180,34 @@ async def edit(state: State, request: Request, iden: str, password: str, data: A
     return Redirect(path="/symposium/event/" + iden + "?password=" + event.password)
 
 @dataclass
+class RemoveRequest:
+    name: str
+
+@post("/event/{iden:str}/remove")
+async def remove(state: State, request: Request, iden: str, data: Annotated[RemoveRequest, Body(media_type=RequestEncodingType.URL_ENCODED)], password: str = "") -> Redirect: #-> Template:
+    async with sessionmaker(bind=state.engine) as session:
+        async with session.begin():
+            query = select(Event).where(Event.iden == iden)
+            result = await session.execute(query)
+            event = result.scalar_one()
+
+            manage = False
+            if password and hmac.compare_digest(event.password, password):
+                manage = True
+            if not manage:
+                raise ValueError("no auth")
+
+            name = data.name
+            invites = json.loads(event.invites)
+            if name in invites:
+                invites.remove(name)
+                event.invites = json.dumps(invites)
+    url = "/symposium/event/" + iden
+    if password:
+        url += "?password=" + password
+    return Redirect(path=url)
+
+@dataclass
 class JoinRequest:
     name: str
 
@@ -193,6 +220,8 @@ async def join(state: State, request: Request, iden: str, data: Annotated[JoinRe
             event = result.scalar_one()
             name = data.name
             invites = json.loads(event.invites)
+            if name in invites:
+                raise ValueError("already exists")
             invites.append(name)
             event.invites = json.dumps(invites)
     url = "/symposium/event/" + iden
@@ -207,6 +236,7 @@ app = Litestar(
         calendar,
         create,
         edit,
+        remove,
         join,
         create_static_files_router(path='/static', directories=['static']),
     ],
diff --git a/static/styles.css b/static/styles.css
index cce5d61..d0f3e5e 100644
--- a/static/styles.css
+++ b/static/styles.css
@@ -32,3 +32,12 @@ input {
 .when {
 	width: fit-content;
 }
+
+.remove {
+    margin-left: 1.5em;
+    display: inline;
+}
+
+.join-input {
+	width: 40%;
+}
diff --git a/templates/event.html b/templates/event.html
index 687d696..925a707 100644
--- a/templates/event.html
+++ b/templates/event.html
@@ -34,8 +34,8 @@
         <br>
         <hr>
         {% endif %}
-        <form method="POST" action="/symposium/event/{{ event.iden }}/edit?password={{event.password}}">
         {% if manage %}
+        <form method="POST" action="/symposium/event/{{ event.iden }}/edit?password={{event.password}}">
         <span class="q">Title:</span>
         <input name="title" type="text" value="{{ event.title }}"></input>
         {% else %}
@@ -81,12 +81,18 @@
         <button>Save changes</button>
         <br>
         <br>
-        {% endif %}
         </form>
+        {% endif %}
         <span class="q">Who?</span>
         <br>
         {% for name in event.get_invites() %}
-        &mdash; {{ name }}
+		&mdash; {{ name }}
+        {% if manage %}
+		<form class="remove" method="POST" action="/symposium/event/{{ event.iden }}/remove?password={{ event.password }}">
+			<input type="hidden" name="name" value="{{ name }}">
+			<button href="#">remove</button>
+		</form>
+        {% endif %}
         <br>
         {% endfor %}
         {% if manage %}
@@ -94,7 +100,7 @@
         {% else %}
         <form method="POST" action="/symposium/event/{{ event.iden }}/join" class="join-form">
         {% endif %}
-            <input type="text" name="name">
+            <input class="join-input" type="text" name="name">
             <button type="submit">Add attendee</button>
         </form>
     </div>