fix cors again?

README.md

@@ -0,0 +1,4 @@
+# EngageEarn API
+
+The api for the EngageEarn app.
+

src/events.rs

@@ -18,9 +18,8 @@ pub async fn get_events_preview(
     AuthBearer(token): AuthBearer,
     State(app_state): State<AppState>,
 ) -> impl IntoResponse {
-    match handle_token(token, &app_state, Role::Student) {
+    if let Err(err) = handle_token(token, &app_state, Role::Student) {
-        Ok(_) => {}
+        return err;
-        Err(err) => return err,
     };
 
     let result = query_as!(
@@ -66,9 +65,8 @@ pub async fn get_all_events(
     AuthBearer(token): AuthBearer,
     State(app_state): State<AppState>,
 ) -> impl IntoResponse {
-    match handle_token(token, &app_state, Role::Student) {
+    if let Err(err) = handle_token(token, &app_state, Role::Student) {
-        Ok(_) => {}
+        return err;
-        Err(err) => return err,
     };
 
     let result = query_as!(
@@ -220,16 +218,21 @@ pub async fn delete_event(
     State(app_state): State<AppState>,
     Query(get_event_query): Query<GetEventQuery>,
 ) -> impl IntoResponse {
-    if let Err(err) = handle_token(token, &app_state, Role::Student) {
+    let token_data = match handle_token(token, &app_state, Role::Teacher) {
-        return err;
+        Err(err) => return err,
+        Ok(token_data) => token_data,
     };
 
     let result = query!(
         r#"
         DELETE FROM events
-        WHERE id = $1
+        WHERE
+            id = $1 AND
+            (created_by = $2 OR $3)
         "#,
-        get_event_query.id
+        get_event_query.id,
+        token_data.id,
+        token_data.role == Role::Admin,
     )
     .execute(&app_state.db_pool)
     .await;