Beispiel #1
0
// HandleShow displays a single story
func HandleShow(context router.Context) error {

	// Find the story
	story, err := stories.Find(context.ParamInt("id"))
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect requests to the canonical url
	if context.Path() != story.URLShow() {
		return router.Redirect(context, story.URLShow())
	}

	// Find the comments for this story
	// Fetch the comments
	q := comments.Where("story_id=?", story.Id).Order(comments.RankOrder)
	rootComments, err := comments.FindAll(q)
	if err != nil {
		return router.InternalError(err)
	}

	// Render the template
	view := view.New(context)
	view.AddKey("story", story)
	view.AddKey("meta_title", story.Name)
	view.AddKey("meta_desc", story.Summary)
	view.AddKey("meta_keywords", story.Name)
	view.AddKey("comments", rootComments)

	return view.Render()
}
Beispiel #2
0
// HandleUpdate handles the POST of the form to update a page
func HandleUpdate(context router.Context) error {

	// Find the page
	page, err := pages.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update page
	err = authorise.ResourceAndAuthenticity(context, page)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the page from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}
	err = page.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to page
	return router.Redirect(context, page.URLShow())
}
Beispiel #3
0
// HandleUpdate handles the POST of the form to update a story
func HandleUpdate(context router.Context) error {

	// Find the story
	story, err := stories.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update story
	err = authorise.ResourceAndAuthenticity(context, story)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the story from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}
	err = story.Update(params.Map())
	if err != nil {
		return err // Create returns a router.Error
	}

	err = updateStoriesRank()
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to story
	return router.Redirect(context, story.URLShow())
}
Beispiel #4
0
// HandleShow serve a get request at /users/1
func HandleShow(context router.Context) error {

	// Find the user
	user, err := users.Find(context.ParamInt("id"))
	if err != nil {
		context.Logf("#error parsing user id: %s", err)
		return router.NotFoundError(err)
	}

	userMeta := fmt.Sprintf("%s – %s", user.Name, user.Summary)

	// Set up view
	view := view.New(context)

	// Find the first image which matches this user
	image, err := images.Find(user.ImageID)
	if err == nil {
		// only add image key if we have one
		view.AddKey("image", image)
	}

	// Render the Template
	view.AddKey("user", user)
	view.AddKey("meta_title", userMeta)
	view.AddKey("meta_desc", userMeta)
	view.AddKey("meta_keywords", user.Keywords())
	return view.Render()

}
Beispiel #5
0
// HandleHome displays a list of stories using gravity to order them
// used for the home page for gravity rank see votes.go
// responds to GET /
func HandleHome(context router.Context) error {

	// Build a query
	q := stories.Query().Limit(listLimit)

	// Select only above 0 points,  Order by rank, then points, then name
	q.Where("points > 0").Order("rank desc, points desc, id desc")

	// Set the offset in pages if we have one
	page := int(context.ParamInt("page"))
	if page > 0 {
		q.Offset(listLimit * page)
	}

	// Fetch the stories
	results, err := stories.FindAll(q)
	if err != nil {
		return router.InternalError(err)
	}

	// Render the template
	view := view.New(context)
	setStoriesMetadata(view, context.Request())
	view.AddKey("page", page)
	view.AddKey("stories", results)
	view.Template("stories/views/index.html.got")

	if context.Param("format") == ".xml" {
		view.Layout("")
		view.Template("stories/views/index.xml.got")
	}

	return view.Render()

}
Beispiel #6
0
// HandleUpdate responds to POST /comments/update
func HandleUpdate(context router.Context) error {

	// Find the comment
	comment, err := comments.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update comment, check auth token
	err = authorise.ResourceAndAuthenticity(context, comment)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the comment from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Clean params according to role
	accepted := comments.AllowedParams()
	if authorise.CurrentUser(context).Admin() {
		accepted = comments.AllowedParamsAdmin()
	}
	cleanedParams := params.Clean(accepted)

	err = comment.Update(cleanedParams)
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to comment
	return router.Redirect(context, comment.URLShow())
}
Beispiel #7
0
// HandleUpdate handles POST or PUT /pages/1/update
func HandleUpdate(context router.Context) error {

	// Find the page
	page, err := pages.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise updating the page
	err = authorise.Resource(context, page)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the page from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}
	err = page.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// We then find the page again, and retreive the new Url, in case it has changed during update
	page, err = pages.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Redirect to page url
	return router.Redirect(context, page.Url)
}
Beispiel #8
0
// HandleUpdate handles the POST of the form to update a user
func HandleUpdate(context router.Context) error {

	// Find the user
	user, err := users.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update user
	err = authorise.ResourceAndAuthenticity(context, user)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Get the params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Clean params further for customers, they may only update email, password, key
	allowedParams := params.Map()
	u := authorise.CurrentUser(context)
	if !u.Admin() {
		//	allowedParams = params.Clean(users.AllowedParamsCustomer())
	}

	err = user.Update(allowedParams)
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to user
	return router.Redirect(context, user.URLShow())
}
Beispiel #9
0
// HandleUpdate serves POST or PUT /tags/1/update
func HandleUpdate(context router.Context) error {

	// Find the tag
	tag, err := tags.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise
	err = authorise.Resource(context, tag)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the tag
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	err = tag.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to tag
	return router.Redirect(context, tag.URLShow())
}
Beispiel #10
0
// HandleShow displays a single story
func HandleShow(context router.Context) error {

	// Find the story
	story, err := stories.Find(context.ParamInt("id"))
	if err != nil {
		return router.InternalError(err)
	}

	// Find the comments for this story
	// Fetch the comments
	q := comments.Where("story_id=?", story.Id).Order(comments.RankOrder)
	rootComments, err := comments.FindAll(q)
	if err != nil {
		return router.InternalError(err)
	}

	// Render the template
	view := view.New(context)
	view.AddKey("story", story)
	view.AddKey("meta_title", story.Name)
	view.AddKey("meta_desc", story.Summary)
	view.AddKey("meta_keywords", story.Name)
	view.AddKey("comments", rootComments)
	view.AddKey("authenticity_token", authorise.CreateAuthenticityToken(context))

	return view.Render()
}
Beispiel #11
0
// HandleUpdateShow handles the POST of the form to update a file
func HandleUpdate(context router.Context) error {

	// Find the file
	file, err := files.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update file
	err = authorise.Resource(context, file)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the file from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Find the to user, by querying users on username or email
	// Set the user id if found, else return 404 error, user not found

	// TODO: Make *sure* this only accepts the params we want
	err = file.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to file
	return router.Redirect(context, file.URLShow())
}
Beispiel #12
0
// HandleUpdate handles the POST of the form to update a post
func HandleUpdate(context router.Context) error {

	// Find the post
	post, err := posts.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update post
	err = authorise.Resource(context, post)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the post from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}
	err = post.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to post
	return router.Redirect(context, post.URLShow())
}
Beispiel #13
0
// HandleUpdateShow renders the form to update a post
func HandleUpdateShow(context router.Context) error {

	// Find the post
	post, err := posts.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update post
	err = authorise.Resource(context, post)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Find users for author details
	users, err := users.FindAll(users.Admins())
	if err != nil {
		return router.NotFoundError(err)
	}

	// Render the template
	view := view.New(context)
	view.AddKey("post", post)
	view.AddKey("users", users)
	return view.Render()
}
Beispiel #14
0
// HandleDownload sends a single file
func HandleDownload(context router.Context) error {

	// Find the file
	file, err := files.Find(context.ParamInt("id"))
	if err != nil {
		return router.InternalError(err)
	}

	// Authorise access to this file - only the file owners can access their own files
	err = authorise.Resource(context, file)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// If we are permitted, send the file to the user
	//w.Header().Set("Content-Type", "text/plain; charset=utf-8")
	//http.DetectContentType(data []byte) string
	h := context.Header()
	h.Set("Content-Type", "application/pgp-encrypted")
	h.Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", file.Name()))
	h.Set("Content-Transfer-Encoding", "binary")

	http.ServeFile(context, context.Request(), file.Path)
	return nil
}
Beispiel #15
0
// HandleUpdate handles POST or PUT /images/1/update
func HandleUpdate(context router.Context) error {

	// Find the image
	image, err := images.Find(context.ParamInt("id"))
	if err != nil {
		context.Logf("#error Error finding image %s", err)
		return router.NotFoundError(err)
	}

	// Authorise
	err = authorise.Resource(context, image)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the image
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	err = image.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// We redirect back to source if redirect param is set
	return router.Redirect(context, image.URLUpdate())

}
Beispiel #16
0
// HandleUpdate responds to POST /comments/update
func HandleUpdate(context router.Context) error {

	// Find the comment
	comment, err := comments.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update comment, check auth token
	err = authorise.ResourceAndAuthenticity(context, comment)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Update the comment from params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	err = comment.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to comment
	return router.Redirect(context, comment.URLShow())
}
Beispiel #17
0
// HandleUpdate or PUT /users/1/update
func HandleUpdate(context router.Context) error {

	// Find the user
	id := context.ParamInt("id")
	user, err := users.Find(id)
	if err != nil {
		context.Logf("#error Error finding user %s", err)
		return router.NotFoundError(err)
	}

	// Authorise
	err = authorise.ResourceAndAuthenticity(context, user)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Get the params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	context.Logf("PARAMS RECD:%v", params)

	err = user.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to user
	return router.Redirect(context, user.URLShow())
}
Beispiel #18
0
// HandleUpdate or PUT /users/1/update
func HandleUpdate(context router.Context) error {

	// Find the user
	id := context.ParamInt("id")
	user, err := users.Find(id)
	if err != nil {
		context.Logf("#error Error finding user %s", err)
		return router.NotFoundError(err)
	}

	// Authorise
	err = authorise.Resource(context, user)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// We expect only one image, what about replacing the existing when updating?
	// At present we just create a new image
	files, err := context.ParamFiles("image")
	if err != nil {
		return router.InternalError(err)
	}

	// Get the params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	var imageID int64

	if len(files) > 0 {
		fileHandle := files[0]

		// Create an image (saving the image representation on disk)
		imageParams := map[string]string{"name": user.Name, "status": "100"}
		imageID, err = images.Create(imageParams, fileHandle)
		if err != nil {
			return router.InternalError(err)
		}

		params.Set("image_id", fmt.Sprintf("%d", imageID))
		delete(params, "image")
	}

	err = user.Update(params.Map())
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to user
	return router.Redirect(context, user.URLShow())
}
Beispiel #19
0
// HandleIndex displays a list of stories at /stories
func HandleIndex(context router.Context) error {

	// Build a query
	q := stories.Query().Limit(listLimit)

	// Order by date by default
	q.Where("points > -6").Order("created_at desc")

	// Filter if necessary - this assumes name and summary cols
	filter := context.Param("q")
	if len(filter) > 0 {

		// Replace special characters with escaped sequence
		filter = strings.Replace(filter, "_", "\\_", -1)
		filter = strings.Replace(filter, "%", "\\%", -1)

		wildcard := "%" + filter + "%"

		// Perform a wildcard search for name or url
		q.Where("stories.name ILIKE ? OR stories.url ILIKE ?", wildcard, wildcard)

		// If filtering, order by rank, not by date
		q.Order("rank desc, points desc, id desc")
	}

	// Set the offset in pages if we have one
	page := int(context.ParamInt("page"))
	if page > 0 {
		q.Offset(listLimit * page)
	}

	// Fetch the stories
	results, err := stories.FindAll(q)
	if err != nil {
		return router.InternalError(err)
	}

	// Render the template
	view := view.New(context)

	setStoriesMetadata(view, context.Request())
	view.AddKey("page", page)
	view.AddKey("stories", results)

	if context.Param("format") == ".xml" {
		view.Layout("")
		view.Template("stories/views/index.xml.got")
	}

	return view.Render()

}
Beispiel #20
0
// HandleShow displays a single user
func HandleShow(context router.Context) error {

	// Find the user
	user, err := users.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Render the template
	view := view.New(context)
	view.AddKey("user", user)
	return view.Render()
}
Beispiel #21
0
// HandleShow displays a single page
func HandleShow(context router.Context) error {

	// Find the page
	page, err := pages.Find(context.ParamInt("id"))
	if err != nil {
		return router.InternalError(err)
	}

	// Authorise access
	err = authorise.Resource(context, page)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	return render(context, page)
}
Beispiel #22
0
// HandleShow displays a single comment
func HandleShow(context router.Context) error {

	// Find the comment
	comment, err := comments.Find(context.ParamInt("id"))
	if err != nil {
		return router.InternalError(err)
	}

	// No auth as all are public - if we restricted by status we might need to authorise here

	// Render the template
	view := view.New(context)
	view.AddKey("comment", comment)
	view.AddKey("authenticity_token", authorise.CreateAuthenticityToken(context))
	return view.Render()
}
Beispiel #23
0
// HandleUpvoted displays a list of stories the user has upvoted in the past
func HandleUpvoted(context router.Context) error {

	// Build a query
	q := stories.Query().Limit(listLimit)

	// Select only above 0 points,  Order by rank, then points, then name
	q.Where("points > 0").Order("rank desc, points desc, id desc")

	// Select only stories which the user has upvoted
	user := authorise.CurrentUser(context)
	if !user.Anon() {
		// Can we use a join instead?
		v := query.New("votes", "story_id").Select("select story_id as id from votes").Where("user_id=? AND story_id IS NOT NULL AND points > 0", user.Id)

		storyIDs := v.ResultIDs()
		if len(storyIDs) > 0 {
			q.WhereIn("id", storyIDs)
		}
	}

	// Set the offset in pages if we have one
	page := int(context.ParamInt("page"))
	if page > 0 {
		q.Offset(listLimit * page)
	}

	// Fetch the stories
	results, err := stories.FindAll(q)
	if err != nil {
		return router.InternalError(err)
	}

	// Render the template
	view := view.New(context)
	setStoriesMetadata(view, context.Request())
	view.AddKey("page", page)
	view.AddKey("stories", results)
	view.Template("stories/views/index.html.got")

	if context.Param("format") == ".xml" {
		view.Layout("")
		view.Template("stories/views/index.xml.got")
	}

	return view.Render()

}
Beispiel #24
0
// HandleDownvote handles POST to /stories/123/downvote
func HandleDownvote(context router.Context) error {

	// Prevent CSRF
	err := authorise.AuthenticityToken(context)
	if err != nil {
		return router.NotAuthorizedError(err, "Vote Failed", "CSRF failure")
	}

	// Find the story
	story, err := stories.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}
	user := authorise.CurrentUser(context)
	ip := getUserIP(context)

	if !user.Admin() {
		// Check we have no votes already from this user, if we do fail
		if storyHasUserVote(story, user) {
			return router.NotAuthorizedError(err, "Vote Failed", "Sorry you are not allowed to vote twice, nice try!")
		}
	}

	// Authorise upvote on story for this user - our rules are:
	if !user.CanDownvote() {
		return router.NotAuthorizedError(err, "Vote Failed", "Sorry, you can't downvote yet")
	}

	err = authorise.Resource(context, story)
	if err != nil {
		return router.NotAuthorizedError(err, "Vote Failed", "Sorry you are not allowed to vote")
	}

	err = adjustUserPoints(user, -1)
	if err != nil {
		return err
	}

	// Adjust points on story and add to the vote table
	err = addStoryVote(story, user, ip, -1)
	if err != nil {
		return err
	}

	return updateStoriesRank()
}
Beispiel #25
0
// HandleUpdateShow renders the form to update a file
func HandleUpdateShow(context router.Context) error {

	// Find the file
	file, err := files.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update file
	err = authorise.ResourceAndAuthenticity(context, file)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Render the template
	view := view.New(context)
	view.AddKey("file", file)
	return view.Render()
}
Beispiel #26
0
// HandleUpdateShow serves a get request at /tags/1/update (show form to update)
func HandleUpdateShow(context router.Context) error {

	// Find the tag
	tag, err := tags.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise
	err = authorise.Resource(context, tag)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Render the template
	view := view.New(context)
	view.AddKey("tag", tag)
	return view.Render()
}
Beispiel #27
0
// HandleCreateShow serves the create form via GET for comments
func HandleCreateShow(context router.Context) error {

	// Authorise
	err := authorise.Path(context)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Render the template
	view := view.New(context)
	comment := comments.New()
	view.AddKey("comment", comment)

	// TODO: May have to validate parent_id or story_id
	view.AddKey("story_id", context.ParamInt("story_id"))
	view.AddKey("parent_id", context.ParamInt("parent_id"))
	view.AddKey("authenticity_token", authorise.CreateAuthenticityToken(context))
	return view.Render()
}
Beispiel #28
0
// HandleFlag handles POST to /stories/123/flag
func HandleFlag(context router.Context) error {

	// Protect against CSRF
	err := authorise.AuthenticityToken(context)
	if err != nil {
		return router.NotAuthorizedError(err, "Flag Failed", "CSRF failure")
	}

	// Find the story
	story, err := stories.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}
	user := authorise.CurrentUser(context)
	ip := getUserIP(context)

	// Check we have no votes already from this user, if we do fail
	if storyHasUserFlag(story, user) {
		return router.NotAuthorizedError(err, "Flag Failed", "Sorry you are not allowed to flag twice, nice try!")
	}

	// Authorise upvote on story for this user
	if !user.CanFlag() {
		return router.NotAuthorizedError(err, "Flag Failed", "Sorry, you can't flag yet")
	}

	err = authorise.Resource(context, story)
	if err != nil {
		return router.NotAuthorizedError(err, "Flag Failed", "Sorry you are not allowed to flag")
	}

	err = adjustUserPoints(user, -1)
	if err != nil {
		return err
	}

	err = addStoryVote(story, user, ip, -5)
	if err != nil {
		return err
	}
	return updateStoriesRank()
}
Beispiel #29
0
// HandleDownvote handles POST to /comments/123/downvote
func HandleDownvote(context router.Context) error {

	// Prevent CSRF
	err := authorise.AuthenticityToken(context)
	if err != nil {
		return router.NotAuthorizedError(err, "Vote Failed", "CSRF failure")
	}

	// Find the comment
	comment, err := comments.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}
	user := authorise.CurrentUser(context)
	ip := getUserIP(context)

	if !user.Admin() {
		// Check we have no votes already from this user, if we do fail
		if commentHasUserVote(comment, user) {
			return router.NotAuthorizedError(err, "Vote Failed", "Sorry you are not allowed to vote twice, nice try!")
		}
	}

	// Authorise upvote on comment for this user - our rules are:
	if !user.CanDownvote() {
		return router.NotAuthorizedError(err, "Vote Failed", "Sorry, you can't downvote yet")
	}

	// CURRENT User burns points for downvoting
	err = adjustUserPoints(user, -1)
	if err != nil {
		return err
	}

	// Adjust points on comment and add to the vote table
	err = addCommentVote(comment, user, ip, -1)
	if err != nil {
		return err
	}

	return updateCommentsRank(comment.StoryId)
}
Beispiel #30
0
// HandleUpdateShow renders the form to update a user
func HandleUpdateShow(context router.Context) error {

	// Find the user
	user, err := users.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update user
	err = authorise.Resource(context, user)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Render the template
	view := view.New(context)
	view.AddKey("user", user)

	return view.Render()
}