Beispiel #1
0
func ServeDocument(w http.ResponseWriter, r *http.Request) {
	ctx := GetContext(r)

	if ctx.Account == nil {
		http.Redirect(w, r, "/login", http.StatusSeeOther)
		return
	}
	acc := ctx.Account

	vars := mux.Vars(r)
	idStr := vars["id"]
	if !bson.IsObjectIdHex(idStr) {
		ServeNotFound(w, r)
		return
	}
	id := bson.ObjectIdHex(idStr)
	doc, err := data.GetDocument(id)
	catch(r, err)
	if doc == nil || doc.Deleted {
		ServeNotFound(w, r)
		return
	}

	mem, err := data.GetMemberProjectAccount(doc.ProjectID, acc.ID)
	catch(r, err)
	if mem == nil {
		ServeForbidden(w, r)
		return
	}

	prj, err := doc.Project()
	catch(r, err)

	org, err := prj.Organization()
	catch(r, err)

	token := jwt.New(jwt.SigningMethodHS256)
	token.Claims["accountID"] = ctx.Account.ID.Hex()
	token.Claims["documentID"] = doc.ID.Hex()
	token.Claims["expires"] = time.Now().Add(time.Minute * 15).Unix()
	tokenString, err := token.SignedString([]byte(os.Getenv("SECRET")))
	catch(r, err)

	w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
	ServeHTMLTemplate(w, r, tplDocumentView, struct {
		Context      *Context
		Organization *data.Organization
		Project      *data.Project
		Document     *data.Document
		Token        string
	}{
		Context:      ctx,
		Organization: org,
		Project:      prj,
		Document:     doc,
		Token:        tokenString,
	})
}
Beispiel #2
0
func HandleMemberAdd(w http.ResponseWriter, r *http.Request) {
	ctx := GetContext(r)

	if ctx.Account == nil {
		http.Redirect(w, r, "/login", http.StatusSeeOther)
		return
	}

	err := r.ParseForm()
	catch(r, err)

	vars := mux.Vars(r)
	idStr := vars["id"]
	if !bson.IsObjectIdHex(idStr) {
		ServeNotFound(w, r)
		return
	}
	id := bson.ObjectIdHex(idStr)
	prj, err := data.GetProject(id)
	catch(r, err)
	if prj == nil {
		ServeNotFound(w, r)
		return
	}

	if prj.OwnerID != ctx.Account.ID {
		ServeForbidden(w, r)
		return
	}

	body := struct {
		Email string `schema:"email"`
	}{}

	err = schema.NewDecoder().Decode(&body, r.PostForm)
	catch(r, err)

	acc, err := data.GetAccountEmail(body.Email)
	catch(r, err)

	if acc == nil {
		RedirectBack(w, r)
		return
	}

	mem, err := data.GetMemberProjectAccount(prj.ID, acc.ID)
	catch(r, err)

	if mem != nil {
		RedirectBack(w, r)
		return
	}

	nM := data.Member{
		OrganizationID: prj.OrganizationID,
		ProjectID:      prj.ID,
		AccountID:      acc.ID,
		InviterID:      ctx.Account.ID,
		InvitedAt:      time.Now(),
	}
	err = nM.Put()
	catch(r, err)

	mems, err := data.ListMembersProject(prj.ID, 0, math.MaxInt32)
	catch(r, err)

	prj.MemberIDs = []bson.ObjectId{}
	for _, mem := range mems {
		prj.MemberIDs = append(prj.MemberIDs, mem.ID)
	}
	err = prj.Put()
	catch(r, err)

	http.Redirect(w, r, "/projects/"+prj.ID.Hex(), http.StatusSeeOther)
}