Beispiel #1
0
// HandleIndex displays a list of files
func HandleIndex(context router.Context) error {

	// Authorise
	err := authorise.Path(context)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Find the current user and check status
	u := authorise.CurrentUser(context)
	if u.Anon() {
		//	return router.NotAuthorizedError(err)
	}

	// For admins, show all files, order by date desc
	q := files.Query().Order("updated_at desc")

	// otherwise show just the logged in user's files
	if !u.Admin() {
		// Find the files for this user, unless
		q = files.Where("user_id=?", u.Id)
	}

	// Fetch the files
	results, err := files.FindAll(q)
	if err != nil {
		return router.InternalError(err)
	}

	// Render the template
	view := view.New(context)
	view.AddKey("files", results)
	return view.Render()

}
Beispiel #2
0
// HandleUpdate handles the POST of the form to update a user
func HandleUpdate(context router.Context) error {

	// Find the user
	user, err := users.Find(context.ParamInt("id"))
	if err != nil {
		return router.NotFoundError(err)
	}

	// Authorise update user
	err = authorise.ResourceAndAuthenticity(context, user)
	if err != nil {
		return router.NotAuthorizedError(err)
	}

	// Get the params
	params, err := context.Params()
	if err != nil {
		return router.InternalError(err)
	}

	// Clean params further for customers, they may only update email, password, key
	allowedParams := params.Map()
	u := authorise.CurrentUser(context)
	if !u.Admin() {
		//	allowedParams = params.Clean(users.AllowedParamsCustomer())
	}

	err = user.Update(allowedParams)
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect to user
	return router.Redirect(context, user.URLShow())
}
Beispiel #3
0
// HandleLoginShow handles GET /users/login
func HandleLoginShow(context router.Context) error {

	// Check we have no current user
	u := authorise.CurrentUser(context)
	if !u.Anon() {
		return router.Redirect(context, fmt.Sprintf("/users/%d", u.Id))
	}

	// Render the template
	view := view.New(context)
	view.AddKey("error", context.Param("error"))
	return view.Render()
}