Beispiel #1
0
func (a *A) allowsContent(op string) (bson.ObjectId, string, error) {
	uni := a.uni
	var typ string
	if op == "insert" {
		typ = uni.Req.Form["type"][0] // See TODO below.
	} else {
		content_id := patterns.ToIdWithCare(uni.Req.Form["id"][0]) // TODO: Don't let it panic if id does not exists, return descriptive error message.
		_typ, err := content_model.TypeOf(uni.Db, content_id)
		if err != nil {
			return "", "", err
		}
		typ = _typ
	}
	auth_opts, ignore := user.AuthOpts(uni, "content.types."+typ, op)
	if ignore {
		return "", "", fmt.Errorf("Auth options should not be ignored.")
	}
	err, _ := user.AuthAction(uni, auth_opts)
	if err != nil {
		return "", "", err
	}
	uid_i, has_uid := jsonp.Get(uni.Dat, "_user._id")
	if !has_uid {
		return "", "", fmt.Errorf("Can't %v content, you have no id.", op)
	}
	uid := uid_i.(bson.ObjectId)
	user_level := scut.Ulev(uni.Dat["_user"])
	allowed_err := content_model.CanModifyContent(uni.Db, uni.Req.Form, 300, uid, user_level)
	if allowed_err != nil {
		return "", "", allowed_err
	}
	return uid, typ, nil
}
Beispiel #2
0
// Return values: content type, general (fatal) error, puzzle error
// Puzzle error is returned to support the decision of wether to put the comment into a moderation queue.
func (a *A) allowsComment(op string) (string, error, error) {
	uni := a.uni
	inp := uni.Req.Form
	user_level := scut.Ulev(uni.Dat["_user"])
	content_id := bson.ObjectIdHex(inp["content_id"][0])
	typ, err := content_model.TypeOf(uni.Db, content_id)
	if err != nil {
		return "", err, nil
	}
	auth_opts, ignore := user.AuthOpts(uni, "content.types."+typ, op+"_comment")
	if ignore {
		return "", fmt.Errorf("Auth options should not be ignored."), nil
	}
	err, puzzle_err := user.AuthAction(uni, auth_opts)
	if err != nil {
		return "", err, nil
	}
	var user_id bson.ObjectId
	user_id_i, has := jsonp.Get(uni.Dat, "_user._id") // At this point the user will have a user id. TODO: except when the auth_opts is misconfigured.
	if !has {
		return "", fmt.Errorf("User has no id."), nil
	}
	if has {
		user_id = user_id_i.(bson.ObjectId)
	}
	if op != "insert" {
		err = content_model.CanModifyComment(uni.Db, inp, 300, user_id, user_level) // TODO: remove hard-coded value.
	}
	return typ, err, puzzle_err
}