Ejemplo n.º 1
0
func deleteClass(w http.ResponseWriter, r *http.Request) *webapp.Error {
	idString := r.FormValue("class")
	if idString == "" {
		return missingFields(w)
	}
	id, err := strconv.ParseInt(idString, 10, 64)
	if err != nil {
		return invalidData(w, fmt.Sprintf("Invalid class ID"))
	}
	c := appengine.NewContext(r)
	class, err := classes.ClassWithID(c, id)
	switch err {
	case nil:
		break
	case classes.ErrClassNotFound:
		return invalidData(w, "No such class.")
	default:
		return webapp.InternalError(fmt.Errorf("failed to look up class %d: %s", id, err))
	}
	staffAccount, ok := staffContext(r)
	if !ok {
		return webapp.UnauthorizedError(fmt.Errorf("only staff may delete classes"))
	}
	if r.Method == "POST" {
		c.Infof("updating class %d", class.ID)
		token, err := auth.TokenForRequest(c, staffAccount.ID, r.URL.Path)
		if err != nil {
			return webapp.UnauthorizedError(fmt.Errorf("didn't find an auth token"))
		}
		if !token.IsValid(r.FormValue(auth.TokenFieldName), time.Now()) {
			return webapp.UnauthorizedError(fmt.Errorf("invalid auth token"))
		}
		if err := class.Delete(c); err != nil {
			return webapp.InternalError(fmt.Errorf("failed to delete class %d: %s", class.ID, err))
		}
		token.Delete(c)
		http.Redirect(w, r, "/staff", http.StatusSeeOther)
		return nil
	}
	token, err := auth.NewToken(staffAccount.ID, r.URL.Path, time.Now())
	if err != nil {
		return webapp.InternalError(err)
	}
	if err := token.Store(c); err != nil {
		return webapp.InternalError(err)
	}
	data := map[string]interface{}{
		"Token":   token.Encode(),
		"Class":   class,
		"Teacher": class.TeacherEntity(c),
	}
	if err := deleteClassPage.Execute(w, data); err != nil {
		return webapp.InternalError(err)
	}
	return nil
}
Ejemplo n.º 2
0
func checkToken(c appengine.Context, userID, path, encoded string) (*auth.Token, bool) {
	token, err := auth.TokenForRequest(c, userID, path)
	if err != nil {
		return nil, false
	}
	if token.IsValid(encoded, time.Now()) {
		return token, true
	}
	return nil, false
}
Ejemplo n.º 3
0
func deleteYinYogassage(w http.ResponseWriter, r *http.Request) *webapp.Error {
	fields, err := webapp.ParseRequiredValues(r, "id")
	if err != nil {
		return webapp.InternalError(err)
	}
	id, err := strconv.ParseInt(fields["id"], 10, 64)
	if err != nil {
		return invalidData(w, fmt.Sprintf("Invalid yogassage ID"))
	}
	c := appengine.NewContext(r)
	yin, err := yogassage.WithID(c, id)
	if err != nil {
		return webapp.InternalError(fmt.Errorf("failed to find yogassage %d: %s", id, err))
	}
	staffAccount, ok := staffContext(r)
	if !ok {
		return webapp.UnauthorizedError(fmt.Errorf("only staff may delete yogassage classes"))
	}
	if r.Method == "POST" {
		token, err := auth.TokenForRequest(c, staffAccount.ID, r.URL.Path)
		if err != nil {
			return webapp.UnauthorizedError(fmt.Errorf("didn't find an auth token"))
		}
		if !token.IsValid(r.FormValue(auth.TokenFieldName), time.Now()) {
			return webapp.UnauthorizedError(fmt.Errorf("invalid auth token"))
		}
		if err := yin.Delete(c); err != nil {
			return webapp.InternalError(fmt.Errorf("failed to delete yogassage %d: %s", yin.ID, err))
		}
		token.Delete(c)
		http.Redirect(w, r, "/staff", http.StatusSeeOther)
		return nil
	}
	token, err := auth.NewToken(staffAccount.ID, r.URL.Path, time.Now())
	if err != nil {
		return webapp.InternalError(err)
	}
	if err := token.Store(c); err != nil {
		return webapp.InternalError(err)
	}
	data := map[string]interface{}{
		"Token": token.Encode(),
		"Class": yin,
	}
	if err := deleteYinYogassagePage.Execute(w, data); err != nil {
		return webapp.InternalError(err)
	}
	return nil
}
Ejemplo n.º 4
0
func addSession(w http.ResponseWriter, r *http.Request) *webapp.Error {
	c := appengine.NewContext(r)
	staffAccount, ok := staffContext(r)
	if !ok {
		return webapp.UnauthorizedError(fmt.Errorf("only staff may add sessions"))
	}
	if r.Method == "POST" {
		token, err := auth.TokenForRequest(c, staffAccount.ID, r.URL.Path)
		if err != nil {
			return webapp.UnauthorizedError(fmt.Errorf("didn't find an auth token"))
		}
		if !token.IsValid(r.FormValue(auth.TokenFieldName), time.Now()) {
			return webapp.UnauthorizedError(fmt.Errorf("invalid auth token"))
		}
		fields, err := webapp.ParseRequiredValues(r, "name", "startdate", "enddate")
		if err != nil {
			return missingFields(w)
		}
		start, err := parseLocalDate(fields["startdate"])
		if err != nil {
			return invalidData(w, "Invalid start date; please use mm/dd/yyyy format.")
		}
		end, err := parseLocalDate(fields["enddate"])
		if err != nil {
			return invalidData(w, "Invalid end date; please use mm/dd/yyyy format.")
		}
		session := classes.NewSession(fields["name"], start, end)
		if err := session.Insert(c); err != nil {
			return webapp.InternalError(fmt.Errorf("failed to put session: %s", err))
		}
		token.Delete(c)
		http.Redirect(w, r, "/staff", http.StatusSeeOther)
		return nil
	}
	token, err := auth.NewToken(staffAccount.ID, r.URL.Path, time.Now())
	if err != nil {
		return webapp.InternalError(err)
	}
	if err := token.Store(c); err != nil {
		return webapp.InternalError(err)
	}
	data := map[string]interface{}{
		"Token": token.Encode(),
	}
	if err := addSessionPage.Execute(w, data); err != nil {
		return webapp.InternalError(err)
	}
	return nil
}
Ejemplo n.º 5
0
func deleteAnnouncement(w http.ResponseWriter, r *http.Request) *webapp.Error {
	fields, err := webapp.ParseRequiredValues(r, "id")
	if err != nil {
		return webapp.InternalError(err)
	}
	id, err := strconv.ParseInt(fields["id"], 10, 64)
	if err != nil {
		return webapp.InternalError(fmt.Errorf("failed to parse %q as announcement ID: %s", fields["id"], err))
	}
	c := appengine.NewContext(r)
	announce, err := staff.AnnouncementWithID(c, id)
	if err != nil {
		return missingFields(w)
	}
	staffAccount, ok := staffContext(r)
	if !ok {
		return webapp.UnauthorizedError(fmt.Errorf("only staff may delete announcements"))
	}
	if r.Method == "POST" {
		token, err := auth.TokenForRequest(c, staffAccount.ID, r.URL.Path)
		if err != nil {
			return webapp.UnauthorizedError(fmt.Errorf("didn't find an auth token"))
		}
		if !token.IsValid(r.FormValue(auth.TokenFieldName), time.Now()) {
			return webapp.UnauthorizedError(fmt.Errorf("invalid auth token"))
		}
		if err := announce.Delete(c); err != nil {
			return webapp.InternalError(fmt.Errorf("failed to delete announcement %d: %s", announce.ID, err))
		}
		token.Delete(c)
		http.Redirect(w, r, "/staff", http.StatusSeeOther)
		return nil
	}
	token, err := auth.NewToken(staffAccount.ID, r.URL.Path, time.Now())
	if err != nil {
		return webapp.InternalError(err)
	}
	if err := token.Store(c); err != nil {
		return webapp.InternalError(err)
	}
	data := map[string]interface{}{
		"Token":        token.Encode(),
		"Announcement": announce,
	}
	if err := deleteAnnouncementPage.Execute(w, data); err != nil {
		return webapp.InternalError(err)
	}
	return nil
}
Ejemplo n.º 6
0
func addTeacher(w http.ResponseWriter, r *http.Request) *webapp.Error {
	c := appengine.NewContext(r)
	vals, err := webapp.ParseRequiredValues(r, "email")
	if err != nil {
		return webapp.InternalError(err)
	}
	staffAccount, ok := staffContext(r)
	if !ok {
		return webapp.UnauthorizedError(fmt.Errorf("only staff may add teachers"))
	}
	account, err := account.WithEmail(c, vals["email"])
	if err != nil {
		return webapp.InternalError(fmt.Errorf("Couldn't find account for '%s'", vals["email"]))
	}
	if r.Method == "POST" {
		token, err := auth.TokenForRequest(c, staffAccount.ID, r.URL.Path)
		if err != nil {
			return webapp.UnauthorizedError(fmt.Errorf("didn't find an auth token"))
		}
		if !token.IsValid(r.FormValue(auth.TokenFieldName), time.Now()) {
			return webapp.UnauthorizedError(fmt.Errorf("invalid auth token"))
		}
		teacher := classes.NewTeacher(account)
		if err := teacher.Put(c); err != nil {
			return webapp.InternalError(fmt.Errorf("Couldn't store teacher for %q: %s", account.Email, err))
		}
		token.Delete(c)
		http.Redirect(w, r, "/staff", http.StatusSeeOther)
		return nil
	}
	token, err := auth.NewToken(staffAccount.ID, r.URL.Path, time.Now())
	if err != nil {
		return webapp.InternalError(err)
	}
	if err := token.Store(c); err != nil {
		return webapp.InternalError(err)
	}
	data := map[string]interface{}{
		"Token": token.Encode(),
		"User":  account,
	}
	if err := addTeacherPage.Execute(w, data); err != nil {
		return webapp.InternalError(err)
	}
	return nil
}
Ejemplo n.º 7
0
func addAnnouncement(w http.ResponseWriter, r *http.Request) *webapp.Error {
	c := appengine.NewContext(r)
	staffAccount, ok := staffContext(r)
	if !ok {
		return webapp.UnauthorizedError(fmt.Errorf("only staff may add announcements"))
	}
	if r.Method == "POST" {
		token, err := auth.TokenForRequest(c, staffAccount.ID, r.URL.Path)
		if err != nil {
			return webapp.UnauthorizedError(fmt.Errorf("didn't find an auth token"))
		}
		if !token.IsValid(r.FormValue(auth.TokenFieldName), time.Now()) {
			return webapp.UnauthorizedError(fmt.Errorf("invalid auth token"))
		}
		fields, err := webapp.ParseRequiredValues(r, "text", "expiration")
		if err != nil {
			return missingFields(w)
		}
		expiration, err := parseLocalDate(fields["expiration"])
		if err != nil {
			return invalidData(w, "Invalid date entry; please use mm/dd/yyyy format.")
		}
		c.Infof("expiration: %s", expiration)
		announce := staff.NewAnnouncement(fields["text"], expiration)
		if err := staffAccount.AddAnnouncement(c, announce); err != nil {
			return webapp.InternalError(fmt.Errorf("staff: failed to add announcement: %s", err))
		}
		token.Delete(c)
		http.Redirect(w, r, "/staff", http.StatusSeeOther)
		return nil
	}
	token, err := auth.NewToken(staffAccount.ID, r.URL.Path, time.Now())
	if err != nil {
		return webapp.InternalError(err)
	}
	if err := token.Store(c); err != nil {
		return webapp.InternalError(err)
	}
	data := map[string]interface{}{
		"Token": token.Encode(),
	}
	if err := addAnnouncementPage.Execute(w, data); err != nil {
		return webapp.InternalError(err)
	}
	return nil
}
Ejemplo n.º 8
0
func addStaff(w http.ResponseWriter, r *http.Request) *webapp.Error {
	c := appengine.NewContext(r)
	adminAccount, ok := userContext(r)
	if !ok {
		return webapp.InternalError(fmt.Errorf("user not logged in"))
	}
	account, err := account.WithEmail(c, r.FormValue("email"))
	if err != nil {
		return webapp.InternalError(fmt.Errorf("Couldn't find user for email %s", r.FormValue("email")))
	}
	if r.Method == "POST" {
		token, err := auth.TokenForRequest(c, adminAccount.ID, r.URL.Path)
		if err != nil {
			return webapp.UnauthorizedError(fmt.Errorf("didn't find an auth token"))
		}
		if !token.IsValid(r.FormValue("xsrf_token"), time.Now()) {
			return webapp.UnauthorizedError(fmt.Errorf("Invalid XSRF token provided"))
		}
		staff := staff.New(account)
		if err := staff.Store(c); err != nil {
			return webapp.InternalError(fmt.Errorf("Couldn't add %s as staff", account.Email))
		}
		http.Redirect(w, r, "/admin", http.StatusSeeOther)
		return nil
	}
	token, err := auth.NewToken(adminAccount.ID, r.URL.Path, time.Now())
	if err != nil {
		return webapp.InternalError(err)
	}
	if err := token.Store(c); err != nil {
		return webapp.InternalError(err)
	}
	data := map[string]interface{}{
		"Token": token.Encode(),
		"User":  account,
	}
	if err := addStaffPage.Execute(w, data); err != nil {
		return webapp.InternalError(err)
	}
	return nil
}
Ejemplo n.º 9
0
func editClass(w http.ResponseWriter, r *http.Request) *webapp.Error {
	idString := r.FormValue("class")
	if idString == "" {
		return missingFields(w)
	}
	id, err := strconv.ParseInt(idString, 10, 64)
	if err != nil {
		return invalidData(w, fmt.Sprintf("Invalid class ID"))
	}
	c := appengine.NewContext(r)
	class, err := classes.ClassWithID(c, id)
	switch err {
	case nil:
		break
	case classes.ErrClassNotFound:
		return invalidData(w, "No such class.")
	default:
		return webapp.InternalError(fmt.Errorf("failed to look up class %d: %s", id, err))
	}
	staffAccount, ok := staffContext(r)
	if !ok {
		return webapp.UnauthorizedError(fmt.Errorf("only staff may edit classes"))
	}
	if r.Method == "POST" {
		c.Infof("updating class %d", class.ID)
		token, err := auth.TokenForRequest(c, staffAccount.ID, r.URL.Path)
		if err != nil {
			return webapp.UnauthorizedError(fmt.Errorf("didn't find an auth token"))
		}
		if !token.IsValid(r.FormValue(auth.TokenFieldName), time.Now()) {
			return webapp.UnauthorizedError(fmt.Errorf("invalid auth token"))
		}
		fields, err := webapp.ParseRequiredValues(r, "name", "description", "maxstudents", "dayofweek", "starttime", "length", "dropinonly")
		if err != nil {
			return missingFields(w)
		}
		class.Title = fields["name"]
		class.LongDescription = []byte(fields["description"])
		class.DropInOnly = fields["dropinonly"] == "yes"
		weekday, err := parseWeekday(fields["dayofweek"])
		if err != nil {
			return invalidData(w, "Invalid weekday")
		}
		class.Weekday = weekday
		maxStudents, err := strconv.ParseInt(fields["maxstudents"], 10, 32)
		if err != nil || maxStudents <= 0 {
			return invalidData(w, "Invalid student capacity")
		}
		class.Capacity = int32(maxStudents)
		length, err := parseMinutes(fields["length"])
		if err != nil {
			return invalidData(w, "Invalid length")
		}
		class.Length = length
		start, err := parseLocalTime(fields["starttime"])
		if err != nil {
			return invalidData(w, "Invalid start time; please use HH:MMpm format (e.g., 3:04pm)")
		}
		class.StartTime = start
		if email := r.FormValue("teacher"); email == "" {
			class.Teacher = nil
		} else {
			teacher, err := classes.TeacherWithEmail(c, email)
			if err != nil {
				return invalidData(w, "Invalid teacher selected")
			}
			class.Teacher = teacher.Key(c)
		}
		if err := class.Update(c); err != nil {
			return webapp.InternalError(fmt.Errorf("failed to update class %d: %s", class.ID, err))
		}
		token.Delete(c)
		http.Redirect(w, r, "/staff", http.StatusSeeOther)
		return nil
	}
	token, err := auth.NewToken(staffAccount.ID, r.URL.Path, time.Now())
	if err != nil {
		return webapp.InternalError(err)
	}
	if err := token.Store(c); err != nil {
		return webapp.InternalError(err)
	}
	data := map[string]interface{}{
		"Token":       token.Encode(),
		"Class":       class,
		"Teacher":     class.TeacherEntity(c),
		"Teachers":    classes.Teachers(c),
		"DaysInOrder": daysInOrder,
	}
	if err := editClassPage.Execute(w, data); err != nil {
		return webapp.InternalError(err)
	}
	return nil
}
Ejemplo n.º 10
0
func newAccount(w http.ResponseWriter, r *http.Request) *webapp.Error {
	target := continueTarget(r)
	c := appengine.NewContext(r)
	u := user.Current(c)
	if u == nil {
		webapp.RedirectToLogin(w, r, "/")
		return nil
	}
	if _, err := account.ForUser(c, u); err != account.ErrUserNotFound {
		if err != nil {
			return webapp.InternalError(fmt.Errorf("failed to account for current user: %s", err))
		}
		http.Redirect(w, r, "/", http.StatusFound)
		return nil
	}
	id, err := account.ID(u)
	if err != nil {
		return webapp.InternalError(err)
	}
	if r.Method == "POST" {
		token, err := auth.TokenForRequest(c, id, r.URL.Path)
		if err != nil {
			return webapp.UnauthorizedError(fmt.Errorf("no stored token for request"))
		}
		if !token.IsValid(r.FormValue(auth.TokenFieldName), time.Now()) {
			return webapp.UnauthorizedError(fmt.Errorf("invalid XSRF token"))
		}
		fields, err := webapp.ParseRequiredValues(r, "email", "firstname", "lastname")
		if err != nil {
			// TODO(rwsims): Clean up this error reporting.
			w.WriteHeader(http.StatusBadRequest)
			fmt.Fprintf(w, "Please go back and enter all required data.")
			return nil
		}
		claim := account.NewClaimedEmail(c, id, fields["email"])
		switch err := claim.Claim(c); {
		case err == nil:
			break
		case err == account.ErrEmailAlreadyClaimed:
			// TODO(rwsims): Clean up this error reporting.
			w.WriteHeader(http.StatusBadRequest)
			fmt.Fprintf(w, "That email is already in use; please use a different email")
			return nil
		default:
			return webapp.InternalError(fmt.Errorf("failed to claim email %q: %s", claim.Email, err))
		}
		info := account.Info{
			FirstName: fields["firstname"],
			LastName:  fields["lastname"],
			Email:     fields["email"],
		}
		if phone := r.FormValue("phone"); phone != "" {
			info.Phone = phone
		}
		acct, err := account.New(u, info)
		if err != nil {
			return webapp.InternalError(fmt.Errorf("failed to create user account: %s", err))
		}
		if err := acct.Put(c); err != nil {
			return webapp.InternalError(fmt.Errorf("failed to write new user account: %s", err))
		}
		if err := acct.SendConfirmation(c); err != nil {
			c.Errorf("Failed to send confirmation email to %q: %s", acct.Email, err)
		}
		http.Redirect(w, r, target, http.StatusSeeOther)
		token.Delete(c)
		return nil
	}
	token, err := auth.NewToken(id, r.URL.Path, time.Now())
	if err != nil {
		return webapp.InternalError(fmt.Errorf("failed to create auth token: %s", err))
	}
	if err := token.Store(c); err != nil {
		return webapp.InternalError(fmt.Errorf("failed to store token: %s", err))
	}
	data := map[string]interface{}{
		"Target": target,
		"Token":  token.Encode(),
	}
	if err := newAccountPage.Execute(w, data); err != nil {
		return webapp.InternalError(err)
	}
	return nil
}