func (app *App) handleAllUserModels(w http.ResponseWriter, r *http.Request) {
switch r.Method {
case "GET":
_, ok := app.getUser(r)
if !ok {
http.Error(w, "Unauthorized", http.StatusUnauthorized)
return
}
// TODO
// if u.Admin == false {
// http.Error(w, "Unauthorized", http.StatusUnauthorized)
// return
// }
tx, err := app.db.Begin()
if err != nil {
app.dbError(w, r, err)
return
}
defer tx.Rollback()
allUsers, err := db.AllUsers(tx)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
allModels := []db.Model{}
for _, user := range allUsers {
models, err := db.UserModels(tx, user.Name)
for i, _ := range models {
models[i].Owner = user.Name
}
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
allModels = append(allModels, models...)
}
if err != nil {
app.dbError(w, r, err)
return
}
app.writeJson(w, allModels)
default:
http.Error(w, "I only respond to GETs", http.StatusNotImplemented)
}
}
func (app *App) handleUsersData(w http.ResponseWriter, r *http.Request) {
// it's already implied that this user is an admin, we can skip auth
switch r.Method {
case "GET":
tx, err := app.db.Begin()
if err != nil {
app.dbError(w, r, err)
return
}
defer tx.Rollback()
users, err := db.AllUsers(tx)
if err != nil {
app.dbError(w, r, err)
return
}
// ViewUser is a type which is okay to display in the view.
// It omits fields like "password" (because we would NEVER display
// something like that).
type ViewUser struct {
Name string
Email string
Admin bool
Apikey string
ROApikey string
}
viewUsers := make([]ViewUser, len(users))
for i, user := range users {
viewUsers[i] = ViewUser{
user.Name, user.Email, user.Admin,
user.Apikey, user.ReadOnlyApikey,
}
}
app.writeJson(w, viewUsers)
default:
http.Error(w, "I only respond to GETs", http.StatusNotImplemented)
}
}
func (app *App) handleModelSharedUsers(w http.ResponseWriter, r *http.Request) {
switch r.Method {
case "GET":
reqUser, ok := app.getUser(r)
if !ok {
http.Error(w, "Unauthorized", http.StatusUnauthorized)
return
}
if app.sharingDisabled {
// If sharing is disabled return an empty list
w.Write([]byte(`[]`))
return
}
modelname := mux.Vars(r)["name"]
tx, err := app.db.Begin()
if err != nil {
app.dbError(w, r, err)
return
}
defer tx.Rollback()
users, err := db.ModelSharedUsers(tx, reqUser.Name, modelname)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
isShared := func(userId int64) bool {
for _, user := range users {
if user.Id == userId {
return true
}
}
return false
}
allUsers, err := db.AllUsers(tx)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
shared := []sharedUser{}
for _, user := range allUsers {
if user.Id == reqUser.Id {
continue
}
shared = append(shared, sharedUser{
Id: user.Id,
Name: user.Name,
Shared: isShared(user.Id),
})
}
app.writeJson(w, shared)
default:
http.Error(w, "I only respond to GETs", http.StatusNotImplemented)
}
}
func (app *App) handleRegister(w http.ResponseWriter, r *http.Request) {
// Register is only displayed if there are no users on the system.
// It is only for the inital login.
tx, err := app.db.Begin()
if err != nil {
app.dbError(w, r, err)
return
}
defer tx.Rollback()
users, err := db.AllUsers(tx)
if err != nil {
app.dbError(w, r, err)
return
}
if len(users) != 0 {
if r.Method == "GET" {
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
} else {
http.Error(w, "Unauthorized", http.StatusUnauthorized)
}
return
}
if r.Method == "GET" {
app.serveFile("register.html").ServeHTTP(w, r)
return
} else if r.Method != "POST" {
http.Error(w, "I only respond to GET and POSTs", http.StatusNotImplemented)
return
}
username := r.PostFormValue("username")
pass := r.PostFormValue("password")
email := r.PostFormValue("email")
if username == "" {
http.Error(w, "No username provided", http.StatusBadRequest)
return
}
if pass == "" {
http.Error(w, "Empty password provided", http.StatusBadRequest)
return
}
hashedPass := phash.Gen(pass)
user, err := db.NewUser(tx, username, hashedPass, email, true)
if err != nil {
http.Error(w, "Could not save user to database: "+err.Error(),
http.StatusInternalServerError)
return
}
if err := tx.Commit(); err != nil {
app.dbError(w, r, err)
return
}
u := &User{Id: user.Id, Name: user.Name}
if err := app.setUser(r, w, u); err != nil {
http.Error(w, "Failed to set session cookie: "+err.Error(),
http.StatusInternalServerError)
return
}
w.WriteHeader(http.StatusOK)
}