func (sub *userSubscription) Methods() map[string]func(he.Request) he.Response {
return map[string]func(he.Request) he.Response{
"DELETE": func(req he.Request) he.Response {
db := req.Things["db"].(*periwinkle.Tx)
sub.backend().Delete(db)
return rfc7231.StatusNoContent()
},
}
}
func (o *group) Methods() map[string]func(he.Request) he.Response {
return map[string]func(he.Request) he.Response{
"GET": func(req he.Request) he.Response {
var enum Enumerategroup
enum = EnumerateGroup(o)
return rfc7231.StatusOK(he.NetJSON{Data: enum})
},
"PUT": func(req he.Request) he.Response {
db := req.Things["db"].(*periwinkle.Tx)
var newGroup group
httperr := safeDecodeJSON(req.Entity, &newGroup)
if httperr != nil {
return *httperr
}
if o.ID != newGroup.ID {
return rfc7231.StatusConflict(he.NetPrintf("Cannot change group id"))
}
*o = newGroup
o.backend().Save(db)
return rfc7231.StatusOK(o)
},
"PATCH": func(req he.Request) he.Response {
db := req.Things["db"].(*periwinkle.Tx)
sess := req.Things["session"].(*backend.Session)
subscribed := backend.IsSubscribed(db, sess.UserID, *o.backend())
if !backend.IsAdmin(db, sess.UserID, *o.backend()) {
if o.JoinPublic == 1 {
if subscribed == 0 {
return rfc7231.StatusForbidden(he.NetPrintf("Unauthorized user"))
}
if o.JoinConfirmed == 1 && subscribed == 1 {
return rfc7231.StatusForbidden(he.NetPrintf("Unauthorized user"))
}
if o.JoinMember == 1 {
return rfc7231.StatusForbidden(he.NetPrintf("Unauthorized user"))
}
}
}
enum := EnumerateGroup(o)
var newGroup Enumerategroup
patch, ok := req.Entity.(jsonpatch.Patch)
if !ok {
return rfc7231.StatusUnsupportedMediaType(he.NetPrintf("PATCH request must have a patch media type"))
}
err := patch.Apply(enum, &newGroup)
if err != nil {
return rfc7231.StatusConflict(he.NetPrintf("%v", err))
}
if o.ID != newGroup.Groupname {
return rfc7231.StatusConflict(he.NetPrintf("Cannot change group id"))
}
*o = RenumerateGroup(newGroup)
o.backend().Save(db)
return rfc7231.StatusOK(o)
},
"DELETE": func(req he.Request) he.Response {
db := req.Things["db"].(*periwinkle.Tx)
sess := req.Things["session"].(*backend.Session)
if !backend.IsAdmin(db, sess.UserID, *o.backend()) {
return rfc7231.StatusForbidden(he.NetPrintf("Unauthorized user"))
}
o.backend().Delete(db)
return rfc7231.StatusNoContent()
},
}
}
func (usr *user) Methods() map[string]func(he.Request) he.Response {
return map[string]func(he.Request) he.Response{
"GET": func(req he.Request) he.Response {
var addresses []backend.UserAddress
for _, addr := range usr.Addresses {
if addr.Medium != "noop" && addr.Medium != "admin" {
addresses = append(addresses, addr)
}
}
usr.Addresses = addresses
return rfc7231.StatusOK(usr)
},
"PUT": func(req he.Request) he.Response {
db := req.Things["db"].(*periwinkle.Tx)
sess := req.Things["session"].(*backend.Session)
if sess.UserID != usr.ID {
return rfc7231.StatusForbidden(he.NetPrintf("Unauthorized user"))
}
var newUser user
httperr := safeDecodeJSON(req.Entity, &newUser)
if httperr != nil {
return *httperr
}
if usr.ID != newUser.ID {
return rfc7231.StatusConflict(he.NetPrintf("Cannot change user id"))
}
// TODO: this won't play nice with the
// password hash (because it's private), or
// with addresses (because the (private) IDs
// need to be made to match up)
*usr = newUser
usr.backend().Save(db)
return rfc7231.StatusOK(usr)
},
"PATCH": func(req he.Request) he.Response {
db := req.Things["db"].(*periwinkle.Tx)
sess := req.Things["session"].(*backend.Session)
if sess.UserID != usr.ID {
return rfc7231.StatusForbidden(he.NetPrintf("Unauthorized user"))
}
patch, ok := req.Entity.(jsonpatch.Patch)
if !ok {
return rfc7231.StatusUnsupportedMediaType(he.NetPrintf("PATCH request must have a patch media type"))
}
httperr := usr.patchPassword(&patch)
if httperr != nil {
return *httperr
}
var newUser user
err := patch.Apply(usr, &newUser)
if err != nil {
return rfc7231.StatusConflict(he.ErrorToNetEntity(409, err))
}
if usr.ID != newUser.ID {
return rfc7231.StatusConflict(he.NetPrintf("Cannot change user id"))
}
if newUser.PwHash == nil || len(newUser.PwHash) == 0 {
newUser.PwHash = usr.PwHash
}
*usr = newUser
usr.backend().Save(db)
return rfc7231.StatusOK(usr)
},
"DELETE": func(req he.Request) he.Response {
db := req.Things["db"].(*periwinkle.Tx)
usr.backend().Delete(db)
return rfc7231.StatusNoContent()
},
}
}