//CommentReply handles /admin/new_comment route func CommentReply(w http.ResponseWriter, r *http.Request) { tmpl := shared.Template(r) session := shared.Session(r) data := shared.DefaultData(r) if r.Method == "GET" { user := context.Get(r, "user").(*models.User) parentID := shared.Atoi64(r.FormValue("parent_id")) parent, _ := models.GetComment(parentID) comment := &models.Comment{ PostID: parent.PostID, ParentID: null.NewInt(parentID, parentID > 0), AuthorName: user.Name, } data["Title"] = "Reply" data["Active"] = "comments" data["Comment"] = comment data["Flash"] = session.Flashes("comments") session.Save(r, w) tmpl.Lookup("comments/form").Execute(w, data) } else if r.Method == "POST" { parentID := shared.Atoi64(r.PostFormValue("parent_id")) comment := &models.Comment{ PostID: shared.Atoi64(r.PostFormValue("post_id")), ParentID: null.NewInt(parentID, parentID > 0), AuthorName: r.PostFormValue("author_name"), Content: r.PostFormValue("content"), Published: shared.Atob(r.PostFormValue("published")), } if err := comment.Insert(); err != nil { session.AddFlash(err.Error(), "comments") session.Save(r, w) http.Redirect(w, r, r.RequestURI, 303) return } http.Redirect(w, r, "/admin/comments", 303) } else { err := fmt.Errorf("Method %q not allowed", r.Method) log.Printf("ERROR: %s\n", err) w.WriteHeader(405) tmpl.Lookup("errors/405").Execute(w, shared.ErrorData(err)) } }
//PostUpdate handles /admin/edit_post/:id route func PostUpdate(w http.ResponseWriter, r *http.Request) { tmpl := shared.Template(r) session := shared.Session(r) data := shared.DefaultData(r) if r.Method == "GET" { id := r.URL.Path[len("/admin/edit_post/"):] post, err := models.GetPost(id) if err != nil { w.WriteHeader(404) tmpl.Lookup("errors/404").Execute(w, shared.ErrorData(err)) return } tags, err := models.GetTags() if err != nil { w.WriteHeader(404) tmpl.Lookup("errors/404").Execute(w, nil) return } data["Title"] = "Edit post" data["Active"] = "posts" data["Post"] = post data["Tags"] = tags data["Flash"] = session.Flashes() session.Save(r, w) tmpl.Lookup("posts/form").Execute(w, data) } else if r.Method == "POST" { r.ParseForm() post := &models.Post{ ID: shared.Atoi64(r.PostFormValue("id")), Name: r.PostFormValue("name"), Content: r.PostFormValue("content"), Published: shared.Atob(r.PostFormValue("published")), Tags: r.Form["tags"], //PostFormValue returns only first value } if err := post.Update(); err != nil { session.AddFlash(err.Error()) session.Save(r, w) http.Redirect(w, r, r.RequestURI, 303) return } http.Redirect(w, r, "/admin/posts", 303) } else { err := fmt.Errorf("Method %q not allowed", r.Method) log.Printf("ERROR: %s\n", err) w.WriteHeader(405) tmpl.Lookup("errors/405").Execute(w, shared.ErrorData(err)) } }
//UserUpdate handles /admin/edit_user/:id route func UserUpdate(w http.ResponseWriter, r *http.Request) { tmpl := shared.Template(r) session := shared.Session(r) data := shared.DefaultData(r) if r.Method == "GET" { id := r.URL.Path[len("/admin/edit_user/"):] user, err := models.GetUser(id) if err != nil { w.WriteHeader(404) tmpl.Lookup("errors/404").Execute(w, shared.ErrorData(err)) return } data["Title"] = "Edit user" data["Active"] = "users" data["User"] = user data["Flash"] = session.Flashes() session.Save(r, w) tmpl.Lookup("users/form").Execute(w, data) } else if r.Method == "POST" { user := &models.User{ ID: shared.Atoi64(r.PostFormValue("id")), Name: r.PostFormValue("name"), Email: r.PostFormValue("email"), Password: r.PostFormValue("password"), } if err := user.HashPassword(); err != nil { log.Printf("ERROR: %s\n", err) w.WriteHeader(500) tmpl.Lookup("errors/500").Execute(w, shared.ErrorData(err)) return } if err := user.Update(); err != nil { session.AddFlash(err.Error()) session.Save(r, w) http.Redirect(w, r, r.RequestURI, 303) return } http.Redirect(w, r, "/admin/users", 303) } else { err := fmt.Errorf("Method %q not allowed", r.Method) log.Printf("ERROR: %s\n", err) w.WriteHeader(405) tmpl.Lookup("errors/405").Execute(w, shared.ErrorData(err)) } }
//PageUpdate handles /admin/edit_page/:id route func PageUpdate(w http.ResponseWriter, r *http.Request) { tmpl := shared.Template(r) session := shared.Session(r) data := shared.DefaultData(r) if r.Method == "GET" { id := r.URL.Path[len("/admin/edit_page/"):] page, err := models.GetPage(id) if err != nil { w.WriteHeader(400) tmpl.Lookup("errors/400").Execute(w, shared.ErrorData(err)) return } data["Title"] = "Edit page" data["Active"] = "pages" data["Page"] = page data["Flash"] = session.Flashes() session.Save(r, w) tmpl.Lookup("pages/form").Execute(w, data) } else if r.Method == "POST" { page := &models.Page{ ID: shared.Atoi64(r.PostFormValue("id")), Name: r.PostFormValue("name"), Content: r.PostFormValue("content"), Published: shared.Atob(r.PostFormValue("published")), } if err := page.Update(); err != nil { session.AddFlash(err.Error()) session.Save(r, w) http.Redirect(w, r, r.RequestURI, 303) return } http.Redirect(w, r, "/admin/pages", 303) } else { err := fmt.Errorf("Method %q not allowed", r.Method) log.Printf("ERROR: %s\n", err) w.WriteHeader(405) tmpl.Lookup("errors/405").Execute(w, shared.ErrorData(err)) } }
//CommentUpdate handles /admin/edit_comment/:id route func CommentUpdate(w http.ResponseWriter, r *http.Request) { tmpl := shared.Template(r) session := shared.Session(r) data := shared.DefaultData(r) if r.Method == "GET" { id := r.URL.Path[len("/admin/edit_comment/"):] comment, err := models.GetComment(id) if err != nil { w.WriteHeader(404) tmpl.Lookup("errors/404").Execute(w, shared.ErrorData(err)) return } data["Title"] = "Edit comment" data["Active"] = "comments" data["Comment"] = comment data["Flash"] = session.Flashes("comments") session.Save(r, w) tmpl.Lookup("comments/form").Execute(w, data) } else if r.Method == "POST" { r.ParseForm() comment := &models.Comment{ ID: shared.Atoi64(r.PostFormValue("id")), Content: r.PostFormValue("content"), Published: shared.Atob(r.PostFormValue("published")), } if err := comment.Update(); err != nil { session.AddFlash(err.Error(), "comments") session.Save(r, w) http.Redirect(w, r, r.RequestURI, 303) return } http.Redirect(w, r, "/admin/comments", 303) } else { err := fmt.Errorf("Method %q not allowed", r.Method) log.Printf("ERROR: %s\n", err) w.WriteHeader(405) tmpl.Lookup("errors/405").Execute(w, shared.ErrorData(err)) } }
//CommentCreate handles /new_comment route func CommentCreate(w http.ResponseWriter, r *http.Request) { session := shared.Session(r) tmpl := shared.Template(r) if r.Method == "POST" { if _, ok := session.Values["oauth_name"]; !ok { err := fmt.Errorf("You are not authorized to post comments.") log.Printf("ERROR: %s\n", err) w.WriteHeader(405) tmpl.Lookup("errors/405").Execute(w, shared.ErrorData(err)) return } comment := &models.Comment{ PostID: shared.Atoi64(r.PostFormValue("post_id")), AuthorName: session.Values["oauth_name"].(string), Content: r.PostFormValue("content"), Published: false, //comments are published by admin via dashboard } if err := comment.Insert(); err != nil { log.Printf("ERROR: %s\n", err) w.WriteHeader(400) tmpl.Lookup("errors/400").Execute(w, shared.ErrorData(err)) return } session.AddFlash("Thank you! Your comment will be visible after approval.", "comments") session.Save(r, w) http.Redirect(w, r, fmt.Sprintf("/posts/%d#comments", comment.PostID), 303) } else { err := fmt.Errorf("Method %q not allowed", r.Method) log.Printf("ERROR: %s\n", err) w.WriteHeader(405) tmpl.Lookup("errors/405").Execute(w, shared.ErrorData(err)) } }