// Delete handles DELETE
func (ctl *UserController) Delete(c *models.Context) {
_, _, itemID, status, err := c.GetItemTypeAndItemID()
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
m, status, err := models.GetUser(itemID)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
if !models.UserIsOnSite(m.ID, c.Site.ID) {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
status, err = m.Delete()
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
audit.Delete(
c.Site.ID,
h.ItemTypes[h.ItemTypeUser],
itemID,
c.Auth.ProfileID,
time.Now(),
c.IP,
)
c.RespondWithOK()
}
// Read handles GET
func (ctl *UserController) Read(c *models.Context) {
_, itemTypeID, itemID, status, err := c.GetItemTypeAndItemID()
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
// Start Authorisation
perms := models.GetPermission(
models.MakeAuthorisationContext(
c, 0, itemTypeID, itemID),
)
if !perms.CanRead {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
// End Authorisation
m, status, err := models.GetUser(itemID)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
if !models.UserIsOnSite(m.ID, c.Site.ID) {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
c.RespondWithData(m)
}
// Read handles GET
func (ctl *ProfileController) Read(c *models.Context) {
_, itemTypeID, itemID, status, err := c.GetItemTypeAndItemID()
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
// Start Authorisation
perms := models.GetPermission(
models.MakeAuthorisationContext(
c, 0, itemTypeID, itemID),
)
if c.Site.ID == 1 {
if c.Auth.ProfileID != itemID {
perms.CanRead = false
}
}
if !perms.CanRead {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
// End Authorisation
m, status, err := models.GetProfile(c.Site.ID, itemID)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
m.Meta.Permissions = perms
if c.Auth.ProfileID > 0 {
// Get watcher status
watcherID, sendEmail, sendSms, ignored, status, err := models.GetWatcherAndIgnoreStatus(
h.ItemTypes[h.ItemTypeProfile], m.ID, c.Auth.ProfileID,
)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
if ignored {
m.Meta.Flags.Ignored = true
}
if watcherID > 0 {
m.Meta.Flags.Watched = true
m.Meta.Flags.SendEmail = sendEmail
m.Meta.Flags.SendSMS = sendSms
}
if c.Auth.ProfileID == m.ID {
// Get counts of things
m.GetUnreadHuddleCount()
}
if perms.IsOwner {
user, status, err := models.GetUser(c.Auth.UserID)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
m.Email = user.Email
}
}
c.RespondWithData(m)
}
// Update handles PUT
func (ctl *UserController) Update(c *models.Context) {
_, _, itemID, status, err := c.GetItemTypeAndItemID()
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
m, status, err := models.GetUser(itemID)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
if !models.UserIsOnSite(m.ID, c.Site.ID) {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
err = c.Fill(&m)
if err != nil {
c.RespondWithErrorMessage(
fmt.Sprintf("The post data is invalid: %v", err.Error()),
http.StatusBadRequest,
)
return
}
// Start Authorisation
perms := models.GetPermission(
models.MakeAuthorisationContext(
c, 0, h.ItemTypes[h.ItemTypeProfile], itemID),
)
if !perms.CanUpdate {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
// End Authorisation
status, err = m.Update()
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
audit.Replace(
c.Site.ID,
h.ItemTypes[h.ItemTypeProfile],
itemID,
c.Auth.ProfileID,
time.Now(),
c.IP,
)
c.RespondWithSeeOther(
fmt.Sprintf(
"%s/%d",
h.APITypeUser,
m.ID,
),
)
}
// Create handles POST
func (ctl *SitesController) Create(c *models.Context) {
if c.Auth.ProfileID < 1 {
c.RespondWithErrorMessage(
fmt.Sprintf("You must be logged in to the root site create a site"),
http.StatusForbidden,
)
return
}
if c.Site.ID != 1 {
c.RespondWithErrorMessage(
fmt.Sprintf("Sites can only be created from the root site"),
http.StatusBadRequest,
)
return
}
bytes, _ := httputil.DumpRequest(c.Request, true)
glog.Infoln(string(bytes))
m := models.SiteType{}
// Default theme
m.ThemeID = 1
err := c.Fill(&m)
if err != nil {
c.RespondWithErrorMessage(
fmt.Sprintf("The post data is invalid: %v", err.Error()),
http.StatusBadRequest,
)
return
}
// Fetch full user info from context user ID
user, status, err := models.GetUser(c.Auth.UserID)
if err != nil {
c.RespondWithErrorMessage(
fmt.Sprintf("Could not retrieve use associated with ID %d", c.Auth.UserID),
status,
)
return
}
site, _, status, err := models.CreateOwnedSite(m, user)
if err != nil {
c.RespondWithErrorMessage(
fmt.Sprintf("Error creating site: %s", err.Error()),
http.StatusInternalServerError,
)
return
}
audit.Create(
c.Site.ID,
h.ItemTypes[h.ItemTypeSite],
site.ID,
c.Auth.ProfileID,
time.Now(),
c.IP,
)
c.RespondWithSeeOther(fmt.Sprintf("%s/%d", h.APITypeSite, site.ID))
}