Exemple #1
0
// HandleShowPath serves requests to a custom page url
func HandleShowPath(context router.Context) error {

	// Setup context for template
	path := context.Path()

	// If no pages or users exist, redirect to set up page
	if missingUsersAndPages() {
		return router.Redirect(context, "/fragmenta/setup")
	}

	q := pages.Query().Where("url=?", path).Limit(1)
	pages, err := pages.FindAll(q)
	if err != nil || len(pages) == 0 {
		return router.NotFoundError(err)
	}

	// Get the first of pages to render
	page := pages[0]

	// For show path of pages, we authorise showing the page FOR ALL users if it is published
	if !page.IsPublished() {
		// Authorise
		err = authorise.Resource(context, page)
		if err != nil {
			return router.NotAuthorizedError(err)
		}
	}

	return renderPage(context, page)
}
Exemple #2
0
// authoriseReader returns error if the path/resource is not authorised
func authoriseReader(c router.Context, r ResourceModel) error {
	user := c.Get("current_user").(*users.User)

	if c.Path() == "/stories/create" && user.CanSubmit() {
		return nil
	}

	if c.Path() == "/comments/create" && user.CanComment() {
		return nil
	}

	// Allow upvotes and downvotes
	if strings.HasSuffix(c.Path(), "/upvote") && user.CanUpvote() {
		return nil
	}

	if strings.HasSuffix(c.Path(), "/downvote") && user.CanDownvote() {
		return nil
	}

	if r != nil {
		if r.OwnedBy(user.Id) {
			return nil
		}
	}

	return fmt.Errorf("Path and Resource not authorized:%s %v", c.Path(), r)

}
Exemple #3
0
// HandleShowPath serves requests to a custom page url
func HandleShowPath(context router.Context) error {

	// Setup context for template
	path := context.Path()

	q := pages.Query().Where("url=?", path).Limit(1)
	pages, err := pages.FindAll(q)
	if err != nil || len(pages) == 0 {
		return router.NotFoundError(err)
	}

	// Get the first of pages to render
	page := pages[0]

	// If not published, check authorisation
	if !page.IsPublished() {
		// Authorise
		err = authorise.Resource(context, page)
		if err != nil {
			return router.NotAuthorizedError(err)
		}
	}

	return render(context, page)
}
Exemple #4
0
// HandleShow displays a single story
func HandleShow(context router.Context) error {

	// Find the story
	story, err := stories.Find(context.ParamInt("id"))
	if err != nil {
		return router.InternalError(err)
	}

	// Redirect requests to the canonical url
	if context.Path() != story.URLShow() {
		return router.Redirect(context, story.URLShow())
	}

	// Find the comments for this story
	// Fetch the comments
	q := comments.Where("story_id=?", story.Id).Order(comments.RankOrder)
	rootComments, err := comments.FindAll(q)
	if err != nil {
		return router.InternalError(err)
	}

	// Render the template
	view := view.New(context)
	view.AddKey("story", story)
	view.AddKey("meta_title", story.Name)
	view.AddKey("meta_desc", story.Summary)
	view.AddKey("meta_keywords", story.Name)
	view.AddKey("comments", rootComments)

	return view.Render()
}
Exemple #5
0
// Handle serving assets in dev (if we can) - return true on success
func serveAsset(context router.Context) error {
	p := path.Clean(context.Path())

	// It must be under /assets, or we don't serve
	if !strings.HasPrefix(p, "/assets/") {
		return router.NotFoundError(nil)
	}

	// Try to find an asset in our list
	f := appAssets.File(path.Base(p))
	if f == nil {
		return router.NotFoundError(nil)
	}

	localPath := "./" + f.LocalPath()
	http.ServeFile(context, context.Request(), localPath)
	return nil
}
Exemple #6
0
// Default file handler, used in development - in production serve with nginx
func serveFile(context router.Context) error {
	// Assuming we're running from the root of the website
	localPath := "./public" + path.Clean(context.Path())

	if _, err := os.Stat(localPath); err != nil {
		// If file not found return error
		if os.IsNotExist(err) {
			return router.NotFoundError(err)
		}

		// For other errors return not authorised
		return router.NotAuthorizedError(err)
	}

	// If the file exists and we can access it, serve it
	http.ServeFile(context, context.Request(), localPath)
	return nil
}
Exemple #7
0
func renderPage(context router.Context, page *pages.Page) error {

	view := view.New(context)

	// Setup context for template
	if page.Template != "" {
		view.Template(page.Template)
	} else {
		view.Template("pages/views/show.html.got")
	}

	view.AddKey("page", page)
	view.AddKey("meta_title", page.Name)
	view.AddKey("meta_desc", page.Summary)
	view.AddKey("meta_keywords", page.Keywords)

	// Serve template
	context.Logf("#info Rendering page for path %s", context.Path())
	return view.Render()
}
Exemple #8
0
// Resource authorises the path and resource for the current user
// if model is nil it is ignored and permission granted
func Resource(c router.Context, r ResourceModel) error {

	// Short circuit evaluation if this is a public path
	if publicPath(c.Path()) {
		return nil
	}

	user := c.Get("current_user").(*users.User)

	switch user.Role {
	case users.RoleAdmin:
		return nil
	case users.RoleEditor:
		if r.OwnedBy(user.Id) {
			return nil
		}
	}

	return fmt.Errorf("Path and Resource not authorized:%s %v", c.Path(), r)

}
Exemple #9
0
// Resource authorises the path and resource for the current user
// if model is nil it is ignored and permission granted
func Resource(c router.Context, r ResourceModel) error {

	// Short circuit evaluation if this is a public path
	if publicPath(c.Path()) {
		return nil
	}

	user := c.Get("current_user").(*users.User)

	switch user.Role {
	case users.RoleAdmin:
		return nil
	case users.RoleCustomer:

		// RoleCustomer should have access to /files
		if c.Path() == "/files" {
			return nil
		}

		// RoleCustomer should have access to /files/x/delete if file is owned by them
		if strings.HasPrefix(c.Path(), "/files") {
			if r != nil && r.OwnedBy(user.Id) {
				return nil
			}
		}

		// RoleCustomer should have access to /users/x/update if they are that user
		if strings.HasPrefix(c.Path(), "/users") {
			if r != nil && r.OwnedBy(user.Id) {
				return nil
			}
		}

	}

	return fmt.Errorf("Path and Resource not authorized:%s %v", c.Path(), r)
}