// HandleUpdate handles the POST of the form to update a user
func HandleUpdate(context router.Context) error {
// Find the user
user, err := users.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update user
err = authorise.ResourceAndAuthenticity(context, user)
if err != nil {
return router.NotAuthorizedError(err)
}
// Get the params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Clean params further for customers, they may only update email, password, key
allowedParams := params.Map()
u := authorise.CurrentUser(context)
if !u.Admin() {
// allowedParams = params.Clean(users.AllowedParamsCustomer())
}
err = user.Update(allowedParams)
if err != nil {
return router.InternalError(err)
}
// Redirect to user
return router.Redirect(context, user.URLShow())
}
// HandleIndex displays a list of files
func HandleIndex(context router.Context) error {
// Authorise
err := authorise.Path(context)
if err != nil {
return router.NotAuthorizedError(err)
}
// Find the current user and check status
u := authorise.CurrentUser(context)
if u.Anon() {
// return router.NotAuthorizedError(err)
}
// For admins, show all files, order by date desc
q := files.Query().Order("updated_at desc")
// otherwise show just the logged in user's files
if !u.Admin() {
// Find the files for this user, unless
q = files.Where("user_id=?", u.Id)
}
// Fetch the files
results, err := files.FindAll(q)
if err != nil {
return router.InternalError(err)
}
// Render the template
view := view.New(context)
view.AddKey("files", results)
return view.Render()
}
// HandleLoginShow handles GET /users/login
func HandleLoginShow(context router.Context) error {
// Check we have no current user
u := authorise.CurrentUser(context)
if !u.Anon() {
return router.Redirect(context, fmt.Sprintf("/users/%d", u.Id))
}
// Render the template
view := view.New(context)
view.AddKey("error", context.Param("error"))
return view.Render()
}