// Read handles GET
func (ctl *AttendeeController) Read(c *models.Context) {
// Verify ID is a positive integer
eventID, err := strconv.ParseInt(c.RouteVars["event_id"], 10, 64)
if err != nil {
c.RespondWithErrorMessage(
fmt.Sprintf("The supplied event_id ('%s') is not a number.", c.RouteVars["event_id"]),
http.StatusBadRequest,
)
return
}
profileID, err := strconv.ParseInt(c.RouteVars["profile_id"], 10, 64)
if err != nil {
c.RespondWithErrorMessage(
fmt.Sprintf("The supplied profile_id ('%s') is not a number.", c.RouteVars["profile_id"]),
http.StatusBadRequest,
)
return
}
attendeeID, status, err := models.GetAttendeeID(eventID, profileID)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
// Start Authorisation
perms := models.GetPermission(
models.MakeAuthorisationContext(
c, 0, h.ItemTypes[h.ItemTypeAttendee], attendeeID),
)
if !perms.CanRead {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
// End Authorisation
// Read Event
m, status, err := models.GetAttendee(c.Site.ID, attendeeID)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
m.Meta.Permissions = perms
c.RespondWithData(m)
}
// Delete handles DELETE
func (ctl *AttendeeController) Delete(c *models.Context) {
// Validate inputs
eventID, err := strconv.ParseInt(c.RouteVars["event_id"], 10, 64)
if err != nil {
c.RespondWithErrorMessage(
fmt.Sprintf("The supplied event_id ('%s') is not a number.", c.RouteVars["event_id"]),
http.StatusBadRequest,
)
return
}
profileID, err := strconv.ParseInt(c.RouteVars["profile_id"], 10, 64)
if err != nil {
c.RespondWithErrorMessage(
fmt.Sprintf("The supplied profile_id ('%s') is not a number.", c.RouteVars["profile_id"]),
http.StatusBadRequest,
)
return
}
attendeeID, status, err := models.GetAttendeeID(eventID, profileID)
if err != nil {
c.RespondWithOK()
return
}
// Start Authorisation
perms := models.GetPermission(
models.MakeAuthorisationContext(
c, 0, h.ItemTypes[h.ItemTypeAttendee], attendeeID),
)
if !perms.CanDelete {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
// End Authorisation
m, status, err := models.GetAttendee(c.Site.ID, attendeeID)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
// Delete resource
status, err = m.Delete(c.Site.ID)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
audit.Replace(
c.Site.ID,
h.ItemTypes[h.ItemTypeAttendee],
attendeeID,
c.Auth.ProfileID,
time.Now(),
c.IP,
)
c.RespondWithOK()
}
