// HandleIndex displays a list of files func HandleIndex(context router.Context) error { // Authorise err := authorise.Path(context) if err != nil { return router.NotAuthorizedError(err) } // Find the current user and check status u := authorise.CurrentUser(context) if u.Anon() { // return router.NotAuthorizedError(err) } // For admins, show all files, order by date desc q := files.Query().Order("updated_at desc") // otherwise show just the logged in user's files if !u.Admin() { // Find the files for this user, unless q = files.Where("user_id=?", u.Id) } // Fetch the files results, err := files.FindAll(q) if err != nil { return router.InternalError(err) } // Render the template view := view.New(context) view.AddKey("files", results) return view.Render() }
// HandleUpdate handles the POST of the form to update a user func HandleUpdate(context router.Context) error { // Find the user user, err := users.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update user err = authorise.ResourceAndAuthenticity(context, user) if err != nil { return router.NotAuthorizedError(err) } // Get the params params, err := context.Params() if err != nil { return router.InternalError(err) } // Clean params further for customers, they may only update email, password, key allowedParams := params.Map() u := authorise.CurrentUser(context) if !u.Admin() { // allowedParams = params.Clean(users.AllowedParamsCustomer()) } err = user.Update(allowedParams) if err != nil { return router.InternalError(err) } // Redirect to user return router.Redirect(context, user.URLShow()) }
// HandleLoginShow handles GET /users/login func HandleLoginShow(context router.Context) error { // Check we have no current user u := authorise.CurrentUser(context) if !u.Anon() { return router.Redirect(context, fmt.Sprintf("/users/%d", u.Id)) } // Render the template view := view.New(context) view.AddKey("error", context.Param("error")) return view.Render() }