// Patch handles PATCH
func (ctl *EventController) Patch(c *models.Context) {
_, itemTypeID, itemID, status, err := c.GetItemTypeAndItemID()
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
patches := []h.PatchType{}
err = c.Fill(&patches)
if err != nil {
c.RespondWithErrorMessage(
fmt.Sprintf("The post data is invalid: %v", err.Error()),
http.StatusBadRequest,
)
return
}
status, err = h.TestPatch(patches)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
// Start Authorisation
ac := models.MakeAuthorisationContext(c, 0, itemTypeID, itemID)
perms := models.GetPermission(ac)
if !perms.CanUpdate {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
// All patches are 'replace'
for _, patch := range patches {
status, err := patch.ScanRawValue()
if !patch.Bool.Valid {
c.RespondWithErrorDetail(err, status)
return
}
switch patch.Path {
case "/meta/flags/sticky":
// Only super users' can sticky and unsticky
if !perms.IsModerator {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
if !patch.Bool.Valid {
c.RespondWithErrorMessage("/meta/flags/sticky requires a bool value", http.StatusBadRequest)
return
}
case "/meta/flags/open":
// Only super users' and item owners can open and close
if !(perms.IsModerator || perms.IsOwner) {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
if !patch.Bool.Valid {
c.RespondWithErrorMessage("/meta/flags/open requires a bool value", http.StatusBadRequest)
return
}
case "/meta/flags/deleted":
// Only super users' can undelete, but super users' and owners can delete
if !patch.Bool.Valid {
c.RespondWithErrorMessage("/meta/flags/deleted requires a bool value", http.StatusBadRequest)
return
}
if (patch.Bool.Bool == false && !(perms.IsModerator || perms.IsOwner)) || !perms.IsModerator {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
case "/meta/flags/moderated":
if !perms.IsModerator {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
default:
c.RespondWithErrorMessage("Invalid patch operation path", http.StatusBadRequest)
return
}
}
// End Authorisation
m, status, err := models.GetEvent(c.Site.ID, itemID, c.Auth.ProfileID)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
status, err = m.Patch(ac, patches)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
audit.Update(
c.Site.ID,
h.ItemTypes[h.ItemTypeEvent],
m.ID,
c.Auth.ProfileID,
time.Now(),
c.IP,
)
c.RespondWithOK()
}
// Patch handles PATCH
func (ctl *RoleController) Patch(c *models.Context) {
// Validate inputs
var microcosmID int64
if sid, exists := c.RouteVars["microcosm_id"]; exists {
id, err := strconv.ParseInt(sid, 10, 64)
if err != nil {
c.RespondWithErrorMessage("microcosm_id in URL is not a number", http.StatusBadRequest)
return
}
microcosmID = id
}
roleID, err := strconv.ParseInt(c.RouteVars["role_id"], 10, 64)
if err != nil {
c.RespondWithErrorMessage("microcosm_id in URL is not a number", http.StatusBadRequest)
return
}
patches := []h.PatchType{}
err = c.Fill(&patches)
if err != nil {
c.RespondWithErrorMessage(
fmt.Sprintf("The post data is invalid: %v", err.Error()),
http.StatusBadRequest,
)
return
}
status, err := h.TestPatch(patches)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
// Start Authorisation
ac := models.MakeAuthorisationContext(c, microcosmID, h.ItemTypes[h.ItemTypeMicrocosm], microcosmID)
perms := models.GetPermission(ac)
if microcosmID > 0 {
// Related to a Microcosm
if !perms.IsModerator && !c.Auth.IsSiteOwner {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
} else {
// Default role for the site
if !c.Auth.IsSiteOwner {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
}
// All patches are 'replace'
for _, patch := range patches {
status, err := patch.ScanRawValue()
if !patch.Bool.Valid {
c.RespondWithErrorDetail(err, status)
return
}
switch patch.Path {
case "/moderator":
if !patch.Bool.Valid {
c.RespondWithErrorMessage("/moderator requires a bool value", http.StatusBadRequest)
return
}
case "/banned":
if !patch.Bool.Valid {
c.RespondWithErrorMessage("/banned requires a bool value", http.StatusBadRequest)
return
}
case "/read":
if !patch.Bool.Valid {
c.RespondWithErrorMessage("/read requires a bool value", http.StatusBadRequest)
return
}
case "/create":
if !patch.Bool.Valid {
c.RespondWithErrorMessage("/create requires a bool value", http.StatusBadRequest)
return
}
case "/update":
if !patch.Bool.Valid {
c.RespondWithErrorMessage("/update requires a bool value", http.StatusBadRequest)
return
}
case "/delete":
if !patch.Bool.Valid {
c.RespondWithErrorMessage("/delete requires a bool value", http.StatusBadRequest)
return
}
case "/closeOwn":
if !patch.Bool.Valid {
c.RespondWithErrorMessage("/closeOwn requires a bool value", http.StatusBadRequest)
return
}
case "/openOwn":
if !patch.Bool.Valid {
c.RespondWithErrorMessage("/openOwn requires a bool value", http.StatusBadRequest)
return
}
case "/readOthers":
if !patch.Bool.Valid {
c.RespondWithErrorMessage("/readOthers requires a bool value", http.StatusBadRequest)
return
}
default:
c.RespondWithErrorMessage("Invalid patch operation path", http.StatusBadRequest)
return
}
}
// End Authorisation
m, status, err := models.GetRole(c.Site.ID, microcosmID, roleID, c.Auth.ProfileID)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
status, err = m.Patch(ac, patches)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
audit.Update(
c.Site.ID,
h.ItemTypes[h.ItemTypeRole],
m.ID,
c.Auth.ProfileID,
time.Now(),
c.IP,
)
c.RespondWithOK()
}