func (m *MemberDetailHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
var user string = m.auth.GetAuthenticatedUser(req)
var member *membersys.MembershipAgreement
var memberid string = req.FormValue("email")
var enc *json.Encoder
var err error
if user == "" {
rw.WriteHeader(http.StatusUnauthorized)
return
}
if len(memberid) == 0 {
rw.WriteHeader(http.StatusLengthRequired)
rw.Write([]byte("No email given"))
return
}
member, err = m.database.GetMemberDetail(memberid)
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
rw.Write([]byte("Error fetching member details: " +
err.Error()))
return
}
if member.MemberData.GetUsername() != user && len(m.admingroup) > 0 &&
!m.auth.IsAuthenticatedScope(req, m.admingroup) {
rw.WriteHeader(http.StatusForbidden)
rw.Write([]byte("Only admin users may look at other accounts"))
return
}
// Trash the membership agreement, transmitting it over HTTP doesn't
// make much sense.
member.AgreementPdf = make([]byte, 0)
// The password hash is off limits too.
member.MemberData.Pwhash = nil
rw.Header().Set("Content-Type", "application/json; encoding=utf8")
enc = json.NewEncoder(rw)
if err = enc.Encode(member); err != nil {
rw.WriteHeader(http.StatusInternalServerError)
rw.Write([]byte("Error encoding JSON structure: " + err.Error()))
return
}
}
