// HandleUpdate handles POST or PUT /pages/1/update
func HandleUpdate(context router.Context) error {
// Find the page
page, err := pages.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise updating the page
err = authorise.Resource(context, page)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the page from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = page.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// We then find the page again, and retreive the new Url, in case it has changed during update
page, err = pages.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Redirect to page url
return router.Redirect(context, page.Url)
}
// HandleUpdateShow renders the form to update a post
func HandleUpdateShow(context router.Context) error {
// Find the post
post, err := posts.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update post
err = authorise.Resource(context, post)
if err != nil {
return router.NotAuthorizedError(err)
}
// Find users for author details
users, err := users.FindAll(users.Admins())
if err != nil {
return router.NotFoundError(err)
}
// Render the template
view := view.New(context)
view.AddKey("post", post)
view.AddKey("users", users)
return view.Render()
}
// HandleUpdate handles the POST of the form to update a post
func HandleUpdate(context router.Context) error {
// Find the post
post, err := posts.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update post
err = authorise.Resource(context, post)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the post from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = post.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to post
return router.Redirect(context, post.URLShow())
}
// HandleUpdateShow handles the POST of the form to update a file
func HandleUpdate(context router.Context) error {
// Find the file
file, err := files.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update file
err = authorise.Resource(context, file)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the file from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Find the to user, by querying users on username or email
// Set the user id if found, else return 404 error, user not found
// TODO: Make *sure* this only accepts the params we want
err = file.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to file
return router.Redirect(context, file.URLShow())
}
// HandleUpdate handles the POST of the form to update a page
func HandleUpdate(context router.Context) error {
// Find the page
page, err := pages.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update page
err = authorise.ResourceAndAuthenticity(context, page)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the page from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = page.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to page
return router.Redirect(context, page.URLShow())
}
// HandleUpdate handles the POST of the form to update a user
func HandleUpdate(context router.Context) error {
// Find the user
user, err := users.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update user
err = authorise.ResourceAndAuthenticity(context, user)
if err != nil {
return router.NotAuthorizedError(err)
}
// Get the params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Clean params further for customers, they may only update email, password, key
allowedParams := params.Map()
u := authorise.CurrentUser(context)
if !u.Admin() {
// allowedParams = params.Clean(users.AllowedParamsCustomer())
}
err = user.Update(allowedParams)
if err != nil {
return router.InternalError(err)
}
// Redirect to user
return router.Redirect(context, user.URLShow())
}
// HandleCreateShow serves the create form via GET for posts
func HandleCreateShow(context router.Context) error {
// Authorise
err := authorise.Path(context)
if err != nil {
return router.NotAuthorizedError(err)
}
// Find users for author details
users, err := users.FindAll(users.Admins())
if err != nil {
return router.NotFoundError(err)
}
// Render the template
view := view.New(context)
post := posts.New()
user := authorise.CurrentUser(context)
if user != nil {
post.AuthorId = user.Id
}
view.AddKey("post", post)
view.AddKey("users", users)
return view.Render()
}
// HandleUpdate handles POST or PUT /images/1/update
func HandleUpdate(context router.Context) error {
// Find the image
image, err := images.Find(context.ParamInt("id"))
if err != nil {
context.Logf("#error Error finding image %s", err)
return router.NotFoundError(err)
}
// Authorise
err = authorise.Resource(context, image)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the image
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = image.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// We redirect back to source if redirect param is set
return router.Redirect(context, image.URLUpdate())
}
// HandleUpdate or PUT /users/1/update
func HandleUpdate(context router.Context) error {
// Find the user
id := context.ParamInt("id")
user, err := users.Find(id)
if err != nil {
context.Logf("#error Error finding user %s", err)
return router.NotFoundError(err)
}
// Authorise
err = authorise.ResourceAndAuthenticity(context, user)
if err != nil {
return router.NotAuthorizedError(err)
}
// Get the params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
context.Logf("PARAMS RECD:%v", params)
err = user.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to user
return router.Redirect(context, user.URLShow())
}
// HandleUpdate serves POST or PUT /tags/1/update
func HandleUpdate(context router.Context) error {
// Find the tag
tag, err := tags.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise
err = authorise.Resource(context, tag)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the tag
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = tag.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to tag
return router.Redirect(context, tag.URLShow())
}
// HandleShow serve a get request at /users/1
func HandleShow(context router.Context) error {
// Find the user
user, err := users.Find(context.ParamInt("id"))
if err != nil {
context.Logf("#error parsing user id: %s", err)
return router.NotFoundError(err)
}
userMeta := fmt.Sprintf("%s – %s", user.Name, user.Summary)
// Set up view
view := view.New(context)
// Find the first image which matches this user
image, err := images.Find(user.ImageID)
if err == nil {
// only add image key if we have one
view.AddKey("image", image)
}
// Render the Template
view.AddKey("user", user)
view.AddKey("meta_title", userMeta)
view.AddKey("meta_desc", userMeta)
view.AddKey("meta_keywords", user.Keywords())
return view.Render()
}
// HandleShowPath serves requests to a custom page url
func HandleShowPath(context router.Context) error {
// Setup context for template
path := context.Path()
q := pages.Query().Where("url=?", path).Limit(1)
pages, err := pages.FindAll(q)
if err != nil || len(pages) == 0 {
return router.NotFoundError(err)
}
// Get the first of pages to render
page := pages[0]
// If not published, check authorisation
if !page.IsPublished() {
// Authorise
err = authorise.Resource(context, page)
if err != nil {
return router.NotAuthorizedError(err)
}
}
return render(context, page)
}
// HandleUpdate handles the POST of the form to update a story
func HandleUpdate(context router.Context) error {
// Find the story
story, err := stories.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update story
err = authorise.ResourceAndAuthenticity(context, story)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the story from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = story.Update(params.Map())
if err != nil {
return err // Create returns a router.Error
}
err = updateStoriesRank()
if err != nil {
return router.InternalError(err)
}
// Redirect to story
return router.Redirect(context, story.URLShow())
}
// HandleShowPath serves requests to a custom page url
func HandleShowPath(context router.Context) error {
// Setup context for template
path := context.Path()
// If no pages or users exist, redirect to set up page
if missingUsersAndPages() {
return router.Redirect(context, "/fragmenta/setup")
}
q := pages.Query().Where("url=?", path).Limit(1)
pages, err := pages.FindAll(q)
if err != nil || len(pages) == 0 {
return router.NotFoundError(err)
}
// Get the first of pages to render
page := pages[0]
// For show path of pages, we authorise showing the page FOR ALL users if it is published
if !page.IsPublished() {
// Authorise
err = authorise.Resource(context, page)
if err != nil {
return router.NotAuthorizedError(err)
}
}
return renderPage(context, page)
}
// HandleUpdate responds to POST /comments/update
func HandleUpdate(context router.Context) error {
// Find the comment
comment, err := comments.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update comment, check auth token
err = authorise.ResourceAndAuthenticity(context, comment)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the comment from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
err = comment.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to comment
return router.Redirect(context, comment.URLShow())
}
// HandleUpdate responds to POST /comments/update
func HandleUpdate(context router.Context) error {
// Find the comment
comment, err := comments.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update comment, check auth token
err = authorise.ResourceAndAuthenticity(context, comment)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the comment from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Clean params according to role
accepted := comments.AllowedParams()
if authorise.CurrentUser(context).Admin() {
accepted = comments.AllowedParamsAdmin()
}
cleanedParams := params.Clean(accepted)
err = comment.Update(cleanedParams)
if err != nil {
return router.InternalError(err)
}
// Redirect to comment
return router.Redirect(context, comment.URLShow())
}
// Handle serving assets in dev (if we can) - return true on success
func serveAsset(context router.Context) error {
p := path.Clean(context.Path())
// It must be under /assets, or we don't serve
if !strings.HasPrefix(p, "/assets/") {
return router.NotFoundError(nil)
}
// Try to find an asset in our list
f := appAssets.File(path.Base(p))
if f == nil {
return router.NotFoundError(nil)
}
localPath := "./" + f.LocalPath()
http.ServeFile(context, context.Request(), localPath)
return nil
}
// HandleUpdate or PUT /users/1/update
func HandleUpdate(context router.Context) error {
// Find the user
id := context.ParamInt("id")
user, err := users.Find(id)
if err != nil {
context.Logf("#error Error finding user %s", err)
return router.NotFoundError(err)
}
// Authorise
err = authorise.Resource(context, user)
if err != nil {
return router.NotAuthorizedError(err)
}
// We expect only one image, what about replacing the existing when updating?
// At present we just create a new image
files, err := context.ParamFiles("image")
if err != nil {
return router.InternalError(err)
}
// Get the params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
var imageID int64
if len(files) > 0 {
fileHandle := files[0]
// Create an image (saving the image representation on disk)
imageParams := map[string]string{"name": user.Name, "status": "100"}
imageID, err = images.Create(imageParams, fileHandle)
if err != nil {
return router.InternalError(err)
}
params.Set("image_id", fmt.Sprintf("%d", imageID))
delete(params, "image")
}
err = user.Update(params.Map())
if err != nil {
return router.InternalError(err)
}
// Redirect to user
return router.Redirect(context, user.URLShow())
}
// HandleShow displays a single user
func HandleShow(context router.Context) error {
// Find the user
user, err := users.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Render the template
view := view.New(context)
view.AddKey("user", user)
return view.Render()
}
// HandleShowName displays a single user by name
func HandleShowName(context router.Context) error {
// Find the user
user, err := users.FindName(context.Param("name"))
if err != nil {
return router.NotFoundError(err)
}
// Render the template
view := view.New(context)
view.AddKey("user", user)
view.Template("users/views/show.html.got")
return view.Render()
}
// HandleDownvote handles POST to /stories/123/downvote
func HandleDownvote(context router.Context) error {
// Prevent CSRF
err := authorise.AuthenticityToken(context)
if err != nil {
return router.NotAuthorizedError(err, "Vote Failed", "CSRF failure")
}
// Find the story
story, err := stories.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
user := authorise.CurrentUser(context)
ip := getUserIP(context)
if !user.Admin() {
// Check we have no votes already from this user, if we do fail
if storyHasUserVote(story, user) {
return router.NotAuthorizedError(err, "Vote Failed", "Sorry you are not allowed to vote twice, nice try!")
}
}
// Authorise upvote on story for this user - our rules are:
if !user.CanDownvote() {
return router.NotAuthorizedError(err, "Vote Failed", "Sorry, you can't downvote yet")
}
err = authorise.Resource(context, story)
if err != nil {
return router.NotAuthorizedError(err, "Vote Failed", "Sorry you are not allowed to vote")
}
err = adjustUserPoints(user, -1)
if err != nil {
return err
}
// Adjust points on story and add to the vote table
err = addStoryVote(story, user, ip, -1)
if err != nil {
return err
}
return updateStoriesRank()
}
// Default file handler, used in development - in production serve with nginx
func serveFile(context router.Context) error {
// Assuming we're running from the root of the website
localPath := "./public" + path.Clean(context.Path())
if _, err := os.Stat(localPath); err != nil {
// If file not found return error
if os.IsNotExist(err) {
return router.NotFoundError(err)
}
// For other errors return not authorised
return router.NotAuthorizedError(err)
}
// If the file exists and we can access it, serve it
http.ServeFile(context, context.Request(), localPath)
return nil
}
// HandleUpdateShow serves a get request at /tags/1/update (show form to update)
func HandleUpdateShow(context router.Context) error {
// Find the tag
tag, err := tags.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise
err = authorise.Resource(context, tag)
if err != nil {
return router.NotAuthorizedError(err)
}
// Render the template
view := view.New(context)
view.AddKey("tag", tag)
return view.Render()
}
// HandleUpdateShow renders the form to update a file
func HandleUpdateShow(context router.Context) error {
// Find the file
file, err := files.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update file
err = authorise.ResourceAndAuthenticity(context, file)
if err != nil {
return router.NotAuthorizedError(err)
}
// Render the template
view := view.New(context)
view.AddKey("file", file)
return view.Render()
}
// HandleFlag handles POST to /stories/123/flag
func HandleFlag(context router.Context) error {
// Protect against CSRF
err := authorise.AuthenticityToken(context)
if err != nil {
return router.NotAuthorizedError(err, "Flag Failed", "CSRF failure")
}
// Find the story
story, err := stories.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
user := authorise.CurrentUser(context)
ip := getUserIP(context)
// Check we have no votes already from this user, if we do fail
if storyHasUserFlag(story, user) {
return router.NotAuthorizedError(err, "Flag Failed", "Sorry you are not allowed to flag twice, nice try!")
}
// Authorise upvote on story for this user
if !user.CanFlag() {
return router.NotAuthorizedError(err, "Flag Failed", "Sorry, you can't flag yet")
}
err = authorise.Resource(context, story)
if err != nil {
return router.NotAuthorizedError(err, "Flag Failed", "Sorry you are not allowed to flag")
}
err = adjustUserPoints(user, -1)
if err != nil {
return err
}
err = addStoryVote(story, user, ip, -5)
if err != nil {
return err
}
return updateStoriesRank()
}
// HandleCreate responds to POST images/create
func HandleCreate(context router.Context) error {
// Authorise
err := authorise.Path(context)
if err != nil {
return router.NotAuthorizedError(err)
}
// We expect only one image, what about replacing the existing when updating?
// At present we just create a new image
files, err := context.ParamFiles("image")
if err != nil {
return router.InternalError(err)
}
if len(files) == 0 {
return router.NotFoundError(nil)
}
// Get the params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
id, err := images.Create(params.Map(), files[0])
if err != nil {
context.Logf("#error Error creating image,%s", err)
return router.InternalError(err)
}
// Log creation
context.Logf("#info Created image id,%d", id)
// Redirect to the new image
m, err := images.Find(id)
if err != nil {
context.Logf("#error Error creating image,%s", err)
}
return router.Redirect(context, m.URLShow())
}
// HandleDownvote handles POST to /comments/123/downvote
func HandleDownvote(context router.Context) error {
// Prevent CSRF
err := authorise.AuthenticityToken(context)
if err != nil {
return router.NotAuthorizedError(err, "Vote Failed", "CSRF failure")
}
// Find the comment
comment, err := comments.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
user := authorise.CurrentUser(context)
ip := getUserIP(context)
if !user.Admin() {
// Check we have no votes already from this user, if we do fail
if commentHasUserVote(comment, user) {
return router.NotAuthorizedError(err, "Vote Failed", "Sorry you are not allowed to vote twice, nice try!")
}
}
// Authorise upvote on comment for this user - our rules are:
if !user.CanDownvote() {
return router.NotAuthorizedError(err, "Vote Failed", "Sorry, you can't downvote yet")
}
// CURRENT User burns points for downvoting
err = adjustUserPoints(user, -1)
if err != nil {
return err
}
// Adjust points on comment and add to the vote table
err = addCommentVote(comment, user, ip, -1)
if err != nil {
return err
}
return updateCommentsRank(comment.StoryId)
}
// HandleUpdateShow renders the form to update a user
func HandleUpdateShow(context router.Context) error {
// Find the user
user, err := users.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update user
err = authorise.Resource(context, user)
if err != nil {
return router.NotAuthorizedError(err)
}
// Render the template
view := view.New(context)
view.AddKey("user", user)
return view.Render()
}
// HandleUpdateShow renders the form to update a story
func HandleUpdateShow(context router.Context) error {
// Find the story
story, err := stories.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update story
err = authorise.Resource(context, story)
if err != nil {
return router.NotAuthorizedError(err)
}
// Render the template
view := view.New(context)
view.AddKey("story", story)
view.AddKey("authenticity_token", authorise.CreateAuthenticityToken(context))
return view.Render()
}
// HandleUpdateShow responds to GET /comments/update with the form to update a comment
func HandleUpdateShow(context router.Context) error {
// Find the comment
comment, err := comments.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update comment
err = authorise.Resource(context, comment)
if err != nil {
return router.NotAuthorizedError(err)
}
// Render the template
view := view.New(context)
view.AddKey("comment", comment)
return view.Render()
}