// HandleUpdate handles the POST of the form to update a user
func HandleUpdate(context router.Context) error {
// Find the user
user, err := users.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update user
err = authorise.ResourceAndAuthenticity(context, user)
if err != nil {
return router.NotAuthorizedError(err)
}
// Get the params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Clean params further for customers, they may only update email, password, key
allowedParams := params.Map()
u := authorise.CurrentUser(context)
if !u.Admin() {
// allowedParams = params.Clean(users.AllowedParamsCustomer())
}
err = user.Update(allowedParams)
if err != nil {
return router.InternalError(err)
}
// Redirect to user
return router.Redirect(context, user.URLShow())
}
// HandleShow displays a single user
func HandleShow(context router.Context) error {
// Find the user
user, err := users.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Render the template
view := view.New(context)
view.AddKey("user", user)
return view.Render()
}
// HandleCreate handles the POST of the create form for users
func HandleCreate(context router.Context) error {
// Authorise
err := authorise.Resource(context, nil)
if err != nil {
return router.NotAuthorizedError(err)
}
// Setup context
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Default to customer role etc - admins will have to promote afterwards
params.Set("role", fmt.Sprintf("%d", users.RoleCustomer))
params.Set("status", fmt.Sprintf("%d", status.Published))
id, err := users.Create(params.Map())
if err != nil {
return err
}
// Log creation
context.Logf("#info Created user id,%d", id)
// Redirect to the new user
user, err := users.Find(id)
if err != nil {
return router.InternalError(err)
}
// Save the details in a secure cookie
session, err := auth.Session(context, context.Request())
if err != nil {
return router.InternalError(err)
}
context.Logf("#info CREATE for user: %d", user.Id)
session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
session.Save(context)
// Send them to their user profile page
return router.Redirect(context, user.URLShow())
}
// HandleUpdateShow renders the form to update a user
func HandleUpdateShow(context router.Context) error {
// Find the user
user, err := users.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update user
err = authorise.Resource(context, user)
if err != nil {
return router.NotAuthorizedError(err)
}
// Render the template
view := view.New(context)
view.AddKey("user", user)
return view.Render()
}
// HandleDestroy handles a DESTROY request for users
func HandleDestroy(context router.Context) error {
// Find the user
user, err := users.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise destroy user
err = authorise.Resource(context, user)
if err != nil {
return router.NotAuthorizedError(err)
}
// Destroy the user
user.Destroy()
// Redirect to users root
return router.Redirect(context, user.URLIndex())
}
// CurrentUser returns the saved user (or an empty anon user) for the current session cookie
// Strictly speaking this should be authenticate.User
func CurrentUser(context router.Context) *users.User {
// First check if the user has already been set on context, if so return it
if context.Get("current_user") != nil {
return context.Get("current_user").(*users.User)
}
// Start with an anon user by default (role 0, id 0)
user := &users.User{}
// Build the session from the secure cookie, or create a new one
session, err := auth.Session(context.Writer(), context.Request())
if err != nil {
context.Logf("#error problem retrieving session")
return user
}
// Fetch the current user record if we have one recorded in the session
var id int64
ids := session.Get(auth.SessionUserKey)
if len(ids) > 0 {
id, err = strconv.ParseInt(ids, 10, 64)
if err != nil {
context.Logf("#error Error decoding session user key:%s\n", err)
return user
}
}
if id != 0 {
u, err := users.Find(id)
if err != nil {
context.Logf("#info User not found from session id:%d\n", id)
return user
}
user = u
}
return user
}