func HandleSign(r *http.Request) (err error) {
c := appengine.NewContext(r)
if user.Current(c) == nil {
panic("Not logged in .. can only post with authenticated users")
}
if err := r.ParseForm(); err != nil {
return err
}
g := &Buriggie{
Content: r.FormValue("bericht"),
Date: time.Now(),
}
if u := user.Current(c); u != nil {
g.Author = u.String()
}
if _, err := datastore.Put(c, datastore.NewIncompleteKey(c, "Greeting", nil), g); err != nil {
return err
}
// nice and clean
memcache.Delete(c, "buriggies.list.100")
return nil
}
func saveToken(w http.ResponseWriter, r *http.Request) *appError {
c := appengine.NewContext(r)
if appErr := loadConfig(r); appErr != nil {
return appErr
}
if user.Current(c) == nil {
return &appError{nil, "Must be signed in to save token.", 400}
}
code := r.FormValue("code")
if code == "" {
return &appError{nil, "No 'code' parameter found", 500}
}
t := &oauth.Transport{
Config: &cfg,
Transport: urlfetch.Client(c).Transport,
}
if _, err := t.Exchange(code); err != nil {
return &appError{err, "Error exchanging code for token.", 500}
}
d := datastore.New(c)
if err := d.SaveToken(user.Current(c).Email, t.Token); err != nil {
return &appError{err, "Error saving token.", 500}
}
http.Redirect(w, r, "/app", http.StatusFound)
return nil
}
func TestContext(t *testing.T) {
c, err := NewContext(nil)
if err != nil {
t.Fatalf("NewContext: %v", err)
}
defer c.Close()
_, err = memcache.Get(c, "foo")
if err != memcache.ErrCacheMiss {
t.Fatalf("Get err = %v; want ErrCacheMiss", err)
}
it := &memcache.Item{
Key: "foo",
Value: []byte("value"),
}
err = memcache.Set(c, it)
if err != nil {
t.Fatalf("Set err = %v", err)
}
it, err = memcache.Get(c, "foo")
if err != nil {
t.Fatalf("Get err = %v; want no error", err)
}
if string(it.Value) != "value" {
t.Errorf("got Item.Value = %q; want %q", string(it.Value), "value")
}
e := &Entity{Foo: "foo", Bar: "bar"}
k := datastore.NewKey(c, "Entity", "", 1, nil)
_, err = datastore.Put(c, k, e)
if err != nil {
t.Fatalf("datastore.Put: %v", err)
}
u := user.Current(c)
if u != nil {
t.Fatalf("User should not be not logged in!")
}
c.Login("*****@*****.**", false)
u = user.Current(c)
if u == nil {
t.Fatalf("User should be logged in!")
}
id1 := u.ID
c.Logout()
u = user.Current(c)
if u != nil {
t.Fatalf("User should not be not logged in!")
}
c.Login("*****@*****.**", false)
u = user.Current(c)
if u == nil {
t.Fatalf("User should be logged in!")
}
if id1 == u.ID {
t.Fatalf("User IDs should be unique")
}
}
func handleSign(w http.ResponseWriter, r *http.Request) {
if r.Method != "POST" {
serve404(w)
return
}
c := appengine.NewContext(r)
u := user.Current(c)
userName := ""
if u != nil { //a google user
userName = u.String()
} else { //not a google user
//is it a local user?
cookie, err := r.Cookie("email")
if err == nil {
userName = cookie.Value
} else { //no logged in yet
badRequest(w, "Only login user can post messages.")
return
}
}
if err := r.ParseForm(); err != nil {
serveError(c, w, err)
return
}
tagsString := r.FormValue("tags")
m := &Message{
ID: 0,
Title: template.HTMLEscapeString(r.FormValue("title")),
Author: template.HTMLEscapeString(r.FormValue("author")),
Content: []byte(template.HTMLEscapeString(r.FormValue("content"))),
Tags: strings.Split(template.HTMLEscapeString(tagsString), ","),
Date: time.Now(),
Views: 0,
Good: 0,
Bad: 0,
}
if badTitle(m.Title) || badAuthor(m.Author) || badContent(string(m.Content)) || badTag(tagsString) {
badRequest(w, "Input too long")
return
}
processMsgContent(m)
//TODO: build References and Referedby list
if u := user.Current(c); u != nil {
m.Author = userName
//TODO: hook this message under user's msglist
}
k, err := datastore.Put(c, datastore.NewIncompleteKey(c, "aMessage", nil), m)
if err != nil {
serveError(c, w, err)
return
}
putMsgTags(r, k.IntID(), m.Tags)
setCount(w, r)
http.Redirect(w, r, "/", http.StatusFound)
}
// PUT http://localhost:8080/profiles/ahdkZXZ-ZmVkZXJhdGlvbi1zZXJ2aWNlc3IVCxIIcHJvZmlsZXMYgICAgICAgAoM
// {"first_name": "Ivan", "nick_name": "Socks", "last_name": "Hawkes"}
//
func (u *ProfileApi) update(r *restful.Request, w *restful.Response) {
c := appengine.NewContext(r.Request)
// Decode the request parameter to determine the key for the entity.
k, err := datastore.DecodeKey(r.PathParameter("profile-id"))
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// Marshall the entity from the request into a struct.
p := new(Profile)
err = r.ReadEntity(&p)
if err != nil {
w.WriteError(http.StatusNotAcceptable, err)
return
}
// Retrieve the old entity from the datastore.
old := Profile{}
if err := datastore.Get(c, k, &old); err != nil {
if err.Error() == "datastore: no such entity" {
http.Error(w, err.Error(), http.StatusNotFound)
} else {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
return
}
// Check we own the profile before allowing them to update it.
// Optionally, return a 404 instead to help prevent guessing ids.
// TODO: Allow admins access.
if old.Email != user.Current(c).String() {
http.Error(w, "You do not have access to this resource", http.StatusForbidden)
return
}
// Since the whole entity is re-written, we need to assign any invariant fields again
// e.g. the owner of the entity.
p.Email = user.Current(c).String()
// Keep track of the last modification date.
p.LastModified = time.Now()
// Attempt to overwrite the old entity.
_, err = datastore.Put(c, k, p)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
// Let them know it succeeded.
w.WriteHeader(http.StatusNoContent)
}
// Authenticate process the request and returns a populated UserProfile.
// If the Authenticate method can not authenticate the User based on the
// request, an error or a redirect URL wll be return.
func (p *Provider) Authenticate(w http.ResponseWriter, r *http.Request) (
up *profile.Profile, redirectURL string, err error) {
c := context.NewContext(r)
url := r.FormValue("provider")
// Set provider info.
up = profile.New(p.Name, url)
// Check for current User.
u := aeuser.Current(c)
if u == nil {
redirectURL := r.URL.Path + "/callback"
loginUrl, err := aeuser.LoginURLFederated(c, redirectURL, url)
return up, loginUrl, err
}
if u.FederatedIdentity != "" {
up.ID = u.FederatedIdentity
} else {
up.ID = u.ID
}
per := new(person.Person)
per.Email = u.Email
per.Emails = []*person.PersonEmails{
&person.PersonEmails{true, "home", u.Email},
}
per.URL = u.FederatedIdentity
up.Person = per
return up, "", nil
}
func ExportOpml(c mpg.Context, w http.ResponseWriter, r *http.Request) {
cu := user.Current(c)
gn := goon.FromContext(c)
u := User{Id: cu.ID}
ud := UserData{Id: "data", Parent: gn.Key(&User{Id: cu.ID})}
if err := gn.Get(&u); err != nil {
serveError(w, err)
return
}
gn.Get(&ud)
opml := Opml{}
json.Unmarshal(ud.Opml, &opml)
opml.Version = "1.0"
opml.Title = fmt.Sprintf("%s subscriptions in Go Read", u.Email)
for _, o := range opml.Outline {
o.Text = o.Title
if len(o.XmlUrl) > 0 {
o.Type = "rss"
}
for _, so := range o.Outline {
so.Text = so.Title
so.Type = "rss"
}
}
b, _ := xml.MarshalIndent(&opml, "", "\t")
w.Header().Add("Content-Type", "text/xml")
w.Header().Add("Content-Disposition", "attachment; filename=subscriptions.opml")
fmt.Fprint(w, xml.Header, string(b))
}
func MarkUnread(c mpg.Context, w http.ResponseWriter, r *http.Request) {
cu := user.Current(c)
gn := goon.FromContext(c)
read := make(Read)
f := r.FormValue("feed")
s := r.FormValue("story")
rs := readStory{Feed: f, Story: s}
u := &User{Id: cu.ID}
ud := &UserData{
Id: "data",
Parent: gn.Key(u),
}
gn.RunInTransaction(func(gn *goon.Goon) error {
if err := gn.Get(ud); err != nil {
return err
}
gob.NewDecoder(bytes.NewReader(ud.Read)).Decode(&read)
delete(read, rs)
b := bytes.Buffer{}
gob.NewEncoder(&b).Encode(&read)
ud.Read = b.Bytes()
_, err := gn.Put(ud)
return err
}, nil)
}
func Donate(c mpg.Context, w http.ResponseWriter, r *http.Request) {
cu := user.Current(c)
gn := goon.FromContext(c)
u := User{Id: cu.ID}
if err := gn.Get(&u); err != nil {
serveError(w, err)
return
}
amount, err := strconv.Atoi(r.FormValue("amount"))
if err != nil || amount < 200 {
serveError(w, fmt.Errorf("bad amount: %v", r.FormValue("amount")))
return
}
resp, err := stripe(c, "POST", "charges", url.Values{
"amount": {r.FormValue("amount")},
"description": {fmt.Sprintf("%v - %v", u.Id, u.Email)},
"card": {r.FormValue("stripeToken")},
"currency": {"usd"},
}.Encode())
if err != nil {
serveError(w, err)
return
} else if resp.StatusCode != http.StatusOK {
c.Errorf("%s", resp.Body)
serveError(w, fmt.Errorf("Error"))
return
}
}
func admin(w http.ResponseWriter, r *http.Request) {
// handle requests to "/admin/"
c := appengine.NewContext(r)
billQuery := datastore.NewQuery("Bill").Order("-Session").Order("-Number")
bills := make([]bill.Bill, 0)
if _, err := billQuery.GetAll(c, &bills); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
senatorQuery := datastore.NewQuery("Senator").Order("-Name")
senators := make([]senator.Senator, 0)
if _, err := senatorQuery.GetAll(c, &senators); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
login, _ := user.LoginURL(c, "/")
logout, _ := user.LogoutURL(c, "/")
pageInfo := PageInfo{Title: "Administrator Dashboard",
User: user.Current(c),
Admin: user.IsAdmin(c),
LoginURL: login,
LogoutURL: logout,
Bills: bills,
Senators: senators}
if err := adminTemplate.Execute(w, pageInfo); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
}
func AppOps(w http.ResponseWriter, r *http.Request) {
c := appengine.NewContext(r)
u := user.Current(c) // Login is mandatory on this page. No need to check nil value here.
if !IsUserAllowed(u) {
InvalidUserPage(c, w, r, u)
return
}
logoutUrl, err := LogoutURL(c, r)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
investments, err := GetInvestments(c)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
params := appParams{
User: u.String(),
LogoutURL: logoutUrl,
Investments: investments}
if err := appOpsTemplate.Execute(w, params); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
}
func DeleteTag(c appengine.Context, tag string) (err os.Error) {
// Fetch bookmarks with this tag
q := datastore.NewQuery("Bookmark").Filter("UserId=", user.Current(c).Id).Filter("Tags=", tag)
count, err := q.Count(c)
if err != nil {
return err
}
var bms []Bookmark
keys, err := q.GetAll(c, &bms)
if err != nil {
return err
}
// Remove tag from bookmark
bmsRef := make([]interface{}, count)
for i := 0; i < len(bms); i++ {
bmsRef[i] = &bms[i]
btags := bms[i].Tags
for j := 0; j < len(btags); j++ {
if btags[j] == tag {
bms[i].Tags = append(btags[:j], btags[j+1:]...)
break
}
}
}
// Put them back on the datastore
_, err = datastore.PutMulti(c, keys, bmsRef)
return err
}
func UploadOpml(c mpg.Context, w http.ResponseWriter, r *http.Request) {
opml := Opml{}
if err := json.Unmarshal([]byte(r.FormValue("opml")), &opml.Outline); err != nil {
serveError(w, err)
return
}
backupOPML(c)
cu := user.Current(c)
gn := goon.FromContext(c)
u := User{Id: cu.ID}
ud := UserData{Id: "data", Parent: gn.Key(&u)}
if err := gn.Get(&ud); err != nil {
serveError(w, err)
c.Errorf("get err: %v", err)
return
}
if b, err := json.Marshal(&opml); err != nil {
serveError(w, err)
c.Errorf("json err: %v", err)
return
} else {
l := Log{
Parent: ud.Parent,
Id: time.Now().UnixNano(),
Text: fmt.Sprintf("upload opml: %v -> %v", len(ud.Opml), len(b)),
}
ud.Opml = b
if _, err := gn.PutMany(&ud, &l); err != nil {
serveError(w, err)
return
}
backupOPML(c)
}
}
func MarkRead(c mpg.Context, w http.ResponseWriter, r *http.Request) {
cu := user.Current(c)
gn := goon.FromContext(c)
read := make(Read)
var stories []readStory
defer r.Body.Close()
b, _ := ioutil.ReadAll(r.Body)
if err := json.Unmarshal(b, &stories); err != nil {
serveError(w, err)
return
}
gn.RunInTransaction(func(gn *goon.Goon) error {
u := &User{Id: cu.ID}
ud := &UserData{
Id: "data",
Parent: gn.Key(u),
}
if err := gn.Get(ud); err != nil {
return err
}
gob.NewDecoder(bytes.NewReader(ud.Read)).Decode(&read)
for _, s := range stories {
read[s] = true
}
var b bytes.Buffer
gob.NewEncoder(&b).Encode(&read)
ud.Read = b.Bytes()
_, err := gn.Put(ud)
return err
}, nil)
}
func AddSubscription(c mpg.Context, w http.ResponseWriter, r *http.Request) {
backupOPML(c)
cu := user.Current(c)
url := r.FormValue("url")
o := &OpmlOutline{
Outline: []*OpmlOutline{
&OpmlOutline{XmlUrl: url},
},
}
if err := addFeed(c, cu.ID, o); err != nil {
c.Errorf("add sub error (%s): %s", url, err.Error())
serveError(w, err)
return
}
gn := goon.FromContext(c)
ud := UserData{Id: "data", Parent: gn.Key(&User{Id: cu.ID})}
gn.Get(&ud)
if err := mergeUserOpml(c, &ud, o); err != nil {
c.Errorf("add sub error opml (%v): %v", url, err)
serveError(w, err)
return
}
gn.PutMany(&ud, &Log{
Parent: ud.Parent,
Id: time.Now().UnixNano(),
Text: fmt.Sprintf("add sub: %v", url),
})
if r.Method == "GET" {
http.Redirect(w, r, routeUrl("main"), http.StatusFound)
}
backupOPML(c)
}
// Renders a template
func Render(w http.ResponseWriter, r *http.Request, passedTemplate *bytes.Buffer, Statuscode ...int) {
// Add some HTTP Headers
if len(Statuscode) == 1 {
w.WriteHeader(Statuscode[0])
}
c := appengine.NewContext(r)
u := user.Current(c)
headerdata := HeaderData{}
if u != nil {
headerdata.IsLoggedIn = true
headerdata.Username = u.String()
if user.IsAdmin(c) {
headerdata.IsAdmin = true
}
}
// Header
template.Must(template.ParseFiles("templates/header.html")).Execute(w, headerdata)
// Now add the passedTemplate
fmt.Fprintf(w, "%s", string(passedTemplate.Bytes())) // %s = the uninterpreted bytes of the string or slice
// And now we execute the footer
template.Must(template.ParseFiles("templates/footer.html")).Execute(w, nil)
}
func ninjalogForm(w http.ResponseWriter, req *http.Request) {
if req.Method == "POST" {
ninjalogUpload(w, req)
return
}
ctx := appengine.NewContext(req)
u := user.Current(ctx)
login, err := user.LoginURL(ctx, "/ninja_log/")
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
logout, err := user.LogoutURL(ctx, "/ninja_log/")
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
w.Header().Set("Content-Type", "text/html")
w.WriteHeader(http.StatusOK)
data := struct {
User *user.User
Login string
Logout string
}{
User: u,
Login: login,
Logout: logout,
}
err = formTmpl.Execute(w, data)
if err != nil {
ctx.Errorf("formTmpl: %v", err)
}
}
func createPageHeader(title string, w http.ResponseWriter, r *http.Request) *PageHeader {
pageHeader := &PageHeader{Title: title}
c := appengine.NewContext(r)
u := user.Current(c)
if u == nil {
url, err := user.LoginURL(c, r.URL.String())
if err != nil {
panic("user.LoginURL error: " + err.Error())
}
pageHeader.UserURL = url
pageHeader.UserLabel = "Login"
pageHeader.IsAdmin = false
} else {
url, err := user.LogoutURL(c, r.URL.String())
if err != nil {
panic("user.LogoutURL error: " + err.Error())
}
pageHeader.UserURL = url
pageHeader.UserLabel = "Logout"
pageHeader.LoginMessage = "Hello, " + u.String() + "!"
pageHeader.IsAdmin = user.IsAdmin(c)
w.Header().Set("Pragma", "no-cache")
}
return pageHeader
}
func DeleteUser(w http.ResponseWriter, r *http.Request) {
c := appengine.NewContext(r)
username := GetRequestVar(r, "username", c)
username = strings.ToLower(username)
userID, err := getUserID(username, c)
if err != nil {
c.Infof("Could not find user with username '%v': %v", username, err.Error())
http.NotFound(w, r)
return
}
currentUser := user.Current(c)
if !canDeleteAppUser(userID, currentUser) {
c.Errorf("%v cannot delete user %v.", currentUser.ID, userID)
http.Error(w, "You cannot delete another user.", http.StatusForbidden)
return
}
c.Infof("Deleting user %v...", userID)
err = deleteAppUser(userID, c)
if err != nil {
c.Errorf("Failed to delete user %v: %v", userID, err)
http.Error(w, "Failed to delete user.", http.StatusInternalServerError)
return
}
c.Infof("Deleted user %v.", userID)
resp := OkResponse{true}
sendJsonResponse(w, resp)
}
func newgame(w http.ResponseWriter, r *http.Request) {
c := appengine.NewContext(r)
u := user.Current(c)
if u == nil {
url, err := user.LoginURL(c, r.URL.String())
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
w.Header().Set("Location", url)
w.WriteHeader(http.StatusFound)
return
}
url, err := user.LogoutURL(c, r.URL.String())
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
i := Index{
User: u.Email,
Login: false,
URL: url,
}
if err := newGameTemplate.Execute(w, i); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
}
func FeedHistory(c mpg.Context, w http.ResponseWriter, r *http.Request) {
cu := user.Current(c)
gn := goon.FromContext(c)
u := User{Id: cu.ID}
uk := gn.Key(&u)
if v := r.FormValue("v"); len(v) == 0 {
q := datastore.NewQuery(gn.Key(&UserOpml{}).Kind()).Ancestor(uk).KeysOnly()
keys, err := gn.GetAll(q, nil)
if err != nil {
serveError(w, err)
return
}
times := make([]string, len(keys))
for i, k := range keys {
times[i] = strconv.FormatInt(k.IntID(), 10)
}
b, _ := json.Marshal(×)
w.Write(b)
} else {
a, _ := strconv.ParseInt(v, 10, 64)
uo := UserOpml{Id: a, Parent: uk}
if err := gn.Get(&uo); err != nil {
serveError(w, err)
return
}
downloadOpml(w, uo.opml(), cu.Email)
}
}
// uploadHandler handles the image upload and stores a new Overlay in the
// datastore. If successful, it writes the Overlay's key to the response.
func uploadHandler(c appengine.Context, w http.ResponseWriter, r *http.Request) *appError {
// Handle the upload, and get the image's BlobKey.
blobs, _, err := blobstore.ParseUpload(r)
if err != nil {
return appErrorf(err, "could not parse blobs from blobstore upload")
}
b := blobs["overlay"]
if len(b) < 1 {
return appErrorf(nil, "could not find overlay blob")
}
bk := b[0].BlobKey
// Fetch image from blob store to find its width and height.
m, err := imageBlob(c, bk)
if err != nil {
return appErrorf(err, "could not get image")
}
// Create and store a new Overlay in the datastore.
o := &Overlay{
Owner: user.Current(c).ID,
Image: bk,
Width: m.Bounds().Dx(),
Height: m.Bounds().Dy(),
}
k := datastore.NewIncompleteKey(c, "Overlay", nil)
k, err = datastore.Put(c, k, o)
if err != nil {
return appErrorf(err, "could not save new overlay to datastore")
}
// It will be known hereafter by its datastore-provided key.
fmt.Fprintf(w, "%s", k.Encode())
return nil
}
func ByTags(c appengine.Context, tags []string) (bms []Bookmark, err os.Error) {
q := datastore.NewQuery("Bookmark").Filter("UserId=", user.Current(c).Id).Order("Title")
// Build query
var negTags []string
for _, tag := range tags {
if tag != "" {
op := tag[0:1]
switch op {
case "-":
negTags = append(negTags, tag[1:])
case "!":
q.Filter("Tags=", tag[1:])
default:
q.Filter("Tags=", tag)
}
}
}
count, err := q.Count(c)
if err != nil {
return
}
bms = make([]Bookmark, 0, count)
_, err = q.GetAll(c, &bms)
bms = FilterTags(bms, negTags)
return bms, err
}
func join(w http.ResponseWriter, r *http.Request) {
c := appengine.NewContext(r)
u := user.Current(c)
if u == nil {
url, err := user.LoginURL(c, r.URL.String())
if err != nil {
http.Error(w, err.String(), http.StatusInternalServerError)
return
}
w.Header().Set("Location", url)
w.WriteHeader(http.StatusFound)
return
}
r.ParseForm()
// TODO check table arg
state, err := joinTable(c, r.Form["table"][0], u.String())
if err != nil {
http.Error(w, err.String(), http.StatusInternalServerError)
return
}
var b []byte
b, err = json.Marshal(state)
if err != nil {
http.Error(w, err.String(), http.StatusInternalServerError)
return
}
fmt.Fprintf(w, "%s", b)
}
func doUncheckout(c mpg.Context) (*UserCharge, error) {
cu := user.Current(c)
gn := goon.FromContext(c)
u := User{Id: cu.ID}
uc := UserCharge{Id: 1, Parent: gn.Key(&u)}
if err := gn.Get(&u); err != nil {
return nil, err
}
if err := gn.Get(&uc); err != nil || len(uc.Customer) == 0 {
return nil, err
}
resp, err := stripe(c, "DELETE", "customers/"+uc.Customer, "")
if err != nil {
return nil, err
} else if resp.StatusCode != http.StatusOK {
c.Errorf("%s", resp.Body)
c.Errorf("stripe delete error, but proceeding")
}
if err := gn.RunInTransaction(func(gn *goon.Goon) error {
if err := gn.Get(&u); err != nil && err != datastore.ErrNoSuchEntity {
return err
}
u.Account = AFree
u.Until = uc.Next
if err := gn.Delete(gn.Key(&uc)); err != nil {
return err
}
_, err := gn.Put(&u)
return err
}, nil); err != nil {
return nil, err
}
return &uc, nil
}
func MarkRead(c mpg.Context, w http.ResponseWriter, r *http.Request) {
cu := user.Current(c)
gn := goon.FromContext(c)
read := make(Read)
var stories []readStory
if r.FormValue("stories") != "" {
json.Unmarshal([]byte(r.FormValue("stories")), &stories)
}
if r.FormValue("feed") != "" {
stories = append(stories, readStory{
Feed: r.FormValue("feed"),
Story: r.FormValue("story"),
})
}
gn.RunInTransaction(func(gn *goon.Goon) error {
u := &User{Id: cu.ID}
ud := &UserData{
Id: "data",
Parent: gn.Key(u),
}
gn.Get(ud)
gob.NewDecoder(bytes.NewReader(ud.Read)).Decode(&read)
for _, s := range stories {
read[s] = true
}
var b bytes.Buffer
gob.NewEncoder(&b).Encode(&read)
ud.Read = b.Bytes()
_, err := gn.Put(ud)
return err
}, nil)
}
func CheckPerm(w http.ResponseWriter, r *http.Request, op byte) (err error) {
c := appengine.NewContext(r)
u := user.Current(c)
if u == nil {
redirectLogin(w, r)
return errors.New("user not exits")
}
if !user.IsAdmin(c) {
// Si no es admin, deberiamos buscarlo en nuestra base
// de datos de usuarios permitidos y comprobar si
// con su rol puede hacer dicha operación
// De esa busqueda calculamos la variable perm y la comparamos
// con op
/*if !IsAllowed(perm,op){
redirectLogin(w,r)
return
}*/
redirectLogin(w, r)
return errors.New("user has not perm for the operation")
}
// Si es admin puede cualquier cosa
return nil
}
func Index(w http.ResponseWriter, r *http.Request) {
if r.Method != "GET" {
http.Error(w, "GET request only", http.StatusMethodNotAllowed)
return
}
c := appengine.NewContext(r)
q := datastore.NewQuery("Greeting").Ancestor(models.GuestBookKey(c)).Order("-Date").Limit(10)
greetings := make([]models.Greeting, 0, 10)
if _, err := q.GetAll(c, &greetings); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
type exec struct {
Author string
Greetings []models.Greeting
}
e := exec{
Greetings: greetings,
}
if u := user.Current(c); u != nil {
e.Author = u.String()
}
if err := views.GuestBookTemplate.Execute(w, e); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
}
// NewPage returns a new Page initialized embedding the template with the
// given name and data, the current user for the given context, and the
// latest announcement.
func NewPage(ctx appengine.Context, name string, data interface{}) (*Page, error) {
p := &Page{
Content: name,
Data: data,
Topics: topicList,
Cities: cityList,
}
a, err := conf.LatestAnnouncement(ctx)
if err != nil {
ctx.Errorf("latest announcement: %v", err)
}
if a != nil {
p.Announcement = a.Message
}
if u := user.Current(ctx); u != nil {
p.User = u
p.LogoutURL, err = user.LogoutURL(ctx, "/")
} else {
p.LoginURL, err = user.LoginURL(ctx, "/")
}
return p, err
}
func webuserOK(c appengine.Context, w http.ResponseWriter, r *http.Request) bool {
if !userauthenticated(c) {
url, err := user.LoginURL(c, r.URL.String())
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return false
}
w.Header().Set("Location", url)
w.WriteHeader(http.StatusFound)
return false
}
u := user.Current(c)
authzed, err := userauthorized(c, u.Email)
if err != nil {
c.Errorf("authorization error: %v", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return false
}
if !authzed {
c.Warningf("authorization failure: %v", u.Email)
w.WriteHeader(http.StatusForbidden)
err = templates.ExecuteTemplate(w, "unauthorized.html", nil)
if err != nil {
c.Errorf("unauthorized user and got err on template: %v", err)
}
return false
}
return true
}