// HandleDownvote handles POST to /stories/123/downvote func HandleDownvote(context router.Context) error { // Prevent CSRF err := authorise.AuthenticityToken(context) if err != nil { return router.NotAuthorizedError(err, "Vote Failed", "CSRF failure") } // Find the story story, err := stories.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } user := authorise.CurrentUser(context) ip := getUserIP(context) if !user.Admin() { // Check we have no votes already from this user, if we do fail if storyHasUserVote(story, user) { return router.NotAuthorizedError(err, "Vote Failed", "Sorry you are not allowed to vote twice, nice try!") } } // Authorise upvote on story for this user - our rules are: if !user.CanDownvote() { return router.NotAuthorizedError(err, "Vote Failed", "Sorry, you can't downvote yet") } err = authorise.Resource(context, story) if err != nil { return router.NotAuthorizedError(err, "Vote Failed", "Sorry you are not allowed to vote") } err = adjustUserPoints(user, -1) if err != nil { return err } // Adjust points on story and add to the vote table err = addStoryVote(story, user, ip, -1) if err != nil { return err } return updateStoriesRank() }
// HandleFlag handles POST to /stories/123/flag func HandleFlag(context router.Context) error { // Protect against CSRF err := authorise.AuthenticityToken(context) if err != nil { return router.NotAuthorizedError(err, "Flag Failed", "CSRF failure") } // Find the story story, err := stories.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } user := authorise.CurrentUser(context) ip := getUserIP(context) // Check we have no votes already from this user, if we do fail if storyHasUserFlag(story, user) { return router.NotAuthorizedError(err, "Flag Failed", "Sorry you are not allowed to flag twice, nice try!") } // Authorise upvote on story for this user if !user.CanFlag() { return router.NotAuthorizedError(err, "Flag Failed", "Sorry, you can't flag yet") } err = authorise.Resource(context, story) if err != nil { return router.NotAuthorizedError(err, "Flag Failed", "Sorry you are not allowed to flag") } err = adjustUserPoints(user, -1) if err != nil { return err } err = addStoryVote(story, user, ip, -5) if err != nil { return err } return updateStoriesRank() }
// HandleUpdateShow renders the form to update a story func HandleUpdateShow(context router.Context) error { // Find the story story, err := stories.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update story err = authorise.Resource(context, story) if err != nil { return router.NotAuthorizedError(err) } // Render the template view := view.New(context) view.AddKey("story", story) view.AddKey("authenticity_token", authorise.CreateAuthenticityToken(context)) return view.Render() }
// HandleUpdateShow responds to GET /comments/update with the form to update a comment func HandleUpdateShow(context router.Context) error { // Find the comment comment, err := comments.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise update comment err = authorise.Resource(context, comment) if err != nil { return router.NotAuthorizedError(err) } // Render the template view := view.New(context) view.AddKey("comment", comment) return view.Render() }
// HandleUpdateShow serves a get request at /users/1/update (show form to update) func HandleUpdateShow(context router.Context) error { // Setup context for template view := view.New(context) user, err := users.Find(context.ParamInt("id")) if err != nil { context.Logf("#error Error finding user %s", err) return router.NotFoundError(err) } // Authorise err = authorise.Resource(context, user) if err != nil { return router.NotAuthorizedError(err) } view.AddKey("user", user) return view.Render() }
// HandleDestroy handles a DESTROY request for stories func HandleDestroy(context router.Context) error { // Find the story story, err := stories.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise destroy story err = authorise.Resource(context, story) if err != nil { return router.NotAuthorizedError(err) } // Destroy the story story.Destroy() // Redirect to stories root return router.Redirect(context, story.URLIndex()) }
// HandleDestroy handles a DESTROY request for comments func HandleDestroy(context router.Context) error { // Find the comment comment, err := comments.Find(context.ParamInt("id")) if err != nil { return router.NotFoundError(err) } // Authorise destroy comment err = authorise.Resource(context, comment) if err != nil { return router.NotAuthorizedError(err) } // Destroy the comment comment.Destroy() // Redirect to comments root return router.Redirect(context, comment.URLIndex()) }