// HandleUpdate or PUT /users/1/update func HandleUpdate(context router.Context) error { // Find the user id := context.ParamInt("id") user, err := users.Find(id) if err != nil { context.Logf("#error Error finding user %s", err) return router.NotFoundError(err) } // Authorise err = authorise.ResourceAndAuthenticity(context, user) if err != nil { return router.NotAuthorizedError(err) } // Get the params params, err := context.Params() if err != nil { return router.InternalError(err) } // Clean params according to role accepted := users.AllowedParams() if authorise.CurrentUser(context).Admin() { accepted = users.AllowedParamsAdmin() } allowedParams := params.Clean(accepted) err = user.Update(allowedParams) if err != nil { return router.InternalError(err) } // Redirect to user return router.Redirect(context, user.URLShow()) }
// HandleCreate handles POST /users/create from the register page func HandleCreate(context router.Context) error { // Check csrf token err := authorise.AuthenticityToken(context) if err != nil { return router.NotAuthorizedError(err) } // Setup context params, err := context.Params() if err != nil { return router.InternalError(err) } // Check for email duplicates email := params.Get("email") if len(email) > 0 { if len(email) < 3 || !strings.Contains(email, "@") { return router.InternalError(err, "Invalid email", "Please just miss out the email field, or use a valid email.") } count, err := users.Query().Where("email=?", email).Count() if err != nil { return router.InternalError(err) } if count > 0 { return router.NotAuthorizedError(err, "User already exists", "Sorry, a user already exists with that email.") } } // Check for invalid or duplicate names name := params.Get("name") if len(name) < 2 { return router.InternalError(err, "Name too short", "Please choose a username longer than 2 characters") } count, err := users.Query().Where("name=?", name).Count() if err != nil { return router.InternalError(err) } if count > 0 { return router.NotAuthorizedError(err, "User already exists", "Sorry, a user already exists with that name, please choose another.") } // Set some defaults for the new user params.SetInt("status", status.Published) params.SetInt("role", users.RoleReader) params.SetInt("points", 1) // Now try to create the user id, err := users.Create(params.Clean(users.AllowedParams())) if err != nil { return router.InternalError(err, "Error", "Sorry, an error occurred creating the user record.") } context.Logf("#info Created user id,%d", id) // Find the user again so we can save login user, err := users.Find(id) if err != nil { context.Logf("#error parsing user id: %s", err) return router.NotFoundError(err) } // Save the fact user is logged in to session cookie err = loginUser(context, user) if err != nil { return router.InternalError(err) } // Redirect to root return router.Redirect(context, "/?message=welcome") }