// UpdateMany handles PUT on the collection func (ctl *AttendeesController) UpdateMany(c *models.Context) { // Verify event_id is a positive integer eventID, err := strconv.ParseInt(c.RouteVars["event_id"], 10, 64) if err != nil { glog.Errorln(err.Error()) c.RespondWithErrorMessage( fmt.Sprintf("The supplied event ID ('%s') is not a number.", c.RouteVars["event_id"]), http.StatusBadRequest, ) return } ems := []models.AttendeeType{} err = c.Fill(&ems) if err != nil { glog.Errorln(err.Error()) c.RespondWithErrorMessage( fmt.Sprintf("The post data is invalid: %v", err.Error()), http.StatusBadRequest, ) return } // Start : Authorisation perms := models.GetPermission( models.MakeAuthorisationContext( c, 0, h.ItemTypes[h.ItemTypeEvent], eventID), ) if !perms.CanCreate { c.RespondWithErrorDetail( e.New(c.Site.ID, c.Auth.ProfileID, "attendees.go::UpdateMany", e.NoCreate, "Not authorized to create attendee: CanCreate false"), http.StatusForbidden, ) return } // Everyone can set self to any status. Event/site owners can set people to any status apart from 'attending'. // Also check that profile exists on site. if perms.IsOwner || perms.IsModerator || perms.IsSiteOwner { for _, m := range ems { if m.ProfileID != c.Auth.ProfileID && m.RSVP == "yes" { c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden) return } _, status, err := models.GetProfileSummary(c.Site.ID, m.ProfileID) if err != nil { c.RespondWithErrorMessage(h.NoAuthMessage, status) return } } } else { for _, m := range ems { if m.ProfileID != c.Auth.ProfileID { c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden) return } _, status, err := models.GetProfileSummary(c.Site.ID, m.ProfileID) if err != nil { c.RespondWithErrorMessage(h.NoAuthMessage, status) return } } } // End : Authorisation t := time.Now() // Populate where applicable from auth and context for i := range ems { ems[i].EventID = eventID ems[i].Meta.CreatedByID = c.Auth.ProfileID ems[i].Meta.Created = t ems[i].Meta.EditedNullable = pq.NullTime{Time: t, Valid: true} ems[i].Meta.EditedByNullable = sql.NullInt64{Int64: c.Auth.ProfileID, Valid: true} } status, err := models.UpdateManyAttendees(c.Site.ID, ems) if err != nil { glog.Error(err) c.RespondWithErrorDetail(err, status) return } for _, m := range ems { if m.RSVP == "yes" { go models.SendUpdatesForNewAttendeeInAnEvent(c.Site.ID, m) // The new attendee should be following the event now go models.RegisterWatcher( m.ProfileID, h.UpdateTypes[h.UpdateTypeEventReminder], m.EventID, h.ItemTypes[h.ItemTypeEvent], c.Site.ID, ) } audit.Replace( c.Site.ID, h.ItemTypes[h.ItemTypeAttendee], m.ID, c.Auth.ProfileID, time.Now(), c.IP, ) } c.RespondWithOK() }
// Create handles POST func (ctl *CommentsController) Create(c *models.Context) { m := models.CommentSummaryType{} err := c.Fill(&m) if err != nil { c.RespondWithErrorMessage( fmt.Sprintf("The post data is invalid: %v", err.Error()), http.StatusBadRequest, ) return } // Populate where applicable from auth and context m.Meta.CreatedByID = c.Auth.ProfileID m.Meta.Created = time.Now() status, err := m.Validate(c.Site.ID, false) if err != nil { c.RespondWithErrorDetail(err, status) return } // Start : Authorisation perms := models.GetPermission( models.MakeAuthorisationContext( c, 0, m.ItemTypeID, m.ItemID), ) if !perms.CanCreate { c.RespondWithErrorDetail( e.New( c.Site.ID, c.Auth.ProfileID, "comments.go::Create", e.NoCreate, "Not authorized to create comment: CanCreate false", ), http.StatusForbidden, ) return } // End : Authorisation // Create status, err = m.Insert(c.Site.ID) if err != nil { c.RespondWithErrorDetail(err, status) return } go audit.Create( c.Site.ID, h.ItemTypes[h.ItemTypeComment], m.ID, c.Auth.ProfileID, time.Now(), c.IP, ) // Send updates and register watcher if m.ItemTypeID == h.ItemTypes[h.ItemTypeHuddle] { models.RegisterWatcher( c.Auth.ProfileID, h.UpdateTypes[h.UpdateTypeNewCommentInHuddle], m.ItemID, m.ItemTypeID, c.Site.ID, ) go models.SendUpdatesForNewCommentInHuddle(c.Site.ID, m) models.MarkAsRead(h.ItemTypes[h.ItemTypeHuddle], m.ItemID, c.Auth.ProfileID, time.Now()) models.UpdateUnreadHuddleCount(c.Auth.ProfileID) } else { models.RegisterWatcher( c.Auth.ProfileID, h.UpdateTypes[h.UpdateTypeNewComment], m.ItemID, m.ItemTypeID, c.Site.ID, ) go models.SendUpdatesForNewCommentInItem(c.Site.ID, m) } if m.InReplyTo > 0 { go models.SendUpdatesForNewReplyToYourComment(c.Site.ID, m) } // Respond c.RespondWithSeeOther( fmt.Sprintf( "%s/%d", h.APITypeComment, m.ID, ), ) }