// Update handles PUT
func (ctl *AttendeeController) Update(c *models.Context) {
// Verify ID is a positive integer
eventID, err := strconv.ParseInt(c.RouteVars["event_id"], 10, 64)
if err != nil {
c.RespondWithErrorMessage(
fmt.Sprintf("The supplied event_id ('%s') is not a number.", c.RouteVars["event_id"]),
http.StatusBadRequest,
)
return
}
m := models.AttendeeType{}
err = c.Fill(&m)
if err != nil {
c.RespondWithErrorMessage(
fmt.Sprintf("The post data is invalid: %v", err.Error()),
http.StatusBadRequest,
)
return
}
// Start Authorisation
perms := models.GetPermission(
models.MakeAuthorisationContext(
c, 0, h.ItemTypes[h.ItemTypeEvent], eventID),
)
if !perms.CanUpdate {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
if perms.IsOwner || perms.IsModerator || perms.IsSiteOwner {
if m.ProfileID != c.Auth.ProfileID && m.RSVP == "yes" {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
} else {
if m.ProfileID != c.Auth.ProfileID {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
}
_, status, err := models.GetProfileSummary(c.Site.ID, m.ProfileID)
if err != nil {
c.RespondWithErrorMessage(h.NoAuthMessage, status)
return
}
// End Authorisation
// Populate where applicable from auth and context
t := time.Now()
m.EventID = eventID
m.Meta.CreatedByID = c.Auth.ProfileID
m.Meta.Created = t
m.Meta.EditedByNullable = sql.NullInt64{Int64: c.Auth.ProfileID, Valid: true}
m.Meta.EditedNullable = pq.NullTime{Time: t, Valid: true}
status, err = m.Update(c.Site.ID)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
if m.RSVP == "yes" {
go models.SendUpdatesForNewAttendeeInAnEvent(c.Site.ID, m)
}
audit.Replace(
c.Site.ID,
h.ItemTypes[h.ItemTypeAttendee],
m.ID,
c.Auth.ProfileID,
time.Now(),
c.IP,
)
c.RespondWithSeeOther(
fmt.Sprintf("%s/%d", fmt.Sprintf(h.APITypeAttendee, m.EventID), m.ProfileID),
)
}
// UpdateMany handles PUT on the collection
func (ctl *AttendeesController) UpdateMany(c *models.Context) {
// Verify event_id is a positive integer
eventID, err := strconv.ParseInt(c.RouteVars["event_id"], 10, 64)
if err != nil {
glog.Errorln(err.Error())
c.RespondWithErrorMessage(
fmt.Sprintf("The supplied event ID ('%s') is not a number.", c.RouteVars["event_id"]),
http.StatusBadRequest,
)
return
}
ems := []models.AttendeeType{}
err = c.Fill(&ems)
if err != nil {
glog.Errorln(err.Error())
c.RespondWithErrorMessage(
fmt.Sprintf("The post data is invalid: %v", err.Error()),
http.StatusBadRequest,
)
return
}
// Start : Authorisation
perms := models.GetPermission(
models.MakeAuthorisationContext(
c, 0, h.ItemTypes[h.ItemTypeEvent], eventID),
)
if !perms.CanCreate {
c.RespondWithErrorDetail(
e.New(c.Site.ID, c.Auth.ProfileID, "attendees.go::UpdateMany", e.NoCreate, "Not authorized to create attendee: CanCreate false"),
http.StatusForbidden,
)
return
}
// Everyone can set self to any status. Event/site owners can set people to any status apart from 'attending'.
// Also check that profile exists on site.
if perms.IsOwner || perms.IsModerator || perms.IsSiteOwner {
for _, m := range ems {
if m.ProfileID != c.Auth.ProfileID && m.RSVP == "yes" {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
_, status, err := models.GetProfileSummary(c.Site.ID, m.ProfileID)
if err != nil {
c.RespondWithErrorMessage(h.NoAuthMessage, status)
return
}
}
} else {
for _, m := range ems {
if m.ProfileID != c.Auth.ProfileID {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
_, status, err := models.GetProfileSummary(c.Site.ID, m.ProfileID)
if err != nil {
c.RespondWithErrorMessage(h.NoAuthMessage, status)
return
}
}
}
// End : Authorisation
t := time.Now()
// Populate where applicable from auth and context
for i := range ems {
ems[i].EventID = eventID
ems[i].Meta.CreatedByID = c.Auth.ProfileID
ems[i].Meta.Created = t
ems[i].Meta.EditedNullable = pq.NullTime{Time: t, Valid: true}
ems[i].Meta.EditedByNullable = sql.NullInt64{Int64: c.Auth.ProfileID, Valid: true}
}
status, err := models.UpdateManyAttendees(c.Site.ID, ems)
if err != nil {
glog.Error(err)
c.RespondWithErrorDetail(err, status)
return
}
for _, m := range ems {
if m.RSVP == "yes" {
go models.SendUpdatesForNewAttendeeInAnEvent(c.Site.ID, m)
// The new attendee should be following the event now
go models.RegisterWatcher(
m.ProfileID,
h.UpdateTypes[h.UpdateTypeEventReminder],
m.EventID,
h.ItemTypes[h.ItemTypeEvent],
c.Site.ID,
)
}
audit.Replace(
c.Site.ID,
h.ItemTypes[h.ItemTypeAttendee],
m.ID,
c.Auth.ProfileID,
time.Now(),
c.IP,
)
}
c.RespondWithOK()
}
