func (controller *usersController) editPost(rw http.ResponseWriter, req *http.Request) (int, error) { err := req.ParseForm() if err != nil { return http.StatusInternalServerError, err } decoder := schema.NewDecoder() // Ignore unknown keys to prevent errors from the CSRF token. decoder.IgnoreUnknownKeys(true) formUser := new(viewmodels.UsersEditViewModel) err = decoder.Decode(formUser, req.PostForm) if err != nil { return http.StatusInternalServerError, err } valErrors := validateUserForm(formUser, true) if len(valErrors) > 0 { isAuthenticated, user := getCurrentUser(rw, req, controller.authorizer) vm := viewmodels.EditUserViewModel(formUser, controller.roles, isAuthenticated, user, valErrors) vm.CsrfField = csrf.TemplateField(req) return http.StatusOK, controller.editTemplate.Execute(rw, vm) } // Update the user. err = controller.authorizer.Update(rw, req, formUser.Username, formUser.Password, formUser.Email) if err != nil { return http.StatusInternalServerError, err } http.Redirect(rw, req, "/settings/users", http.StatusSeeOther) return http.StatusSeeOther, nil }
func (controller *usersController) editGet(rw http.ResponseWriter, req *http.Request) (int, error) { vars := mux.Vars(req) username := vars["username"] // Get the user to edit editUser, err := controller.authBackend.User(username) if err != nil { return http.StatusInternalServerError, err } isAuthenticated, user := getCurrentUser(rw, req, controller.authorizer) userEdit := new(viewmodels.UsersEditViewModel) userEdit.Email = editUser.Email userEdit.Role = editUser.Role userEdit.Username = editUser.Username vm := viewmodels.EditUserViewModel(userEdit, controller.roles, isAuthenticated, user, make(map[string]string)) vm.CsrfField = csrf.TemplateField(req) return http.StatusOK, controller.editTemplate.Execute(rw, vm) }