func (app *App) handleAllUserModels(w http.ResponseWriter, r *http.Request) { switch r.Method { case "GET": _, ok := app.getUser(r) if !ok { http.Error(w, "Unauthorized", http.StatusUnauthorized) return } // TODO // if u.Admin == false { // http.Error(w, "Unauthorized", http.StatusUnauthorized) // return // } tx, err := app.db.Begin() if err != nil { app.dbError(w, r, err) return } defer tx.Rollback() allUsers, err := db.AllUsers(tx) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } allModels := []db.Model{} for _, user := range allUsers { models, err := db.UserModels(tx, user.Name) for i, _ := range models { models[i].Owner = user.Name } if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } allModels = append(allModels, models...) } if err != nil { app.dbError(w, r, err) return } app.writeJson(w, allModels) default: http.Error(w, "I only respond to GETs", http.StatusNotImplemented) } }
func (app *App) handleUsersData(w http.ResponseWriter, r *http.Request) { // it's already implied that this user is an admin, we can skip auth switch r.Method { case "GET": tx, err := app.db.Begin() if err != nil { app.dbError(w, r, err) return } defer tx.Rollback() users, err := db.AllUsers(tx) if err != nil { app.dbError(w, r, err) return } // ViewUser is a type which is okay to display in the view. // It omits fields like "password" (because we would NEVER display // something like that). type ViewUser struct { Name string Email string Admin bool Apikey string ROApikey string } viewUsers := make([]ViewUser, len(users)) for i, user := range users { viewUsers[i] = ViewUser{ user.Name, user.Email, user.Admin, user.Apikey, user.ReadOnlyApikey, } } app.writeJson(w, viewUsers) default: http.Error(w, "I only respond to GETs", http.StatusNotImplemented) } }
func (app *App) handleModelSharedUsers(w http.ResponseWriter, r *http.Request) { switch r.Method { case "GET": reqUser, ok := app.getUser(r) if !ok { http.Error(w, "Unauthorized", http.StatusUnauthorized) return } if app.sharingDisabled { // If sharing is disabled return an empty list w.Write([]byte(`[]`)) return } modelname := mux.Vars(r)["name"] tx, err := app.db.Begin() if err != nil { app.dbError(w, r, err) return } defer tx.Rollback() users, err := db.ModelSharedUsers(tx, reqUser.Name, modelname) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } isShared := func(userId int64) bool { for _, user := range users { if user.Id == userId { return true } } return false } allUsers, err := db.AllUsers(tx) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } shared := []sharedUser{} for _, user := range allUsers { if user.Id == reqUser.Id { continue } shared = append(shared, sharedUser{ Id: user.Id, Name: user.Name, Shared: isShared(user.Id), }) } app.writeJson(w, shared) default: http.Error(w, "I only respond to GETs", http.StatusNotImplemented) } }
func (app *App) handleRegister(w http.ResponseWriter, r *http.Request) { // Register is only displayed if there are no users on the system. // It is only for the inital login. tx, err := app.db.Begin() if err != nil { app.dbError(w, r, err) return } defer tx.Rollback() users, err := db.AllUsers(tx) if err != nil { app.dbError(w, r, err) return } if len(users) != 0 { if r.Method == "GET" { http.Redirect(w, r, "/", http.StatusTemporaryRedirect) } else { http.Error(w, "Unauthorized", http.StatusUnauthorized) } return } if r.Method == "GET" { app.serveFile("register.html").ServeHTTP(w, r) return } else if r.Method != "POST" { http.Error(w, "I only respond to GET and POSTs", http.StatusNotImplemented) return } username := r.PostFormValue("username") pass := r.PostFormValue("password") email := r.PostFormValue("email") if username == "" { http.Error(w, "No username provided", http.StatusBadRequest) return } if pass == "" { http.Error(w, "Empty password provided", http.StatusBadRequest) return } hashedPass := phash.Gen(pass) user, err := db.NewUser(tx, username, hashedPass, email, true) if err != nil { http.Error(w, "Could not save user to database: "+err.Error(), http.StatusInternalServerError) return } if err := tx.Commit(); err != nil { app.dbError(w, r, err) return } u := &User{Id: user.Id, Name: user.Name} if err := app.setUser(r, w, u); err != nil { http.Error(w, "Failed to set session cookie: "+err.Error(), http.StatusInternalServerError) return } w.WriteHeader(http.StatusOK) }