aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjan <jan@ruken.pw>2016-11-14 17:56:30 (UTC)
committerjan <jan@ruken.pw>2016-11-14 17:56:30 (UTC)
commite4c8cc5ac6ec07eba501c83c7b07adcee25d0ab4 (patch)
tree6ef3f8461f535debca924f739bd7340c2588c6f7
parent5d4d9935cffa9a7cb8fe2a294e45959b43390ef2 (diff)
ups
Diffstat
-rw-r--r--assets_src/js/like.js4
-rw-r--r--modules/likes/likes.go25
-rw-r--r--views/includes/like.html2
3 files changed, 28 insertions, 3 deletions
diff --git a/assets_src/js/like.js b/assets_src/js/like.js
index feae345..a438182 100644
--- a/assets_src/js/like.js
+++ b/assets_src/js/like.js
@@ -79,9 +79,9 @@ dom.ready(() => {
79 const cap = dom.firstChild(el, e => e.classList.contains('like-caption')); 79 const cap = dom.firstChild(el, e => e.classList.contains('like-caption'));
80 if (cap) { 80 if (cap) {
81 el.addEventListener('mouseover', () => { 81 el.addEventListener('mouseover', () => {
82 cap.textContent = `${liked ? 'nicht mehr ' : ''}geil finden`; 82 cap.textContent = liked ? 'nicht mehr approven' : 'approven!';
83 }); 83 });
84 el.addEventListener('mouseout', () => cap.textContent = 'Finden das geil'); 84 el.addEventListener('mouseout', () => cap.textContent = 'approven');
85 } 85 }
86 } else { 86 } else {
87 el.classList.add('disabled'); 87 el.classList.add('disabled');
diff --git a/modules/likes/likes.go b/modules/likes/likes.go
index 4d69d7b..02cf9d5 100644
--- a/modules/likes/likes.go
+++ b/modules/likes/likes.go
@@ -106,6 +106,13 @@ func (m *Module) isLikedBy(w http.ResponseWriter, r *http.Request, p httprouter.
106 w.Write([]byte(fmt.Sprintf("%t", res > 0))) 106 w.Write([]byte(fmt.Sprintf("%t", res > 0)))
107} 107}
108func (m *Module) addLike(w http.ResponseWriter, r *http.Request, p httprouter.Params) { 108func (m *Module) addLike(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
109 user, _ := m.g.Charakterin.GetUserFromRequest(r)
110
111 if user == nil {
112 http.Error(w, "403", http.StatusForbidden)
113 return
114 }
115
109 params, err := readBody(r) 116 params, err := readBody(r)
110 if err != nil { 117 if err != nil {
111 log.Println(err) 118 log.Println(err)
@@ -130,6 +137,10 @@ func (m *Module) addLike(w http.ResponseWriter, r *http.Request, p httprouter.Pa
130 http.Error(w, "invalid user id", http.StatusBadRequest) 137 http.Error(w, "invalid user id", http.StatusBadRequest)
131 return 138 return
132 } 139 }
140 if user.ID != userId {
141 http.Error(w, "403", http.StatusForbidden)
142 return
143 }
133 144
134 _, err = m.g.DB.Exec(`INSERT INTO grilist.likes(content, "user", type) SELECT $1, $2, $3 WHERE NOT EXISTS (SELECT * FROM grilist.likes WHERE content = $1 AND "user" = $2 AND type = $3)`, contentId, userId, contentType) 145 _, err = m.g.DB.Exec(`INSERT INTO grilist.likes(content, "user", type) SELECT $1, $2, $3 WHERE NOT EXISTS (SELECT * FROM grilist.likes WHERE content = $1 AND "user" = $2 AND type = $3)`, contentId, userId, contentType)
135 if err != nil { 146 if err != nil {
@@ -142,19 +153,29 @@ func (m *Module) addLike(w http.ResponseWriter, r *http.Request, p httprouter.Pa
142} 153}
143 154
144func (m *Module) removeLike(w http.ResponseWriter, r *http.Request, p httprouter.Params) { 155func (m *Module) removeLike(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
156 user, _ := m.g.Charakterin.GetUserFromRequest(r)
157
158 if user == nil {
159 http.Error(w, "403", http.StatusForbidden)
160 return
161 }
162
145 params, err := readBody(r) 163 params, err := readBody(r)
146 if err != nil { 164 if err != nil {
165 log.Println(err)
147 http.Error(w, "invalid body", http.StatusBadRequest) 166 http.Error(w, "invalid body", http.StatusBadRequest)
148 return 167 return
149 } 168 }
150 169
151 contentId, err := strconv.Atoi(params.Get("id")) 170 contentId, err := strconv.Atoi(params.Get("id"))
152 if err != nil { 171 if err != nil {
172 log.Println(err)
153 http.Error(w, "invalid content id", http.StatusBadRequest) 173 http.Error(w, "invalid content id", http.StatusBadRequest)
154 return 174 return
155 } 175 }
156 contentType, err := strconv.Atoi(params.Get("type")) 176 contentType, err := strconv.Atoi(params.Get("type"))
157 if err != nil { 177 if err != nil {
178 log.Println(err)
158 http.Error(w, "invalid content type", http.StatusBadRequest) 179 http.Error(w, "invalid content type", http.StatusBadRequest)
159 return 180 return
160 } 181 }
@@ -163,6 +184,10 @@ func (m *Module) removeLike(w http.ResponseWriter, r *http.Request, p httprouter
163 http.Error(w, "invalid user id", http.StatusBadRequest) 184 http.Error(w, "invalid user id", http.StatusBadRequest)
164 return 185 return
165 } 186 }
187 if user.ID != userId {
188 http.Error(w, "403", http.StatusForbidden)
189 return
190 }
166 191
167 _, err = m.g.DB.Exec(`DELETE FROM grilist.likes WHERE content = $1 AND "user" = $2 AND type = $3`, contentId, userId, contentType) 192 _, err = m.g.DB.Exec(`DELETE FROM grilist.likes WHERE content = $1 AND "user" = $2 AND type = $3`, contentId, userId, contentType)
168 if err != nil { 193 if err != nil {
diff --git a/views/includes/like.html b/views/includes/like.html
index bfb9576..4399999 100644
--- a/views/includes/like.html
+++ b/views/includes/like.html
@@ -1,5 +1,5 @@
1{{ define "like" }} 1{{ define "like" }}
2<div class="like-div btn purple lighten-4" {{ if .User }}update-with="{{ .User.ID }}"{{ end }} content-type={{ .ContentType }} content-id={{ .ContentID }}> 2<div class="like-div btn purple lighten-4" {{ if .User }}update-with="{{ .User.ID }}"{{ end }} content-type={{ .ContentType }} content-id={{ .ContentID }}>
3 <span class="like-count"></span> <span class="like-caption">Finden das geil</span> 3 <span class="like-count"></span> <span class="like-caption">approven</span>
4</div> 4</div>
5{{ end }} 5{{ end }}
generated by cgit v0.10.1 at 2024-06-30 22:16:29 (UTC)