diff options
author | jan <jan@ruken.pw> | 2016-11-14 17:56:30 (UTC) |
---|---|---|
committer | rtz12 <koenig@fagott.pw> | 2016-11-15 17:52:28 (UTC) |
commit | 1dc23782f253352a61825ffa458d39217831cbf7 (patch) | |
tree | 3f2bf8f5612334833fbe33d775ad6b86da4c12a6 /modules/likes | |
parent | 0f62ade5a05c755f18fd4d16a2a280b7870b08b7 (diff) |
ups
Diffstat (limited to 'modules/likes')
-rw-r--r-- | modules/likes/likes.go | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/modules/likes/likes.go b/modules/likes/likes.go index 4d69d7b..02cf9d5 100644 --- a/modules/likes/likes.go +++ b/modules/likes/likes.go | |||
@@ -106,6 +106,13 @@ func (m *Module) isLikedBy(w http.ResponseWriter, r *http.Request, p httprouter. | |||
106 | w.Write([]byte(fmt.Sprintf("%t", res > 0))) | 106 | w.Write([]byte(fmt.Sprintf("%t", res > 0))) |
107 | } | 107 | } |
108 | func (m *Module) addLike(w http.ResponseWriter, r *http.Request, p httprouter.Params) { | 108 | func (m *Module) addLike(w http.ResponseWriter, r *http.Request, p httprouter.Params) { |
109 | user, _ := m.g.Charakterin.GetUserFromRequest(r) | ||
110 | |||
111 | if user == nil { | ||
112 | http.Error(w, "403", http.StatusForbidden) | ||
113 | return | ||
114 | } | ||
115 | |||
109 | params, err := readBody(r) | 116 | params, err := readBody(r) |
110 | if err != nil { | 117 | if err != nil { |
111 | log.Println(err) | 118 | log.Println(err) |
@@ -130,6 +137,10 @@ func (m *Module) addLike(w http.ResponseWriter, r *http.Request, p httprouter.Pa | |||
130 | http.Error(w, "invalid user id", http.StatusBadRequest) | 137 | http.Error(w, "invalid user id", http.StatusBadRequest) |
131 | return | 138 | return |
132 | } | 139 | } |
140 | if user.ID != userId { | ||
141 | http.Error(w, "403", http.StatusForbidden) | ||
142 | return | ||
143 | } | ||
133 | 144 | ||
134 | _, err = m.g.DB.Exec(`INSERT INTO grilist.likes(content, "user", type) SELECT $1, $2, $3 WHERE NOT EXISTS (SELECT * FROM grilist.likes WHERE content = $1 AND "user" = $2 AND type = $3)`, contentId, userId, contentType) | 145 | _, err = m.g.DB.Exec(`INSERT INTO grilist.likes(content, "user", type) SELECT $1, $2, $3 WHERE NOT EXISTS (SELECT * FROM grilist.likes WHERE content = $1 AND "user" = $2 AND type = $3)`, contentId, userId, contentType) |
135 | if err != nil { | 146 | if err != nil { |
@@ -142,19 +153,29 @@ func (m *Module) addLike(w http.ResponseWriter, r *http.Request, p httprouter.Pa | |||
142 | } | 153 | } |
143 | 154 | ||
144 | func (m *Module) removeLike(w http.ResponseWriter, r *http.Request, p httprouter.Params) { | 155 | func (m *Module) removeLike(w http.ResponseWriter, r *http.Request, p httprouter.Params) { |
156 | user, _ := m.g.Charakterin.GetUserFromRequest(r) | ||
157 | |||
158 | if user == nil { | ||
159 | http.Error(w, "403", http.StatusForbidden) | ||
160 | return | ||
161 | } | ||
162 | |||
145 | params, err := readBody(r) | 163 | params, err := readBody(r) |
146 | if err != nil { | 164 | if err != nil { |
165 | log.Println(err) | ||
147 | http.Error(w, "invalid body", http.StatusBadRequest) | 166 | http.Error(w, "invalid body", http.StatusBadRequest) |
148 | return | 167 | return |
149 | } | 168 | } |
150 | 169 | ||
151 | contentId, err := strconv.Atoi(params.Get("id")) | 170 | contentId, err := strconv.Atoi(params.Get("id")) |
152 | if err != nil { | 171 | if err != nil { |
172 | log.Println(err) | ||
153 | http.Error(w, "invalid content id", http.StatusBadRequest) | 173 | http.Error(w, "invalid content id", http.StatusBadRequest) |
154 | return | 174 | return |
155 | } | 175 | } |
156 | contentType, err := strconv.Atoi(params.Get("type")) | 176 | contentType, err := strconv.Atoi(params.Get("type")) |
157 | if err != nil { | 177 | if err != nil { |
178 | log.Println(err) | ||
158 | http.Error(w, "invalid content type", http.StatusBadRequest) | 179 | http.Error(w, "invalid content type", http.StatusBadRequest) |
159 | return | 180 | return |
160 | } | 181 | } |
@@ -163,6 +184,10 @@ func (m *Module) removeLike(w http.ResponseWriter, r *http.Request, p httprouter | |||
163 | http.Error(w, "invalid user id", http.StatusBadRequest) | 184 | http.Error(w, "invalid user id", http.StatusBadRequest) |
164 | return | 185 | return |
165 | } | 186 | } |
187 | if user.ID != userId { | ||
188 | http.Error(w, "403", http.StatusForbidden) | ||
189 | return | ||
190 | } | ||
166 | 191 | ||
167 | _, err = m.g.DB.Exec(`DELETE FROM grilist.likes WHERE content = $1 AND "user" = $2 AND type = $3`, contentId, userId, contentType) | 192 | _, err = m.g.DB.Exec(`DELETE FROM grilist.likes WHERE content = $1 AND "user" = $2 AND type = $3`, contentId, userId, contentType) |
168 | if err != nil { | 193 | if err != nil { |