diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/lists/lists.go | 86 |
1 files changed, 52 insertions, 34 deletions
diff --git a/modules/lists/lists.go b/modules/lists/lists.go index b40ee18..e1b806d 100644 --- a/modules/lists/lists.go +++ b/modules/lists/lists.go | |||
@@ -69,6 +69,7 @@ func (m *Module) Init(g *grilist.Grilist) { | |||
69 | m.g.Router.GET("/list/:id", m.viewList) | 69 | m.g.Router.GET("/list/:id", m.viewList) |
70 | m.g.Router.POST("/list/:id/order", m.updateGrilOrder) | 70 | m.g.Router.POST("/list/:id/order", m.updateGrilOrder) |
71 | m.g.Router.POST("/list/:id", m.addGrilToList) | 71 | m.g.Router.POST("/list/:id", m.addGrilToList) |
72 | m.g.Router.DELETE("/list/:id/order", m.removeGrilFromList) | ||
72 | m.g.Router.GET("/new/list", m.displayCreateList) | 73 | m.g.Router.GET("/new/list", m.displayCreateList) |
73 | m.g.Router.POST("/new/list", m.createList) | 74 | m.g.Router.POST("/new/list", m.createList) |
74 | } | 75 | } |
@@ -248,6 +249,12 @@ func (m *Module) viewList(w http.ResponseWriter, r *http.Request, p httprouter.P | |||
248 | 249 | ||
249 | func (m *Module) addGrilToList(w http.ResponseWriter, r *http.Request, p httprouter.Params) { | 250 | func (m *Module) addGrilToList(w http.ResponseWriter, r *http.Request, p httprouter.Params) { |
250 | slistID := p.ByName("id") | 251 | slistID := p.ByName("id") |
252 | |||
253 | user, err := m.g.Charakterin.GetUserFromRequest(r) | ||
254 | if err != nil { | ||
255 | http.Error(w, "403", http.StatusForbidden) | ||
256 | return | ||
257 | } | ||
251 | 258 | ||
252 | listID, err := strconv.Atoi(slistID) | 259 | listID, err := strconv.Atoi(slistID) |
253 | if err != nil { | 260 | if err != nil { |
@@ -272,6 +279,11 @@ func (m *Module) addGrilToList(w http.ResponseWriter, r *http.Request, p httprou | |||
272 | http.Error(w, "invalid list", 404) | 279 | http.Error(w, "invalid list", 404) |
273 | return | 280 | return |
274 | } | 281 | } |
282 | |||
283 | if list.Owner.ID != user.ID { | ||
284 | http.Error(w, "403", http.StatusForbidden) | ||
285 | return | ||
286 | } | ||
275 | 287 | ||
276 | rank := 0 | 288 | rank := 0 |
277 | if len(list.Grils) > 0 { | 289 | if len(list.Grils) > 0 { |
@@ -369,52 +381,58 @@ func (m *Module) updateGrilOrder(w http.ResponseWriter, r *http.Request, p httpr | |||
369 | return | 381 | return |
370 | } | 382 | } |
371 | 383 | ||
372 | diff, err := strconv.Atoi(values.Get("pos")) | 384 | pos, err := strconv.Atoi(values.Get("pos")) |
373 | if err != nil { | 385 | if err != nil { |
374 | http.Error(w, "invalid position diff", 400) | 386 | http.Error(w, "invalid position", 400) |
375 | return | 387 | return |
376 | } | 388 | } |
389 | |||
390 | // rein in die DB damit | ||
391 | _, err = m.g.DB.Query(`SELECT grilist.set_gril_order($1, $2, $3, $4)`, user.ID, listID, grilID, pos) | ||
392 | if err != nil { | ||
393 | log.Println("error reordering gril:", err) | ||
394 | http.Error(w, "could not update gril order", 500) | ||
395 | return | ||
396 | } | ||
377 | 397 | ||
378 | list, err := m.FromID(listID) | 398 | w.WriteHeader(200) |
399 | w.Write([]byte("ok")) | ||
400 | return | ||
401 | } | ||
402 | |||
403 | func (m *Module) removeGrilFromList(w http.ResponseWriter, r *http.Request, p httprouter.Params) { | ||
404 | slistID := p.ByName("id") | ||
405 | |||
406 | listID, err := strconv.Atoi(slistID) | ||
379 | if err != nil { | 407 | if err != nil { |
380 | http.Error(w, "invalid list", 404) | 408 | http.Error(w, "invalid list ID (type mismatch)", 400) |
381 | return | 409 | return |
382 | } | 410 | } |
383 | 411 | ||
384 | // find the gril in our list | 412 | values, err := readBody(r) |
385 | var lgril *ListGril = nil | 413 | if err != nil { |
386 | log.Println(list.Grils) | 414 | http.Error(w, "invalid POST data", 400) |
387 | for _, g := range list.Grils { | 415 | return |
388 | if g.Gril.ID == grilID { | 416 | } |
389 | lgril = g | ||
390 | break | ||
391 | } | ||
392 | } | ||
393 | if lgril == nil { | ||
394 | http.Error(w, "gril not found in the list", 404) | ||
395 | return | ||
396 | } | ||
397 | |||
398 | newPos := lgril.Order + diff | ||
399 | |||
400 | if newPos < 0 { | ||
401 | newPos = 0 | ||
402 | } else if newPos >= len(list.Grils) { | ||
403 | newPos = len(list.Grils) - 1 | ||
404 | } | ||
405 | |||
406 | if newPos == lgril.Order { | ||
407 | http.Error(w, "no change in order", 400) | ||
408 | return | ||
409 | } | ||
410 | 417 | ||
411 | // rein in die DB damit | 418 | grilID, err := strconv.Atoi(values.Get("gril")) |
412 | _, err = m.g.DB.Query(`SELECT grilist.set_gril_order($1, $2, $3, $4)`, user.ID, listID, grilID, newPos) | ||
413 | if err != nil { | 419 | if err != nil { |
414 | log.Println("error reordering gril:", err) | 420 | http.Error(w, "invalid gril ID", 404) |
415 | http.Error(w, "could not update gril order", 500) | ||
416 | return | 421 | return |
417 | } | 422 | } |
423 | |||
424 | res, err := m.g.DB.Exec(`DELETE FROM grilist.lists_grils WHERE list_id=$1 AND gril_id=$2`, listID, grilID) | ||
425 | if err != nil { | ||
426 | log.Println("error removing gril:", err) | ||
427 | http.Error(w, "could not remove gril", 500) | ||
428 | return | ||
429 | } | ||
430 | |||
431 | if r, err := res.RowsAffected(); err != nil || r == 0 { | ||
432 | log.Println("invalid rows affected in removing gril") | ||
433 | http.Error(w, "gril not in list / other error", 500) | ||
434 | return | ||
435 | } | ||
418 | 436 | ||
419 | w.WriteHeader(200) | 437 | w.WriteHeader(200) |
420 | w.Write([]byte("ok")) | 438 | w.Write([]byte("ok")) |