aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/lists/lists.go86
1 files changed, 52 insertions, 34 deletions
diff --git a/modules/lists/lists.go b/modules/lists/lists.go
index b40ee18..e1b806d 100644
--- a/modules/lists/lists.go
+++ b/modules/lists/lists.go
@@ -69,6 +69,7 @@ func (m *Module) Init(g *grilist.Grilist) {
69 m.g.Router.GET("/list/:id", m.viewList) 69 m.g.Router.GET("/list/:id", m.viewList)
70 m.g.Router.POST("/list/:id/order", m.updateGrilOrder) 70 m.g.Router.POST("/list/:id/order", m.updateGrilOrder)
71 m.g.Router.POST("/list/:id", m.addGrilToList) 71 m.g.Router.POST("/list/:id", m.addGrilToList)
72 m.g.Router.DELETE("/list/:id/order", m.removeGrilFromList)
72 m.g.Router.GET("/new/list", m.displayCreateList) 73 m.g.Router.GET("/new/list", m.displayCreateList)
73 m.g.Router.POST("/new/list", m.createList) 74 m.g.Router.POST("/new/list", m.createList)
74} 75}
@@ -248,6 +249,12 @@ func (m *Module) viewList(w http.ResponseWriter, r *http.Request, p httprouter.P
248 249
249func (m *Module) addGrilToList(w http.ResponseWriter, r *http.Request, p httprouter.Params) { 250func (m *Module) addGrilToList(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
250 slistID := p.ByName("id") 251 slistID := p.ByName("id")
252
253 user, err := m.g.Charakterin.GetUserFromRequest(r)
254 if err != nil {
255 http.Error(w, "403", http.StatusForbidden)
256 return
257 }
251 258
252 listID, err := strconv.Atoi(slistID) 259 listID, err := strconv.Atoi(slistID)
253 if err != nil { 260 if err != nil {
@@ -272,6 +279,11 @@ func (m *Module) addGrilToList(w http.ResponseWriter, r *http.Request, p httprou
272 http.Error(w, "invalid list", 404) 279 http.Error(w, "invalid list", 404)
273 return 280 return
274 } 281 }
282
283 if list.Owner.ID != user.ID {
284 http.Error(w, "403", http.StatusForbidden)
285 return
286 }
275 287
276 rank := 0 288 rank := 0
277 if len(list.Grils) > 0 { 289 if len(list.Grils) > 0 {
@@ -369,52 +381,58 @@ func (m *Module) updateGrilOrder(w http.ResponseWriter, r *http.Request, p httpr
369 return 381 return
370 } 382 }
371 383
372 diff, err := strconv.Atoi(values.Get("pos")) 384 pos, err := strconv.Atoi(values.Get("pos"))
373 if err != nil { 385 if err != nil {
374 http.Error(w, "invalid position diff", 400) 386 http.Error(w, "invalid position", 400)
375 return 387 return
376 } 388 }
389
390 // rein in die DB damit
391 _, err = m.g.DB.Query(`SELECT grilist.set_gril_order($1, $2, $3, $4)`, user.ID, listID, grilID, pos)
392 if err != nil {
393 log.Println("error reordering gril:", err)
394 http.Error(w, "could not update gril order", 500)
395 return
396 }
377 397
378 list, err := m.FromID(listID) 398 w.WriteHeader(200)
399 w.Write([]byte("ok"))
400 return
401}
402
403func (m *Module) removeGrilFromList(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
404 slistID := p.ByName("id")
405
406 listID, err := strconv.Atoi(slistID)
379 if err != nil { 407 if err != nil {
380 http.Error(w, "invalid list", 404) 408 http.Error(w, "invalid list ID (type mismatch)", 400)
381 return 409 return
382 } 410 }
383 411
384 // find the gril in our list 412 values, err := readBody(r)
385 var lgril *ListGril = nil 413 if err != nil {
386 log.Println(list.Grils) 414 http.Error(w, "invalid POST data", 400)
387 for _, g := range list.Grils { 415 return
388 if g.Gril.ID == grilID { 416 }
389 lgril = g
390 break
391 }
392 }
393 if lgril == nil {
394 http.Error(w, "gril not found in the list", 404)
395 return
396 }
397
398 newPos := lgril.Order + diff
399
400 if newPos < 0 {
401 newPos = 0
402 } else if newPos >= len(list.Grils) {
403 newPos = len(list.Grils) - 1
404 }
405
406 if newPos == lgril.Order {
407 http.Error(w, "no change in order", 400)
408 return
409 }
410 417
411 // rein in die DB damit 418 grilID, err := strconv.Atoi(values.Get("gril"))
412 _, err = m.g.DB.Query(`SELECT grilist.set_gril_order($1, $2, $3, $4)`, user.ID, listID, grilID, newPos)
413 if err != nil { 419 if err != nil {
414 log.Println("error reordering gril:", err) 420 http.Error(w, "invalid gril ID", 404)
415 http.Error(w, "could not update gril order", 500)
416 return 421 return
417 } 422 }
423
424 res, err := m.g.DB.Exec(`DELETE FROM grilist.lists_grils WHERE list_id=$1 AND gril_id=$2`, listID, grilID)
425 if err != nil {
426 log.Println("error removing gril:", err)
427 http.Error(w, "could not remove gril", 500)
428 return
429 }
430
431 if r, err := res.RowsAffected(); err != nil || r == 0 {
432 log.Println("invalid rows affected in removing gril")
433 http.Error(w, "gril not in list / other error", 500)
434 return
435 }
418 436
419 w.WriteHeader(200) 437 w.WriteHeader(200)
420 w.Write([]byte("ok")) 438 w.Write([]byte("ok"))