From edccb755f60fd135e09db5c60385961eccc72818 Mon Sep 17 00:00:00 2001 From: jan Date: Wed, 12 Oct 2016 16:19:30 +0200 Subject: bisschen cleanup, RemoveGrilFromList wird jetzt auch gecheckt auf list owner diff --git a/modules/grils/grils.go b/modules/grils/grils.go index 4a9990f..d68c6df 100644 --- a/modules/grils/grils.go +++ b/modules/grils/grils.go @@ -15,6 +15,7 @@ import ( "fagott.pw/grilist/frontend" "fagott.pw/grilist/grilist" "fagott.pw/grilist/models" + "fagott.pw/grilist/util" "github.com/julienschmidt/httprouter" ) @@ -239,9 +240,8 @@ func (m *GrilsModule) FromIDs(ids []int) ([]*models.Gril, error) { func (m *GrilsModule) viewGril(w http.ResponseWriter, r *http.Request, p httprouter.Params) { user, _ := m.g.Charakterin.GetUserFromRequest(r) el := m.g.EventLogger(r) - sid := p.ByName("id") - id, err := strconv.Atoi(sid) + id, err := util.ParseIDFromParams(p) if err != nil { http.Redirect(w, r, "/", 302) return diff --git a/modules/lists/lists.go b/modules/lists/lists.go index cf6d7c5..39cc4d0 100644 --- a/modules/lists/lists.go +++ b/modules/lists/lists.go @@ -18,6 +18,7 @@ import ( "fagott.pw/grilist/grilist" "fagott.pw/grilist/models" "fagott.pw/grilist/modules/grils" + "fagott.pw/grilist/util" "github.com/julienschmidt/httprouter" ) @@ -243,9 +244,7 @@ func (m *Module) ProvideDashboardData(user *charakterin.User) []grilist.Dashboar func (m *Module) viewList(w http.ResponseWriter, r *http.Request, p httprouter.Params) { user, _ := m.g.Charakterin.GetUserFromRequest(r) el := m.g.EventLogger(r) - sid := p.ByName("id") - - id, err := strconv.Atoi(sid) + id, err := util.ParseIDFromParams(p) if err != nil { log.Println("redir") http.Redirect(w, r, "/", 302) @@ -283,7 +282,7 @@ func (m *Module) deleteList(w http.ResponseWriter, r *http.Request, p httprouter return } - id, err := strconv.Atoi(p.ByName("id")) + id, err := util.ParseIDFromParams(p) if err != nil { log.Println("invalid deleteList ID") http.Redirect(w, r, "/", 400) @@ -370,7 +369,7 @@ func (m *Module) updateListSettings(w http.ResponseWriter, r *http.Request, p ht return } - id, err := strconv.Atoi(p.ByName("id")) + id, err := util.ParseIDFromParams(p) if err != nil { log.Println("invalid updateListSettings ID") http.Redirect(w, r, "/", 400) @@ -477,7 +476,6 @@ func (m *Module) updateListSettings(w http.ResponseWriter, r *http.Request, p ht func (m *Module) addGrilToList(w http.ResponseWriter, r *http.Request, p httprouter.Params) { el := m.g.EventLogger(r) - slistID := p.ByName("id") user, err := m.g.Charakterin.GetUserFromRequest(r) if err != nil { @@ -485,7 +483,7 @@ func (m *Module) addGrilToList(w http.ResponseWriter, r *http.Request, p httprou return } - listID, err := strconv.Atoi(slistID) + listID, err := util.ParseIDFromParams(p) if err != nil { log.Println("invalid list id") return @@ -596,7 +594,6 @@ func (m *Module) createList(w http.ResponseWriter, r *http.Request, p httprouter func (m *Module) updateGrilOrder(w http.ResponseWriter, r *http.Request, p httprouter.Params) { el := m.g.EventLogger(r) - slistID := p.ByName("id") user, err := m.g.Charakterin.GetUserFromRequest(r) if err != nil { @@ -604,7 +601,7 @@ func (m *Module) updateGrilOrder(w http.ResponseWriter, r *http.Request, p httpr return } - listID, err := strconv.Atoi(slistID) + listID, err := util.ParseIDFromParams(p) if err != nil { http.Error(w, "invalid list ID (type mismatch)", 400) return @@ -664,7 +661,6 @@ func (m *Module) updateGrilOrder(w http.ResponseWriter, r *http.Request, p httpr func (m *Module) removeGrilFromList(w http.ResponseWriter, r *http.Request, p httprouter.Params) { el := m.g.EventLogger(r) - slistID := p.ByName("id") user, err := m.g.Charakterin.GetUserFromRequest(r) if err != nil { @@ -672,12 +668,17 @@ func (m *Module) removeGrilFromList(w http.ResponseWriter, r *http.Request, p ht return } - listID, err := strconv.Atoi(slistID) + listID, err := util.ParseIDFromParams(p) if err != nil { http.Error(w, "invalid list ID (type mismatch)", 400) return } - //TODO: noch mal gucken ob der User Rechte hat + + list, err := m.FromID(listID, false) + if err != nil { + http.Error(w, "list not found", 404) + return + } values, err := readBody(r) if err != nil { @@ -704,10 +705,7 @@ func (m *Module) removeGrilFromList(w http.ResponseWriter, r *http.Request, p ht return } - if l, ok := m.c.Get(listID); ok { - ls := l.(*models.List) - ls.Grils = ls.Grils[:0] - } + list.Grils = list.Grils[:0] w.WriteHeader(200) w.Write([]byte("ok")) diff --git a/modules/user/user.go b/modules/user/user.go index 9a9a3b6..59e0631 100644 --- a/modules/user/user.go +++ b/modules/user/user.go @@ -3,11 +3,11 @@ package user import ( "log" "net/http" - "strconv" "fagott.pw/charakterin" "fagott.pw/grilist/grilist" "fagott.pw/grilist/modules/lists" + "fagott.pw/grilist/util" "github.com/julienschmidt/httprouter" ) @@ -45,7 +45,7 @@ func (m *Module) ProvideDashboardData(user *charakterin.User) []grilist.Dashboar func (m *Module) viewUser(w http.ResponseWriter, r *http.Request, p httprouter.Params) { currentUser, _ := m.g.Charakterin.GetUserFromRequest(r) - userID, err := strconv.Atoi(p.ByName("id")) + userID, err := util.ParseIDFromParams(p) if err != nil { http.Redirect(w, r, "/", 302) return diff --git a/util/util.go b/util/util.go new file mode 100644 index 0000000..f3845c9 --- /dev/null +++ b/util/util.go @@ -0,0 +1,25 @@ +package util + +import ( + "errors" + "strconv" + + "github.com/julienschmidt/httprouter" +) + +func ParseNumberFromParams(name string, p httprouter.Params, unsigned bool) (int, error) { + snum := p.ByName(name) + num, err := strconv.Atoi(snum) + if err != nil { + return 0, err + } + + if unsigned && num < 0 { + return 0, errors.New("number is negative") + } + return num, err +} + +func ParseIDFromParams(p httprouter.Params) (int, error) { + return ParseNumberFromParams("id", p, true) +} -- cgit v0.10.1