sum7/warehost
sum7
/
warehost
Archived
1
0
Fork 0

[web] website crud

This commit is contained in:
Martin Geno 2016-09-03 16:30:48 +02:00
parent cd8a5fbf89
commit b3b7222187
7 changed files with 136 additions and 14 deletions

2
.gitignore vendored
View File

@ -1,4 +1,4 @@
/webroot
!/webroot
/web_webroot
cmd/warehost/warehost
cmd/warehost-web/warehost-web

View File

@ -1,6 +1,7 @@
package web
import (
"encoding/json"
"net/http"
"github.com/astaxie/session"
@ -33,7 +34,9 @@ func NewAPI(config *libconfig.Config, sessions *session.Manager, dbconnection *g
log: log.NewModulLog(MODULNAME),
}
router.GET(prefix+"/involve", libsystem.LoginHandler(api.Involve, sessions))
router.POST(prefix+"/web", libsystem.LoginHandler(api.WebsiteAdd, sessions))
router.POST(prefix+"/website", libsystem.LoginHandler(api.WebsiteAdd, sessions))
router.PUT(prefix+"/website/:websiteid", InvolveWebsiteHandler(api.WebsiteEdit, sessions, dbconnection))
router.DELETE(prefix+"/website/:websiteid", InvolveWebsiteHandler(api.WebsiteDelete, sessions, dbconnection))
}
// Involve to get Website where loggend in user has privilegs
@ -51,6 +54,73 @@ func (api *API) Involve(w http.ResponseWriter, r *http.Request, _ httprouter.Par
func (api *API) WebsiteAdd(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *libsystem.Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
returndata = false
logger := api.log.GetLog(r, "websiteadd")
logger.Warn("not implemented")
tx := api.dbconnection.Begin()
var websiteRequest Website
err := json.NewDecoder(r.Body).Decode(&websiteRequest)
if err != nil {
tx.Rollback()
logger.Error("fetch request")
http.Error(w, err.Error(), http.StatusInternalServerError)
returnerr = &libapi.ErrorResult{Message: "Internal Request Error"}
return
}
website := &Website{Name: websiteRequest.Name}
if err := tx.Create(website).Error; err != nil {
tx.Rollback()
logger.Error("error during Website")
returnerr = &libapi.ErrorResult{Message: "Internal Database Error"}
return
}
if err := tx.Create(&Manager{LoginID: login.ID, WebsiteID: website.ID}).Error; err != nil {
tx.Rollback()
logger.Error("error during Manager")
returnerr = &libapi.ErrorResult{Message: "Internal Database Error"}
return
}
tx.Commit()
returndata = true
logger.Info("okay")
return
}
// WebsiteEdit to edit website
func (api *API) WebsiteEdit(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *libsystem.Login, websiteid int64) (returndata interface{}, returnerr *libapi.ErrorResult) {
returndata = false
logger := api.log.GetLog(r, "websiteedit")
var websiteRequest Website
err := json.NewDecoder(r.Body).Decode(&websiteRequest)
if err != nil {
logger.Error("fetch request")
http.Error(w, err.Error(), http.StatusInternalServerError)
returnerr = &libapi.ErrorResult{Message: "Internal Request Error"}
return
}
websiteRequest.ID = websiteid
if err := api.dbconnection.Save(websiteRequest).Error; err != nil {
logger.Error("Database: during edit Website")
returnerr = &libapi.ErrorResult{Message: "Internal Database Error"}
return
}
returndata = true
logger.Warn("okay")
return
}
// WebsiteDelete to delete website
func (api *API) WebsiteDelete(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *libsystem.Login, websiteid int64) (returndata interface{}, returnerr *libapi.ErrorResult) {
returndata = false
logger := api.log.GetLog(r, "websitedelete")
website := &Website{
ID: websiteid,
}
if err := api.dbconnection.Unscoped().Delete(website).Error; err != nil {
logger.Error("database: during delete website")
returnerr = &libapi.ErrorResult{Message: "Internal Database Error"}
return
}
returndata = true
logger.Warn("okay")
return
}

View File

@ -1 +1,50 @@
package web
import (
"net/http"
"strconv"
"github.com/astaxie/session"
"github.com/jinzhu/gorm"
"github.com/julienschmidt/httprouter"
libapi "dev.sum7.de/sum7/warehost/lib/api"
log "dev.sum7.de/sum7/warehost/lib/log"
libsystem "dev.sum7.de/sum7/warehost/system"
)
// Handle to handle request with session and current logged in user
type Handle func(w http.ResponseWriter, r *http.Request, ps httprouter.Params, sess session.Session, login *libsystem.Login, id int64) (interface{}, *libapi.ErrorResult)
//InvolveWebsiteHandler for api function to Verifie User ist loggedin
func InvolveWebsiteHandler(h Handle, sessions *session.Manager, dbconnection *gorm.DB) httprouter.Handle {
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
sess := sessions.SessionStart(w, r)
err := &libapi.ErrorResult{Fields: []string{"session"}, Message: "Not logged in"}
var data interface{}
data = false
if login := sess.Get("login"); login != nil {
if loginObj := login.(libsystem.Login); loginObj.Active {
id, errI := strconv.ParseInt(ps.ByName("websiteid"), 10, 64)
if errI != nil {
err = &libapi.ErrorResult{Fields: []string{"websiteid"}, Message: "Not a valid websiteid"}
log.Log.Warn("invalid websiteid, no integer")
} else {
res := dbconnection.Where(map[string]int64{"website": id, "login": loginObj.ID}).Find(&Manager{})
if !res.RecordNotFound() {
data, err = h(w, r, ps, sess, &loginObj, id)
} else {
err = &libapi.ErrorResult{Fields: []string{"permission"}, Message: "No permission"}
log.Log.Info("no Permissions")
}
}
} else {
log.Log.Warn("user not active")
}
} else {
log.Log.Warn("not loggedin")
}
libapi.JSONOutput(w, r, sess, data, err)
}
}

View File

@ -158,13 +158,13 @@ func (api *API) Password(w http.ResponseWriter, r *http.Request, _ httprouter.Pa
func (api *API) Delete(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
returndata = false
logger := api.log.GetLog(r, "delete")
logger.Warn("login delete")
sess.Delete("login")
if err := api.dbconnection.Unscoped().Delete(login).Error; err != nil {
logger.Warn("error detete login")
returnerr = &libapi.ErrorResult{Message: "Error delete login"}
return
}
logger.Warn("login delete")
returndata = true
return
}
@ -217,8 +217,7 @@ func (api *API) InviteAdd(w http.ResponseWriter, r *http.Request, _ httprouter.P
func (api *API) LoginEdit(w http.ResponseWriter, r *http.Request, ps httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
returndata = false
logger := api.log.GetLog(r, "loginedit")
tmpID64, err := strconv.ParseUint(ps.ByName("id"), 10, 32)
id := uint(tmpID64)
id, err := strconv.ParseInt(ps.ByName("id"), 10, 64)
if err != nil {
returnerr = &libapi.ErrorResult{Message: "Error invalid input"}
logger.Warn("invalid userinput, no integer")
@ -236,7 +235,7 @@ func (api *API) LoginEdit(w http.ResponseWriter, r *http.Request, ps httprouter.
}
api.dbconnection.Where("id = ?", invitedLogin.ID).First(&invitedLogin)
invite := login.GetInvitedby(api.dbconnection)
invite := invitedLogin.GetInvitedby(api.dbconnection)
if !login.Superadmin && !invite.Admin && invitedLogin.CreateAt.Before(invitedLogin.LastLoginAt) {
logger.Warn("no permission")
returnerr = &libapi.ErrorResult{Message: "Error no permission to edit this invite"}
@ -262,8 +261,7 @@ func (api *API) LoginEdit(w http.ResponseWriter, r *http.Request, ps httprouter.
func (api *API) LoginDelete(w http.ResponseWriter, r *http.Request, ps httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
returndata = false
logger := api.log.GetLog(r, "logindelete")
tmpID64, err := strconv.ParseUint(ps.ByName("id"), 10, 32)
id := uint(tmpID64)
id, err := strconv.ParseInt(ps.ByName("id"), 10, 64)
if err != nil {
returnerr = &libapi.ErrorResult{Message: "Error invalid input"}
logger.Warn("invalid userinput, no integer")
@ -272,7 +270,7 @@ func (api *API) LoginDelete(w http.ResponseWriter, r *http.Request, ps httproute
logger = logger.WithField("id", id)
var invitedLogin = Login{ID: id}
api.dbconnection.Where("id = ?", invitedLogin.ID).First(&invitedLogin)
invite := login.GetInvitedby(api.dbconnection)
invite := invitedLogin.GetInvitedby(api.dbconnection)
if !login.Superadmin && !invite.Admin && invitedLogin.CreateAt.Before(invitedLogin.LastLoginAt) {
logger.Warn("no permission")
returnerr = &libapi.ErrorResult{Message: "Error no permission to delete this invite"}

View File

@ -7,6 +7,7 @@ import (
"github.com/julienschmidt/httprouter"
libapi "dev.sum7.de/sum7/warehost/lib/api"
log "dev.sum7.de/sum7/warehost/lib/log"
)
// Handle to handle request with session and current logged in user
@ -23,7 +24,11 @@ func LoginHandler(h Handle, sessions *session.Manager) httprouter.Handle {
if login := sess.Get("login"); login != nil {
if loginObj := login.(Login); loginObj.Active {
data, err = h(w, r, ps, sess, &loginObj)
} else {
log.Log.Warn("user not active")
}
} else {
log.Log.Warn("not loggedin")
}
libapi.JSONOutput(w, r, sess, data, err)
}

View File

@ -34,7 +34,7 @@ type ChangePasswordRequest struct {
// Login found
type Login struct {
ID uint
ID int64
Username string `gorm:"type:varchar(255);unique;column:mail" json:"username"`
Password string `gorm:"type:varchar(255);column:password" json:"-"`
Active bool `gorm:"default:false;column:active" json:"active"`
@ -47,9 +47,9 @@ type Login struct {
// Invite struct
type Invite struct {
LoginID uint `sql:"type:bigint REFERENCES login(id) ON UPDATE CASCADE ON DELETE CASCADE;column:login;primary_key"`
LoginID int64 `sql:"type:bigint REFERENCES login(id) ON UPDATE CASCADE ON DELETE CASCADE;column:login;primary_key"`
Login Login `gorm:"column:login" json:"login"`
InvitedID uint `sql:"type:bigint REFERENCES login(id) ON UPDATE CASCADE ON DELETE CASCADE;column:invited;primary_key"`
InvitedID int64 `sql:"type:bigint REFERENCES login(id) ON UPDATE CASCADE ON DELETE CASCADE;column:invited;primary_key"`
Invited Login `gorm:"column:invited" json:"invited"`
Admin bool `sql:"default:false" json:"admin"`
}

@ -1 +1 @@
Subproject commit 908f09a014e1ad086771b11b0931929e844ffe25
Subproject commit c9fd753cfa6904337406706a94dbc5f4af43d4bb