mirror of
https://github.com/notherealmarco/WASAPhoto.git
synced 2025-03-13 13:35:23 +01:00
120 lines
3.4 KiB
Go
120 lines
3.4 KiB
Go
package api
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
|
|
"github.com/julienschmidt/httprouter"
|
|
"github.com/notherealmarco/WASAPhoto/service/api/authorization"
|
|
"github.com/notherealmarco/WASAPhoto/service/api/helpers"
|
|
"github.com/notherealmarco/WASAPhoto/service/api/reqcontext"
|
|
"github.com/notherealmarco/WASAPhoto/service/database"
|
|
)
|
|
|
|
func (rt *_router) GetUserBans(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) {
|
|
|
|
// Get user id
|
|
uid := ps.ByName("user_id")
|
|
|
|
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
|
|
// A user should not be able to see other users' bans
|
|
return
|
|
}
|
|
|
|
// Get limits, or use default values
|
|
start_index, limit, err := helpers.GetLimits(r.URL.Query())
|
|
|
|
if err != nil {
|
|
// Send error if the limits are specified but invalid
|
|
helpers.SendBadRequest(w, "Invalid start_index or limit value", rt.baseLogger)
|
|
return
|
|
}
|
|
|
|
// Get bans
|
|
// We don't need to check if the user exists, because the authorization middleware already did that
|
|
bans, err := rt.db.GetUserBans(uid, start_index, limit)
|
|
|
|
if err != nil {
|
|
helpers.SendInternalError(err, "Database error: GetUserBans", w, rt.baseLogger)
|
|
return
|
|
}
|
|
|
|
// Return ban list
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(http.StatusOK) // is it needed?
|
|
|
|
err = json.NewEncoder(w).Encode(bans) // write the response
|
|
|
|
if err != nil {
|
|
helpers.SendInternalError(err, "Error encoding json", w, rt.baseLogger)
|
|
return
|
|
}
|
|
}
|
|
|
|
func (rt *_router) PutBan(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) {
|
|
|
|
uid := ps.ByName("user_id")
|
|
banned := ps.ByName("ban_uid")
|
|
|
|
// send error if the user has no permission to perform this action
|
|
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
|
|
return
|
|
}
|
|
|
|
if uid == banned {
|
|
helpers.SendBadRequest(w, "You cannot ban yourself", rt.baseLogger)
|
|
return
|
|
}
|
|
|
|
// Execute the query
|
|
status, err := rt.db.BanUser(uid, banned)
|
|
|
|
if err != nil {
|
|
helpers.SendInternalError(err, "Database error: BanUser", w, rt.baseLogger)
|
|
return
|
|
}
|
|
|
|
if status == database.ERR_NOT_FOUND {
|
|
helpers.SendBadRequest(w, "You are trying to ban a non-existent user", rt.baseLogger)
|
|
return
|
|
}
|
|
|
|
if status == database.ERR_EXISTS {
|
|
w.WriteHeader(http.StatusNoContent)
|
|
return
|
|
}
|
|
|
|
// Removes the banning user to the banned user's followers (if present)
|
|
_, err = rt.db.UnfollowUser(banned, uid)
|
|
|
|
if err != nil {
|
|
helpers.SendInternalError(err, "Database error: UnfollowUser", w, rt.baseLogger)
|
|
}
|
|
|
|
helpers.SendStatus(http.StatusCreated, w, "Success", rt.baseLogger)
|
|
}
|
|
|
|
func (rt *_router) DeleteBan(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) {
|
|
uid := ps.ByName("user_id")
|
|
banned := ps.ByName("ban_uid")
|
|
|
|
// send error if the user has no permission to perform this action
|
|
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
|
|
return
|
|
}
|
|
|
|
// Execute the query
|
|
status, err := rt.db.UnbanUser(uid, banned)
|
|
|
|
if err != nil {
|
|
helpers.SendInternalError(err, "Database error: UnbanUser", w, rt.baseLogger)
|
|
return
|
|
}
|
|
|
|
if status == database.ERR_NOT_FOUND {
|
|
helpers.SendNotFound(w, "User not banned", rt.baseLogger)
|
|
return
|
|
}
|
|
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|