...
 
Commits (4)
......@@ -96,8 +96,8 @@ func (context *APIContext) LoadAllProjects() ([]Project, error) {
// Update a project in the database
func (project *Project) Update(context *APIContext) error {
_, err := context.Exec("UPDATE projects SET about = $1, summary = $2, slug = $3, name = $4, website = $5, license = $6, repository = $7, private = $8, private_balance = $9, processing_cut = $10 WHERE id = $11",
project.About, project.Summary, project.Slug, project.Name, project.Website, project.License, project.Repository, project.Private, project.PrivateBalance, project.ProcessingCut, project.ID)
_, err := context.Exec("UPDATE projects SET about = $1, summary = $2, slug = $3, name = $4, website = $5, license = $6, repository = $7, private = $8, private_balance = $9, processing_cut = $10, activated = $11 WHERE id = $12",
project.About, project.Summary, project.Slug, project.Name, project.Website, project.License, project.Repository, project.Private, project.PrivateBalance, project.ProcessingCut, project.Activated, project.ID)
projectsCache.Delete(project.UUID)
return err
......@@ -107,8 +107,9 @@ func (project *Project) Update(context *APIContext) error {
func (project *Project) Save(context *APIContext) error {
project.UUID, _ = UUID()
err := context.QueryRow("INSERT INTO projects (uuid, slug, name, summary, about, website, license, repository, logo, created_at, private, private_balance, processing_cut) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13) RETURNING id",
project.UUID, project.Slug, project.Name, project.Summary, project.About, project.Website, project.License, project.Repository, project.Logo, time.Now().UTC(), project.Private, project.PrivateBalance, project.ProcessingCut).Scan(&project.ID)
err := context.QueryRow("INSERT INTO projects (uuid, slug, name, summary, about, website, license, repository, logo, created_at, private, private_balance) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12) RETURNING id",
project.UUID, project.Slug, project.Name, project.Summary, project.About, project.Website, project.License, project.Repository, project.Logo, time.Now().UTC(), project.Private, project.PrivateBalance).Scan(&project.ID)
projectsCache.Delete(project.UUID)
return err
}
......
......@@ -27,7 +27,7 @@ func (r *BudgetResource) DeleteParams() []*restful.Parameter {
// Post processes an incoming POST (create) request
func (r *BudgetResource) Delete(context smolder.APIContext, request *restful.Request, response *restful.Response) {
auth, err := context.Authentication(request)
if err != nil || auth.(db.Budget).ID != 1 {
if err != nil || auth.(db.User).ID != 1 {
smolder.ErrorResponseHandler(request, response, err, smolder.NewErrorResponse(
http.StatusUnauthorized,
"Admin permission required for this operation",
......
......@@ -38,15 +38,14 @@ func (r *BudgetResource) PostParams() []*restful.Parameter {
// Post processes an incoming POST (create) request
func (r *BudgetResource) Post(context smolder.APIContext, data interface{}, request *restful.Request, response *restful.Response) {
/*auth, err := context.Authentication(request)
if err != nil || auth.(db.Budget).ID != 1 {
smolder.ErrorResponseHandler(request, response, smolder.NewErrorResponse(
auth, err := context.Authentication(request)
if err != nil || auth.(db.User).ID != 1 {
smolder.ErrorResponseHandler(request, response, err, smolder.NewErrorResponse(
http.StatusUnauthorized,
false,
"Admin permission required for this operation",
"BudgetResource POST"))
return
}*/
}
ups := data.(*BudgetPostStruct)
......
......@@ -40,15 +40,14 @@ func (r *BudgetResource) Put(context smolder.APIContext, data interface{}, reque
return
}
/* auth, err := context.Authentication(request)
if err != nil || (auth.(db.User).ID != 1 && auth.(db.User).ID != budget.UserID) {
smolder.ErrorResponseHandler(request, response, smolder.NewErrorResponse(
http.StatusUnauthorized,
false,
"Admin permission required for this operation",
"BudgetResource PUT"))
return
} */
auth, err := context.Authentication(request)
if err != nil || (auth.(db.User).ID != 1) { // && auth.(db.User).ID != budget.UserID) {
smolder.ErrorResponseHandler(request, response, err, smolder.NewErrorResponse(
http.StatusUnauthorized,
"Admin permission required for this operation",
"BudgetResource PUT"))
return
}
pps := data.(*BudgetPutStruct)
project, err := context.(*db.APIContext).LoadProjectByUUID(pps.Budget.Project)
......@@ -56,7 +55,7 @@ func (r *BudgetResource) Put(context smolder.APIContext, data interface{}, reque
smolder.ErrorResponseHandler(request, response, err, smolder.NewErrorResponse(
http.StatusBadRequest,
"No such project",
"BudgetResource POST"))
"BudgetResource PUT"))
return
}
......
......@@ -17,7 +17,7 @@ type PaymentPutStruct struct {
// PutAuthRequired returns true because all requests need authentication
func (r *PaymentResource) PutAuthRequired() bool {
return false
return true
}
// PutDoc returns the description of this API endpoint
......@@ -32,6 +32,15 @@ func (r *PaymentResource) PutParams() []*restful.Parameter {
// Put processes an incoming PUT (update) request
func (r *PaymentResource) Put(context smolder.APIContext, data interface{}, request *restful.Request, response *restful.Response) {
auth, err := context.Authentication(request)
if err != nil || (auth.(db.User).ID != 1) { // && auth.(db.User).ID != project.UserID) {
smolder.ErrorResponseHandler(request, response, err, smolder.NewErrorResponse(
http.StatusUnauthorized,
"Admin permission required for this operation",
"PaymentResource PUT"))
return
}
ctx := context.(*db.APIContext)
resp := PaymentResponse{}
resp.Init(context)
......@@ -44,16 +53,6 @@ func (r *PaymentResource) Put(context smolder.APIContext, data interface{}, requ
return
}
/* auth, err := context.Authentication(request)
if err != nil || (auth.(db.User).ID != 1 && auth.(db.User).ID != project.UserID) {
smolder.ErrorResponseHandler(request, response, smolder.NewErrorResponse(
http.StatusUnauthorized,
false,
"Admin permission required for this operation",
"ProjectResource PUT"))
return
} */
pps := data.(*PaymentPostStruct)
payment.Code = pps.Payment.Code
payment.Pending = pps.Payment.Pending
......
......@@ -44,19 +44,18 @@ func (r *ProjectResource) PostParams() []*restful.Parameter {
// Post processes an incoming POST (create) request
func (r *ProjectResource) Post(context smolder.APIContext, data interface{}, request *restful.Request, response *restful.Response) {
/*auth, err := context.Authentication(request)
if err != nil || auth.(db.Project).ID != 1 {
smolder.ErrorResponseHandler(request, response, smolder.NewErrorResponse(
auth, err := context.Authentication(request)
if err != nil || auth.(db.User).ID != 1 {
smolder.ErrorResponseHandler(request, response, err, smolder.NewErrorResponse(
http.StatusUnauthorized,
false,
"Admin permission required for this operation",
"ProjectResource POST"))
return
}*/
}
ctx := context.(*db.APIContext)
ups := data.(*ProjectPostStruct)
_, err := ctx.LoadProjectBySlug(ups.Project.Slug)
_, err = ctx.LoadProjectBySlug(ups.Project.Slug)
if err == nil {
smolder.ErrorResponseHandler(request, response, nil, smolder.NewErrorResponse(
http.StatusBadRequest,
......
......@@ -40,15 +40,14 @@ func (r *ProjectResource) Put(context smolder.APIContext, data interface{}, requ
return
}
/* auth, err := context.Authentication(request)
if err != nil || (auth.(db.User).ID != 1 && auth.(db.User).ID != project.UserID) {
smolder.ErrorResponseHandler(request, response, smolder.NewErrorResponse(
http.StatusUnauthorized,
false,
"Admin permission required for this operation",
"ProjectResource PUT"))
return
} */
auth, err := context.Authentication(request)
if err != nil || (auth.(db.User).ID != 1) { // && auth.(db.User).ID != project.UserID) {
smolder.ErrorResponseHandler(request, response, err, smolder.NewErrorResponse(
http.StatusUnauthorized,
"Admin permission required for this operation",
"ProjectResource PUT"))
return
}
pps := data.(*ProjectPostStruct)
project.Name = pps.Project.Name
......
package searches
import (
"net/http"
"gitlab.techcultivation.org/sangha/sangha/db"
"github.com/emicklei/go-restful"
......@@ -9,7 +11,7 @@ import (
// GetAuthRequired returns true because all requests need authentication
func (r *SearchesResource) GetAuthRequired() bool {
return false
return true
}
// GetByIDsAuthRequired returns true because all requests need authentication
......@@ -49,6 +51,15 @@ func (r *SearchesResource) GetByIDs(context smolder.APIContext, request *restful
// Get sends out items matching the query parameters
func (r *SearchesResource) Get(context smolder.APIContext, request *restful.Request, response *restful.Response, params map[string][]string) {
auth, err := context.Authentication(request)
if err != nil || auth.(db.User).ID != 1 {
smolder.ErrorResponseHandler(request, response, err, smolder.NewErrorResponse(
http.StatusUnauthorized,
"Admin permission required for this operation",
"SearchesResource GET"))
return
}
resp := SearchResponse{}
resp.Init(context)
......
package statistics
import (
"net/http"
"gitlab.techcultivation.org/sangha/sangha/db"
"github.com/emicklei/go-restful"
......@@ -9,7 +11,7 @@ import (
// GetAuthRequired returns true because all requests need authentication
func (r *StatisticsResource) GetAuthRequired() bool {
return false
return true
}
// GetByIDsAuthRequired returns true because all requests need authentication
......@@ -33,6 +35,15 @@ func (r *StatisticsResource) GetParams() []*restful.Parameter {
// Get sends out items matching the query parameters
func (r *StatisticsResource) Get(context smolder.APIContext, request *restful.Request, response *restful.Response, params map[string][]string) {
auth, err := context.Authentication(request)
if err != nil || auth.(db.User).ID != 1 {
smolder.ErrorResponseHandler(request, response, err, smolder.NewErrorResponse(
http.StatusUnauthorized,
"Admin permission required for this operation",
"StatisticsResource GET"))
return
}
resp := StatisticsResponse{}
resp.Init(context)
......
......@@ -14,7 +14,7 @@ import (
// GetAuthRequired returns true because all requests need authentication
func (r *TransactionResource) GetAuthRequired() bool {
return false
return true
}
// GetByIDsAuthRequired returns true because all requests need authentication
......@@ -45,6 +45,15 @@ func (r *TransactionResource) GetParams() []*restful.Parameter {
// GetByIDs sends out all items matching a set of IDs
func (r *TransactionResource) GetByIDs(context smolder.APIContext, request *restful.Request, response *restful.Response, ids []string) {
auth, err := context.Authentication(request)
if err != nil || auth.(db.User).ID != 1 {
smolder.ErrorResponseHandler(request, response, err, smolder.NewErrorResponse(
http.StatusUnauthorized,
"Admin permission required for this operation",
"TransactionResource GET"))
return
}
resp := TransactionResponse{}
resp.Init(context)
......@@ -64,11 +73,19 @@ func (r *TransactionResource) GetByIDs(context smolder.APIContext, request *rest
// Get sends out items matching the query parameters
func (r *TransactionResource) Get(context smolder.APIContext, request *restful.Request, response *restful.Response, params map[string][]string) {
auth, err := context.Authentication(request)
if err != nil || auth.(db.User).ID != 1 {
smolder.ErrorResponseHandler(request, response, err, smolder.NewErrorResponse(
http.StatusUnauthorized,
"Admin permission required for this operation",
"TransactionResource GET"))
return
}
ctx := context.(*db.APIContext)
resp := TransactionResponse{}
resp.Init(context)
var err error
var transactions []db.Transaction
if len(params["project"]) > 0 {
......
......@@ -38,6 +38,15 @@ func (r *TransactionResource) PostParams() []*restful.Parameter {
// Post processes an incoming POST (create) request
func (r *TransactionResource) Post(context smolder.APIContext, data interface{}, request *restful.Request, response *restful.Response) {
auth, err := context.Authentication(request)
if err != nil || auth.(db.User).ID != 1 {
smolder.ErrorResponseHandler(request, response, err, smolder.NewErrorResponse(
http.StatusUnauthorized,
"Admin permission required for this operation",
"TransactionResource POST"))
return
}
ctx := context.(*db.APIContext)
ups := data.(*TransactionPostStruct)
log.Printf("Got transaction request: %+v\n", ups)
......
......@@ -17,7 +17,7 @@ type TransactionPutStruct struct {
// PutAuthRequired returns true because all requests need authentication
func (r *TransactionResource) PutAuthRequired() bool {
return false
return true
}
// PutDoc returns the description of this API endpoint
......
......@@ -37,7 +37,16 @@ func (r *UserResource) GetByIDs(context smolder.APIContext, request *restful.Req
resp := UserResponse{}
resp.Init(context)
auth, _ := context.Authentication(request)
for _, id := range ids {
if auth == nil || (auth.(db.User).ID != 1 && auth.(db.User).UUID != id) {
smolder.ErrorResponseHandler(request, response, nil, smolder.NewErrorResponse(
http.StatusUnauthorized,
"Auth permission required for this operation",
"UserResource GET"))
return
}
user, err := context.(*db.APIContext).GetUserByUUID(id)
if err != nil {
r.NotFound(request, response)
......