vikunja-api/routes/api/v1/lists_add_update.go

167 lines
4.4 KiB
Go
Raw Normal View History

2018-06-10 14:14:10 +02:00
package v1
import (
"git.kolaente.de/konrad/list/models"
2018-06-10 14:22:37 +02:00
"github.com/labstack/echo"
"net/http"
2018-06-10 14:14:10 +02:00
)
2018-07-10 14:02:23 +02:00
// AddList ...
2018-06-13 13:45:22 +02:00
func AddList(c echo.Context) error {
// swagger:operation PUT /namespaces/{namespaceID}/lists lists addList
2018-06-13 13:45:22 +02:00
// ---
// summary: Creates a new list owned by the currently logged in user in that namespace
2018-06-13 13:45:22 +02:00
// consumes:
// - application/json
// produces:
// - application/json
// parameters:
// - name: namespaceID
// in: path
// description: ID of the namespace that list should belong to
// type: string
// required: true
2018-06-13 13:45:22 +02:00
// - name: body
// in: body
// required: true
2018-06-13 13:45:22 +02:00
// schema:
// "$ref": "#/definitions/List"
// responses:
// "200":
// "$ref": "#/responses/List"
// "400":
// "$ref": "#/responses/Message"
// "403":
// "$ref": "#/responses/Message"
// "500":
// "$ref": "#/responses/Message"
// Get the list
var list *models.List
if err := c.Bind(&list); err != nil {
return c.JSON(http.StatusBadRequest, models.Message{"No list model provided."})
}
// Get the namespace ID
var err error
list.NamespaceID, err = models.GetIntURLParam("nID", c)
if err != nil {
return c.JSON(http.StatusBadRequest, models.Message{"Invalid namespace ID."})
}
// Get the current user for later checks
user, err := models.GetCurrentUser(c)
if err != nil {
return c.JSON(http.StatusInternalServerError, models.Message{"An error occured."})
}
list.Owner = user
// Get the namespace
namespace, err := models.GetNamespaceByID(list.NamespaceID)
if err != nil {
if models.IsErrNamespaceDoesNotExist(err) {
return c.JSON(http.StatusNotFound, models.Message{"Namespace not found."})
}
return c.JSON(http.StatusInternalServerError, models.Message{"An error occured."})
}
// Check if the user has write acces to that namespace
err = user.HasNamespaceWriteAccess(&namespace)
if err != nil {
if models.IsErrUserDoesNotHaveAccessToNamespace(err) {
return c.JSON(http.StatusForbidden, models.Message{"You don't have access to this namespace."})
}
if models.IsErrUserDoesNotHaveWriteAccessToNamespace(err) {
return c.JSON(http.StatusForbidden, models.Message{"You don't have write access to this namespace."})
}
return c.JSON(http.StatusInternalServerError, models.Message{"An error occured."})
}
// Create the new list
err = models.CreateOrUpdateList(list)
if err != nil {
return c.JSON(http.StatusInternalServerError, models.Message{"An error occured."})
}
return c.JSON(http.StatusOK, list)
2018-06-13 13:45:22 +02:00
}
2018-07-10 14:02:23 +02:00
// UpdateList ...
2018-06-13 13:45:22 +02:00
func UpdateList(c echo.Context) error {
// swagger:operation POST /lists/{listID} lists upadteList
// ---
// summary: Updates a list
// consumes:
// - application/json
// produces:
// - application/json
// parameters:
// - name: listID
// in: path
// description: ID of the list to update
// type: string
// required: true
// - name: body
// in: body
// schema:
// "$ref": "#/definitions/List"
// responses:
// "200":
// "$ref": "#/responses/List"
// "400":
// "$ref": "#/responses/Message"
// "403":
// "$ref": "#/responses/Message"
// "500":
// "$ref": "#/responses/Message"
2018-06-10 14:14:10 +02:00
// Get the list
var list *models.List
if err := c.Bind(&list); err != nil {
return c.JSON(http.StatusBadRequest, models.Message{"No list model provided."})
}
// Get the list ID
var err error
list.ID, err = models.GetIntURLParam("id", c)
if err != nil {
return c.JSON(http.StatusBadRequest, models.Message{"Invalid ID."})
2018-06-10 14:14:10 +02:00
}
// Check if the list exists
// ID = 0 means new list, no error
2018-07-04 08:15:47 +02:00
var oldList models.List
2018-06-10 14:14:10 +02:00
if list.ID != 0 {
2018-07-04 08:15:47 +02:00
oldList, err = models.GetListByID(list.ID)
2018-06-10 14:14:10 +02:00
if err != nil {
if models.IsErrListDoesNotExist(err) {
return c.JSON(http.StatusBadRequest, models.Message{"The list does not exist."})
}
2018-06-10 14:22:37 +02:00
return c.JSON(http.StatusInternalServerError, models.Message{"Could not check if the list exists."})
2018-06-10 14:14:10 +02:00
}
}
// Get the current user for later checks
user, err := models.GetCurrentUser(c)
if err != nil {
return c.JSON(http.StatusInternalServerError, models.Message{"An error occured."})
}
list.Owner = user
// Check if the user owns the list
// TODO use list function for that
if user.ID != oldList.Owner.ID {
return c.JSON(http.StatusForbidden, models.Message{"You cannot edit a list you don't own."})
}
2018-06-10 14:14:10 +02:00
// Update the list
err = models.CreateOrUpdateList(list)
if err != nil {
return c.JSON(http.StatusInternalServerError, models.Message{"An error occured."})
2018-06-10 14:14:10 +02:00
}
return c.JSON(http.StatusOK, list)
2018-06-10 14:22:37 +02:00
}