added features and fixes
This commit is contained in:
+87
-10
@@ -6,28 +6,35 @@ import (
|
||||
"net/http"
|
||||
|
||||
"git.dustin.coffee/hobokenchicken/dumpsterChat/internal/middleware"
|
||||
"git.dustin.coffee/hobokenchicken/dumpsterChat/internal/permissions"
|
||||
"github.com/go-chi/chi/v5"
|
||||
)
|
||||
|
||||
type MemberHandler struct {
|
||||
db *sql.DB
|
||||
db *sql.DB
|
||||
checker *permissions.Checker
|
||||
}
|
||||
|
||||
func NewMemberHandler(db *sql.DB) *MemberHandler {
|
||||
return &MemberHandler{db: db}
|
||||
return &MemberHandler{
|
||||
db: db,
|
||||
checker: permissions.NewChecker(db),
|
||||
}
|
||||
}
|
||||
|
||||
func (h *MemberHandler) RegisterRoutes(r chi.Router) {
|
||||
r.Get("/members", h.ListMembers)
|
||||
r.Patch("/members/{userID}", h.UpdateMember)
|
||||
}
|
||||
|
||||
type memberResponse struct {
|
||||
ID string `json:"id"`
|
||||
Username string `json:"username"`
|
||||
DisplayName string `json:"display_name"`
|
||||
Avatar string `json:"avatar"`
|
||||
Status string `json:"status"`
|
||||
StatusText string `json:"status_text"`
|
||||
ID string `json:"id"`
|
||||
Username string `json:"username"`
|
||||
DisplayName string `json:"display_name"`
|
||||
Nickname *string `json:"nickname"`
|
||||
Avatar string `json:"avatar"`
|
||||
Status string `json:"status"`
|
||||
StatusText string `json:"status_text"`
|
||||
}
|
||||
|
||||
func (h *MemberHandler) ListMembers(w http.ResponseWriter, r *http.Request) {
|
||||
@@ -50,7 +57,7 @@ func (h *MemberHandler) ListMembers(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
rows, err := h.db.QueryContext(r.Context(), `
|
||||
SELECT u.id, u.username, u.display_name, COALESCE(u.avatar, ''), u.status, COALESCE(u.status_text, '')
|
||||
SELECT u.id, u.username, u.display_name, m.nickname, COALESCE(u.avatar, ''), u.status, COALESCE(u.status_text, '')
|
||||
FROM members m
|
||||
JOIN users u ON u.id = m.user_id
|
||||
WHERE m.server_id = $1
|
||||
@@ -65,12 +72,82 @@ func (h *MemberHandler) ListMembers(w http.ResponseWriter, r *http.Request) {
|
||||
members := make([]memberResponse, 0)
|
||||
for rows.Next() {
|
||||
var m memberResponse
|
||||
if err := rows.Scan(&m.ID, &m.Username, &m.DisplayName, &m.Avatar, &m.Status, &m.StatusText); err != nil {
|
||||
var nick sql.NullString
|
||||
if err := rows.Scan(&m.ID, &m.Username, &m.DisplayName, &nick, &m.Avatar, &m.Status, &m.StatusText); err != nil {
|
||||
continue
|
||||
}
|
||||
if nick.Valid {
|
||||
m.Nickname = &nick.String
|
||||
}
|
||||
members = append(members, m)
|
||||
}
|
||||
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
json.NewEncoder(w).Encode(members)
|
||||
}
|
||||
|
||||
type updateMemberRequest struct {
|
||||
Nickname *string `json:"nickname"`
|
||||
}
|
||||
|
||||
func (h *MemberHandler) UpdateMember(w http.ResponseWriter, r *http.Request) {
|
||||
userID, ok := middleware.UserIDFromContext(r.Context())
|
||||
if !ok {
|
||||
http.Error(w, `{"error":"unauthorized"}`, http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
serverID := chi.URLParam(r, "serverID")
|
||||
targetUserID := chi.URLParam(r, "userID")
|
||||
|
||||
var req updateMemberRequest
|
||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||
http.Error(w, `{"error":"invalid request"}`, http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
if req.Nickname == nil {
|
||||
http.Error(w, `{"error":"nothing to update"}`, http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
// Check permissions:
|
||||
// - If self, need CHANGE_NICKNAME
|
||||
// - If other, need MANAGE_NICKNAMES
|
||||
var requiredPerm int64
|
||||
if userID == targetUserID {
|
||||
requiredPerm = permissions.CHANGE_NICKNAME
|
||||
} else {
|
||||
requiredPerm = permissions.MANAGE_NICKNAMES
|
||||
}
|
||||
|
||||
allowed, err := h.checker.CheckPermission(r.Context(), serverID, userID, requiredPerm)
|
||||
if err != nil {
|
||||
http.Error(w, `{"error":"server error"}`, http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if !allowed {
|
||||
http.Error(w, `{"error":"forbidden"}`, http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
||||
// Update nickname in the database
|
||||
var nickVal sql.NullString
|
||||
if *req.Nickname != "" {
|
||||
nickVal = sql.NullString{String: *req.Nickname, Valid: true}
|
||||
} else {
|
||||
nickVal = sql.NullString{Valid: false} // NULL value clears the nickname
|
||||
}
|
||||
|
||||
_, err = h.db.ExecContext(r.Context(), `
|
||||
UPDATE members
|
||||
SET nickname = $1
|
||||
WHERE user_id = $2 AND server_id = $3
|
||||
`, nickVal, targetUserID, serverID)
|
||||
if err != nil {
|
||||
http.Error(w, `{"error":"failed to update nickname"}`, http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
w.WriteHeader(http.StatusNoContent)
|
||||
}
|
||||
|
||||
@@ -80,7 +80,7 @@ type setMemberRolesRequest struct {
|
||||
// Helpers
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
// requireManageServer checks that the caller has MANAGE_SERVER permission.
|
||||
// requireManageServer checks that the caller has MANAGE_SERVER or MANAGE_ROLES permission.
|
||||
// Returns false (and writes the error response) if denied.
|
||||
func (h *RoleHandler) requireManageServer(w http.ResponseWriter, r *http.Request, serverID string) bool {
|
||||
userID, ok := middleware.UserIDFromContext(r.Context())
|
||||
@@ -89,11 +89,18 @@ func (h *RoleHandler) requireManageServer(w http.ResponseWriter, r *http.Request
|
||||
return false
|
||||
}
|
||||
|
||||
allowed, err := h.checker.CheckPermission(r.Context(), serverID, userID, permissions.MANAGE_SERVER)
|
||||
allowed, err := h.checker.CheckPermission(r.Context(), serverID, userID, permissions.MANAGE_ROLES)
|
||||
if err != nil {
|
||||
http.Error(w, `{"error":"server error"}`, http.StatusInternalServerError)
|
||||
return false
|
||||
}
|
||||
if !allowed {
|
||||
allowed, err = h.checker.CheckPermission(r.Context(), serverID, userID, permissions.MANAGE_SERVER)
|
||||
if err != nil {
|
||||
http.Error(w, `{"error":"server error"}`, http.StatusInternalServerError)
|
||||
return false
|
||||
}
|
||||
}
|
||||
if !allowed {
|
||||
http.Error(w, `{"error":"forbidden"}`, http.StatusForbidden)
|
||||
return false
|
||||
|
||||
Reference in New Issue
Block a user