implementing handlers for user configuration

author: Steve Manuel <nilslice@gmail.com> 2016-10-22 03:01:11 -0700
committer: Steve Manuel <nilslice@gmail.com> 2016-10-22 03:01:11 -0700
commit: f0d0c08fcc7df98d78927cb09d6d9abc10f5caaa (patch)
tree: 345ea62caa923c618a175da5d3df2605da97295c
parent: dbed4fd6c2e296454adb1ebe5186111aa6367fb7 (diff)
2 files changed, 224 insertions, 9 deletions
diff --git a/system/admin/handlers.go b/system/admin/handlers.go
index 65df845..55afaf4 100644
--- a/system/admin/handlers.go
+++ b/system/admin/handlers.go
@@ -190,6 +190,49 @@ func configUsersHandler(res http.ResponseWriter, req *http.Request) {
 
 	case http.MethodPost:
 		// create new user
+		err := req.ParseMultipartForm(1024 * 1024 * 4) // maxMemory 4MB
+		if err != nil {
+			fmt.Println(err)
+			res.WriteHeader(http.StatusInternalServerError)
+			errView, err := Error500()
+			if err != nil {
+				return
+			}
+
+			res.Write(errView)
+			return
+		}
+		email := strings.ToLower(req.FormValue("email"))
+		password := req.PostFormValue("password")
+
+		if email == "" || password == "" {
+			fmt.Println(err)
+			res.WriteHeader(http.StatusInternalServerError)
+			errView, err := Error500()
+			if err != nil {
+				return
+			}
+
+			res.Write(errView)
+			return
+		}
+
+		usr := user.NewUser(email, password)
+
+		_, err = db.SetUser(usr)
+		if err != nil {
+			fmt.Println(err)
+			res.WriteHeader(http.StatusInternalServerError)
+			errView, err := Error500()
+			if err != nil {
+				return
+			}
+
+			res.Write(errView)
+			return
+		}
+
+		http.Redirect(res, req, req.URL.String(), http.StatusFound)
 
 	default:
 		res.WriteHeader(http.StatusMethodNotAllowed)
@@ -198,11 +241,77 @@ func configUsersHandler(res http.ResponseWriter, req *http.Request) {
 
 func configUsersEditHandler(res http.ResponseWriter, req *http.Request) {
 	switch req.Method {
-	case http.MethodGet:
-		// list all users and delete buttons
-
 	case http.MethodPost:
-		// create new user
+		err := req.ParseMultipartForm(1024 * 1024 * 4) // maxMemory 4MB
+
+		// check if user to be edited is current user
+		j, err := db.CurrentUser(req)
+		if err != nil {
+			fmt.Println(err)
+			res.WriteHeader(http.StatusInternalServerError)
+			errView, err := Error500()
+			if err != nil {
+				return
+			}
+
+			res.Write(errView)
+			return
+		}
+
+		var usr *user.User
+		err = json.Unmarshal(j, usr)
+		if err != nil {
+			fmt.Println(err)
+			res.WriteHeader(http.StatusInternalServerError)
+			errView, err := Error500()
+			if err != nil {
+				return
+			}
+
+			res.Write(errView)
+			return
+		}
+
+		// check if password matches
+		password := req.PostFormValue("password")
+
+		if !user.IsUser(usr, password) {
+			fmt.Println(err)
+			res.WriteHeader(http.StatusBadRequest)
+			errView, err := Error405()
+			if err != nil {
+				return
+			}
+
+			res.Write(errView)
+			return
+		}
+
+		email := strings.ToLower(req.PostFormValue("email"))
+		newPassword := req.PostFormValue("new_password")
+		var updatedUser *user.User
+		if newPassword != "" {
+			updatedUser = user.NewUser(email, newPassword)
+		} else {
+			updatedUser = user.NewUser(email, newPassword)
+		}
+
+		// set the ID to the same ID as current user
+		updatedUser.ID = usr.ID
+
+		// set user in db
+		err = db.UpdateUser(updatedUser)
+		if err != nil {
+			fmt.Println(err)
+			res.WriteHeader(http.StatusInternalServerError)
+			errView, err := Error500()
+			if err != nil {
+				return
+			}
+
+			res.Write(errView)
+			return
+		}
 
 	default:
 		res.WriteHeader(http.StatusMethodNotAllowed)
@@ -211,11 +320,64 @@ func configUsersEditHandler(res http.ResponseWriter, req *http.Request) {
 
 func configUsersDeleteHandler(res http.ResponseWriter, req *http.Request) {
 	switch req.Method {
-	case http.MethodGet:
-		// list all users and delete buttons
-
 	case http.MethodPost:
-		// create new user
+		err := req.ParseMultipartForm(1024 * 1024 * 4) // maxMemory 4MB
+
+		// do not allow current user to delete themselves
+		j, err := db.CurrentUser(req)
+		if err != nil {
+			fmt.Println(err)
+			res.WriteHeader(http.StatusInternalServerError)
+			errView, err := Error500()
+			if err != nil {
+				return
+			}
+
+			res.Write(errView)
+			return
+		}
+
+		var usr user.User
+		err = json.Unmarshal(j, &usr)
+		if err != nil {
+			fmt.Println(err)
+			res.WriteHeader(http.StatusInternalServerError)
+			errView, err := Error500()
+			if err != nil {
+				return
+			}
+
+			res.Write(errView)
+			return
+		}
+
+		email := strings.ToLower(req.PostFormValue("email"))
+
+		if usr.Email == email {
+			fmt.Println(err)
+			res.WriteHeader(http.StatusBadRequest)
+			errView, err := Error405()
+			if err != nil {
+				return
+			}
+
+			res.Write(errView)
+			return
+		}
+
+		// delete existing user
+		err = db.DeleteUser(email)
+		if err != nil {
+			fmt.Println(err)
+			res.WriteHeader(http.StatusInternalServerError)
+			errView, err := Error500()
+			if err != nil {
+				return
+			}
+
+			res.Write(errView)
+			return
+		}
 
 	default:
 		res.WriteHeader(http.StatusMethodNotAllowed)
diff --git a/system/db/user.go b/system/db/user.go
index 3b09dbe..170b331 100644
--- a/system/db/user.go
+++ b/system/db/user.go
@@ -16,6 +16,9 @@ import (
 // ErrUserExists is used for the db to report to admin user of existing user
 var ErrUserExists = errors.New("Error. User exists.")
 
+// ErrNoUserExists is used for the db to report to admin user of non-existing user
+var ErrNoUserExists = errors.New("Error. No user exists.")
+
 // SetUser sets key:value pairs in the db for user settings
 func SetUser(usr *user.User) (int, error) {
 	err := store.Update(func(tx *bolt.Tx) error {
@@ -41,7 +44,7 @@ func SetUser(usr *user.User) (int, error) {
 			return err
 		}
 
-		err = users.Put([]byte(usr.Email), j)
+		err = users.Put(email, j)
 		if err != nil {
 			return err
 		}
@@ -55,6 +58,56 @@ func SetUser(usr *user.User) (int, error) {
 	return usr.ID, nil
 }
 
+// UpdateUser sets key:value pairs in the db for existing user settings
+func UpdateUser(usr *user.User) error {
+	err := store.Update(func(tx *bolt.Tx) error {
+		email := []byte(usr.Email)
+		users := tx.Bucket([]byte("_users"))
+
+		// check if user is found by email, fail if nil
+		exists := users.Get(email)
+		if exists == nil {
+			return ErrNoUserExists
+		}
+
+		// marshal User to json and put into bucket
+		j, err := json.Marshal(usr)
+		if err != nil {
+			return err
+		}
+
+		err = users.Put(email, j)
+		if err != nil {
+			return err
+		}
+
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// DeleteUser deletes a user from the db by email
+func DeleteUser(email string) error {
+	err := store.Update(func(tx *bolt.Tx) error {
+		b := tx.Bucket([]byte("_users"))
+		err := b.Delete([]byte(email))
+		if err != nil {
+			return err
+		}
+
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
 // User gets the user by email from the db
 func User(email string) ([]byte, error) {
 	val := &bytes.Buffer{}
author	Steve Manuel <nilslice@gmail.com>	2016-10-22 03:01:11 -0700
committer	Steve Manuel <nilslice@gmail.com>	2016-10-22 03:01:11 -0700
commit	f0d0c08fcc7df98d78927cb09d6d9abc10f5caaa (patch)
tree	345ea62caa923c618a175da5d3df2605da97295c
parent	dbed4fd6c2e296454adb1ebe5186111aa6367fb7 (diff)