-
Notifications
You must be signed in to change notification settings - Fork 0
/
http_alertgroups.go
237 lines (207 loc) · 6.07 KB
/
http_alertgroups.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
package main
import (
"fmt"
"html/template"
"log"
"net/http"
"strings"
"unfoldedip/satsql"
"unfoldedip/sattypes"
)
// handle contacts and contact groups
func alertgroups(writer http.ResponseWriter, request *http.Request, H sattypes.BaseHandler) {
var g sattypes.Global
var err error
// retrieve session
if g.U, g.U.LoggedIn = isLoggedIn(request, H); !g.U.LoggedIn {
http.Redirect(writer, request, "/login?session=expired2", http.StatusSeeOther)
return
}
// retrieve alert groups from SQL driver
Contacts, err := satsql.ReadAlertGroups(H, g.U.UserID)
if err != nil {
log.Println(err)
} else {
g.AlertGroups = Contacts
}
// Default is GET method where we will print out the template
executeGlobalAgainstTemplate(writer, "alertgroups.html", g)
}
// handle delete service (will be called by ajax query)
// redirect then (or not?)
func alertgroupDelete(writer http.ResponseWriter, request *http.Request, H sattypes.BaseHandler) {
// local variables
var g sattypes.Global
var delAlertGroup sattypes.AlertGroup
var alertID string
var err error
// retrieve session
if g.U, g.U.LoggedIn = isLoggedIn(request, H); !g.U.LoggedIn {
http.Redirect(writer, request, "/login?session=expired5", http.StatusSeeOther)
return
}
// Delete method? Else, we will return
if request.Method != http.MethodPost {
goto DefaultAndExit
}
/* read params form */
err = request.ParseForm()
if err != nil {
log.Println(err)
goto DefaultAndExit
}
// check if csrf token is valid
if !CheckCSRFToken(writer, request, H, g.U.UserSession) {
return
}
// read alert id
alertID = request.FormValue("id")
if alertID == "" {
log.Println("No id for alergroup deletion")
goto DefaultAndExit
}
// retrieve group by groupid
delAlertGroup, err = satsql.SelectAlertGroup(H, "contact_id", alertID)
// service exists and owner is current user, then delete
if err == nil && delAlertGroup.OwnerID == g.U.UserID {
if H.Debug {
log.Println("Deleting alertgroup", delAlertGroup.ContactID)
}
err := satsql.DeleteAlertGroup(H, delAlertGroup.ContactID)
if err != nil {
log.Println(err)
goto DefaultAndExit
}
writer.WriteHeader(http.StatusOK)
return
}
/* return no content by default */
DefaultAndExit:
writer.WriteHeader(http.StatusNoContent)
return
}
// adding a contact
func alertgroupAdd(writer http.ResponseWriter, request *http.Request, H sattypes.BaseHandler) {
// local variables
var g sattypes.Global
var err error
var newContact, editContact, garbageContact sattypes.AlertGroup
// for create, edit and checking access
// retrieve session
if g.U, g.U.LoggedIn = isLoggedIn(request, H); !g.U.LoggedIn {
http.Redirect(writer, request, "/login?session=expired7", http.StatusSeeOther)
return
}
// things we expect to read from our form
expectedVars := []string{
"groupname",
"emails",
}
// handle POST
if request.Method == http.MethodPost {
// Parse form arguments
err = request.ParseForm()
if err != nil {
log.Println(err)
return
}
// check if csrf token is valid
if !CheckCSRFToken(writer, request, H, g.U.UserSession) {
return
}
// if we are in edit mode, we need carefully check, if the user
// is allowed to access the contact id
if request.Form.Get("nextfunction") == "edit" {
// read serviceID
contactID := request.FormValue("id")
if contactID == "" {
if H.Debug {
log.Println("No id for service logs")
}
goto DefaultAndExit
}
// retrieve service by service_id
garbageContact, err = satsql.SelectAlertGroup(H, "contact_id", contactID)
if garbageContact.ContactID == 0 {
if H.Debug {
log.Println("Not allowing access for contact edit or contact not existing")
}
goto DefaultAndExit
}
// check if the user is owner of this contact group
if garbageContact.OwnerID != g.U.UserID {
if H.Debug {
log.Println("Not allowing access for contact edit or contact not existing")
}
goto DefaultAndExit
}
// access ok, copy over the id, release memory
newContact.ContactID = garbageContact.ContactID
}
// check for all mandatory fields and collect errors if missing or invalid
for _, x := range expectedVars {
formValue := template.HTMLEscapeString(request.Form.Get(x))
switch x {
case "groupname":
newContact.GroupName = func(arg string) string {
if len(arg) == 0 {
g.Errors = append(g.Errors, "Group name cant be zero")
return ""
}
return arg
}(formValue)
case "emails":
newContact.Emails = func(arg string) string {
if len(arg) == 0 {
g.Errors = append(g.Errors, "Email addresses cant be count of zero")
return ""
}
return arg
}(formValue)
}
}
// add userid to service for db insert
newContact.OwnerID = g.U.UserID
// use the size from errorCollection as error indicator
if len(g.Errors) == 0 {
// check if we are in edit or post
if request.Form.Get("nextfunction") == "edit" {
if H.Debug {
log.Println("Updating contact", newContact.ContactID)
}
err = satsql.UpdateAlertGroup(H, &newContact)
} else {
err = satsql.InsertAlertGroup(H, &newContact)
}
if err != nil {
g.State = 2
} else {
http.Redirect(writer, request, fmt.Sprintf("/alertgroups"), http.StatusSeeOther)
return
}
}
}
// check if we are in edit mode
if request.Method == http.MethodGet {
if strings.Contains(request.URL.Path, "alertgroup_edit") {
// this becomes now tricky, we will try to parse the id
contactID := request.FormValue("id")
if contactID == "" {
goto DefaultAndExit
}
editContact, err = satsql.SelectAlertGroup(H, "contact_id", contactID)
// service exists and owner is current user, then proceed
if err == nil && editContact.OwnerID == g.U.UserID {
// template the selected service into the global var
g.AlertGroup = editContact
// tell the template function, that we want to edit
// so it renders the right information
g.NextFunction = "edit"
}
// else do nothing...
}
}
DefaultAndExit:
// Default is GET method where we will print out the template
executeGlobalAgainstTemplate(writer, "alertgroup_add.html", g)
}