add validity/permission checks to relation updates
This commit is contained in:
parent
0ec34bd9dc
commit
f4999fae6b
1 changed files with 41 additions and 33 deletions
|
@ -85,38 +85,46 @@
|
||||||
:links rels-indexed})))
|
:links rels-indexed})))
|
||||||
|
|
||||||
(defn update-relationrequest-status
|
(defn update-relationrequest-status
|
||||||
[id body]
|
"Updates the status of a relationship request"
|
||||||
(let [rr_id_map {:id id}
|
[id body {:keys [:session]}]
|
||||||
success (cond
|
(let [rr (db/get-relation-request {:id id})]
|
||||||
|
; Check that you are authorized to change this request
|
||||||
|
(if-not (= (:to_id rr) (get-in session [:user :id]))
|
||||||
|
(response/unauthorized "You can only update requests send to you")
|
||||||
|
(if-not (= "open" (:status rr))
|
||||||
|
(response/gone "Request is not open anymore")
|
||||||
|
(let [correct-params?
|
||||||
|
(cond
|
||||||
(contains? body :accept)
|
(contains? body :accept)
|
||||||
(do
|
(do
|
||||||
(let [rr (db/get-relation-request rr_id_map)]
|
(db/create-relation! (select-keys rr [:from_id :to_id]))
|
||||||
(db/create-relation! {:from_id (:from_id rr) :to_id (:to_id rr)}))
|
(db/update-relation-request-status! {:id id :status "accepted"}))
|
||||||
(db/update-relation-request-status! (assoc rr_id_map :status "accepted")))
|
|
||||||
(contains? body :decline)
|
(contains? body :decline)
|
||||||
(db/update-relation-request-status! (assoc rr_id_map :status "declined"))
|
(db/update-relation-request-status! {:id id :status "declined"})
|
||||||
:else false)]
|
:else false)]
|
||||||
(if success
|
(if correct-params?
|
||||||
(response/found "/")
|
(response/found "/")
|
||||||
(response-wrong-parameters))))
|
(response-wrong-parameters)))))))
|
||||||
|
|
||||||
(defn create-relation-request
|
(defn create-relation-request
|
||||||
[req]
|
"Creates a new request, as requests are unidirectional,
|
||||||
(let [data (:params req)
|
this gets denied if there is a request pending or a relation already established"
|
||||||
[err result] (st/validate data request_relation-schema)
|
[{:keys [:params :session :uri]}]
|
||||||
from-id (get-in req [:session :user :id])]
|
(let [[err result] (st/validate params request_relation-schema)
|
||||||
(if (nil? from-id) (response/found (error-page
|
from_id (get-in session [:user :id])
|
||||||
{:status 400
|
to_id (:to_id result)]
|
||||||
:title "No user id found in session"})))
|
(if (= from_id to_id)
|
||||||
(log/debug "Post to " (:uri req) "\n with data " result)
|
(response/unprocessable-entity "Sadly enough, you can't hug yourself :'(")
|
||||||
(if (nil? err)
|
(if-not (nil? err)
|
||||||
|
(response/unprocessable-entity "Incorrect input")
|
||||||
|
(let [count (db/get-connection-existence {:user_id from_id :other_id to_id})]
|
||||||
|
(if-not (= 0 (:count count))
|
||||||
|
(do
|
||||||
|
(log/info "Existing connections found, aborting.")
|
||||||
|
(response/conflict "There is already a request or relation between you and the other user"))
|
||||||
(do
|
(do
|
||||||
(log/debug "Create relation request")
|
(log/debug "Create relation request")
|
||||||
(db/create-relation-request! {:from_id from-id
|
(db/create-relation-request! {:from_id from_id
|
||||||
:to_id (:to_id result)
|
:to_id to_id
|
||||||
:status "open"})
|
:status "open"})
|
||||||
(response/found "/"))
|
(response/found "/"))))))))
|
||||||
(do
|
|
||||||
(log/debug "Relation request failed")
|
|
||||||
(log/debug err)
|
|
||||||
(response/unprocessable-entity "Incorrect input")))))
|
|
||||||
|
|
Loading…
Reference in a new issue