Yay banning people!

2016-04-12 21:41:08 +02:00 · 2016-04-12 21:41:08 +02:00 · c4e03dc189
parent c108da9bb3
commit c4e03dc189
4 changed files with 47 additions and 7 deletions
--- a/app/start.go
+++ b/app/start.go
@ -46,6 +46,9 @@ func Start(conf common.Conf, db *sql.DB) *gin.Engine {
 			gv1.POST("/friends/del", Method(v1.FriendsDelPOST, db, common.PrivilegeWrite))
 			gv1.GET("/friends/del/:id", Method(v1.FriendsDelGET, db, common.PrivilegeWrite))

+			// Admin: user managing
+			gv1.POST("/users/manage/set_allowed", Method(v1.UserManageSetAllowedPOST, db, common.PrivilegeManageUser))
+
 			// M E T A
 			// E     T    "wow thats so meta"
 			// T     E                  -- the one who said "wow thats so meta"
--- a/app/v1/friend.go
+++ b/app/v1/friend.go
@ -150,8 +150,7 @@ func FriendsAddPOST(md common.MethodData) (r common.Response) {
 	d := friendAddPOSTData{}
 	err := md.RequestData.Unmarshal(&d)
 	if err != nil {
-		md.Err(err)
-		r = Err500
+		r = ErrBadJSON
 		return
 	}
 	return addFriend(md, d.UserID)
@ -196,7 +195,7 @@ func addFriend(md common.MethodData, u int) (r common.Response) {

 // userExists makes sure an user exists.
 func userExists(md common.MethodData, u int) (r bool) {
-	err := md.DB.QueryRow("SELECT EXISTS(SELECT 1 FROM users WHERE id = ?)", u).Scan(&r)
+	err := md.DB.QueryRow("SELECT EXISTS(SELECT 1 FROM users WHERE id = ? AND users.allowed='1')", u).Scan(&r)
 	if err != nil && err != sql.ErrNoRows {
 		md.Err(err)
 	}
@ -221,8 +220,7 @@ func FriendsDelPOST(md common.MethodData) (r common.Response) {
 	d := friendAddPOSTData{}
 	err := md.RequestData.Unmarshal(&d)
 	if err != nil {
-		md.Err(err)
-		r = Err500
+		r = ErrBadJSON
 		return
 	}
 	return delFriend(md, d.UserID)
--- a/app/v1/manage_user.go
+++ b/app/v1/manage_user.go
@ -0,0 +1,39 @@
+package v1
+
+import "github.com/osuripple/api/common"
+
+type setAllowedData struct {
+	UserID  int `json:"user_id"`
+	Allowed int `json:"allowed"`
+}
+
+// UserManageSetAllowedPOST allows to set the allowed status of an user.
+func UserManageSetAllowedPOST(md common.MethodData) (r common.Response) {
+	data := setAllowedData{}
+	if err := md.RequestData.Unmarshal(&data); err != nil {
+		r = ErrBadJSON
+		return
+	}
+	if data.Allowed < 0 || data.Allowed > 2 {
+		r.Code = 400
+		r.Message = "Allowed status must be between 0 and 2"
+		return
+	}
+	_, err := md.DB.Exec("UPDATE users SET allowed = ? WHERE id = ?", data.Allowed, data.UserID)
+	if err != nil {
+		md.Err(err)
+		r = Err500
+		return
+	}
+	query := `
+SELECT users.id, users.username, register_datetime, rank,
+	latest_activity, users_stats.username_aka,
+	users_stats.country, users_stats.show_country
+FROM users
+LEFT JOIN users_stats
+ON users.id=users_stats.id
+WHERE users.id=?
+LIMIT 1`
+	r = userPuts(md, md.DB.QueryRow(query, data.UserID))
+	return
+}
--- a/app/v1/user.go
+++ b/app/v1/user.go
@ -45,7 +45,7 @@ SELECT users.id, users.username, register_datetime, rank,
 FROM users
 LEFT JOIN users_stats
 ON users.id=users_stats.id
-WHERE users.id=?
+WHERE users.id=? AND users.allowed='1'
 LIMIT 1`
 	r = userPuts(md, md.DB.QueryRow(query, uid))
 	return
@ -62,7 +62,7 @@ SELECT users.id, users.username, register_datetime, rank,
 FROM users
 LEFT JOIN users_stats
 ON users.id=users_stats.id
-WHERE users.username=?
+WHERE users.username=? AND users.allowed='1'
 LIMIT 1`
 	r = userPuts(md, md.DB.QueryRow(query, username))
 	return