From c4e03dc189e6adfd8ca3a14ba848ed3bfa09c7a3 Mon Sep 17 00:00:00 2001 From: Howl Date: Tue, 12 Apr 2016 21:41:08 +0200 Subject: [PATCH] Yay banning people! --- app/start.go | 3 +++ app/v1/friend.go | 8 +++----- app/v1/manage_user.go | 39 +++++++++++++++++++++++++++++++++++++++ app/v1/user.go | 4 ++-- 4 files changed, 47 insertions(+), 7 deletions(-) create mode 100644 app/v1/manage_user.go diff --git a/app/start.go b/app/start.go index 43f28c5..380861f 100644 --- a/app/start.go +++ b/app/start.go @@ -46,6 +46,9 @@ func Start(conf common.Conf, db *sql.DB) *gin.Engine { gv1.POST("/friends/del", Method(v1.FriendsDelPOST, db, common.PrivilegeWrite)) gv1.GET("/friends/del/:id", Method(v1.FriendsDelGET, db, common.PrivilegeWrite)) + // Admin: user managing + gv1.POST("/users/manage/set_allowed", Method(v1.UserManageSetAllowedPOST, db, common.PrivilegeManageUser)) + // M E T A // E T "wow thats so meta" // T E -- the one who said "wow thats so meta" diff --git a/app/v1/friend.go b/app/v1/friend.go index e0e4acc..badc3ae 100644 --- a/app/v1/friend.go +++ b/app/v1/friend.go @@ -150,8 +150,7 @@ func FriendsAddPOST(md common.MethodData) (r common.Response) { d := friendAddPOSTData{} err := md.RequestData.Unmarshal(&d) if err != nil { - md.Err(err) - r = Err500 + r = ErrBadJSON return } return addFriend(md, d.UserID) @@ -196,7 +195,7 @@ func addFriend(md common.MethodData, u int) (r common.Response) { // userExists makes sure an user exists. func userExists(md common.MethodData, u int) (r bool) { - err := md.DB.QueryRow("SELECT EXISTS(SELECT 1 FROM users WHERE id = ?)", u).Scan(&r) + err := md.DB.QueryRow("SELECT EXISTS(SELECT 1 FROM users WHERE id = ? AND users.allowed='1')", u).Scan(&r) if err != nil && err != sql.ErrNoRows { md.Err(err) } @@ -221,8 +220,7 @@ func FriendsDelPOST(md common.MethodData) (r common.Response) { d := friendAddPOSTData{} err := md.RequestData.Unmarshal(&d) if err != nil { - md.Err(err) - r = Err500 + r = ErrBadJSON return } return delFriend(md, d.UserID) diff --git a/app/v1/manage_user.go b/app/v1/manage_user.go new file mode 100644 index 0000000..0d83082 --- /dev/null +++ b/app/v1/manage_user.go @@ -0,0 +1,39 @@ +package v1 + +import "github.com/osuripple/api/common" + +type setAllowedData struct { + UserID int `json:"user_id"` + Allowed int `json:"allowed"` +} + +// UserManageSetAllowedPOST allows to set the allowed status of an user. +func UserManageSetAllowedPOST(md common.MethodData) (r common.Response) { + data := setAllowedData{} + if err := md.RequestData.Unmarshal(&data); err != nil { + r = ErrBadJSON + return + } + if data.Allowed < 0 || data.Allowed > 2 { + r.Code = 400 + r.Message = "Allowed status must be between 0 and 2" + return + } + _, err := md.DB.Exec("UPDATE users SET allowed = ? WHERE id = ?", data.Allowed, data.UserID) + if err != nil { + md.Err(err) + r = Err500 + return + } + query := ` +SELECT users.id, users.username, register_datetime, rank, + latest_activity, users_stats.username_aka, + users_stats.country, users_stats.show_country +FROM users +LEFT JOIN users_stats +ON users.id=users_stats.id +WHERE users.id=? +LIMIT 1` + r = userPuts(md, md.DB.QueryRow(query, data.UserID)) + return +} diff --git a/app/v1/user.go b/app/v1/user.go index ee94d64..2db14ac 100644 --- a/app/v1/user.go +++ b/app/v1/user.go @@ -45,7 +45,7 @@ SELECT users.id, users.username, register_datetime, rank, FROM users LEFT JOIN users_stats ON users.id=users_stats.id -WHERE users.id=? +WHERE users.id=? AND users.allowed='1' LIMIT 1` r = userPuts(md, md.DB.QueryRow(query, uid)) return @@ -62,7 +62,7 @@ SELECT users.id, users.username, register_datetime, rank, FROM users LEFT JOIN users_stats ON users.id=users_stats.id -WHERE users.username=? +WHERE users.username=? AND users.allowed='1' LIMIT 1` r = userPuts(md, md.DB.QueryRow(query, username)) return