Yay banning people!

This commit is contained in:
Howl 2016-04-12 21:41:08 +02:00
parent c108da9bb3
commit c4e03dc189
4 changed files with 47 additions and 7 deletions

View File

@ -46,6 +46,9 @@ func Start(conf common.Conf, db *sql.DB) *gin.Engine {
gv1.POST("/friends/del", Method(v1.FriendsDelPOST, db, common.PrivilegeWrite)) gv1.POST("/friends/del", Method(v1.FriendsDelPOST, db, common.PrivilegeWrite))
gv1.GET("/friends/del/:id", Method(v1.FriendsDelGET, db, common.PrivilegeWrite)) gv1.GET("/friends/del/:id", Method(v1.FriendsDelGET, db, common.PrivilegeWrite))
// Admin: user managing
gv1.POST("/users/manage/set_allowed", Method(v1.UserManageSetAllowedPOST, db, common.PrivilegeManageUser))
// M E T A // M E T A
// E T "wow thats so meta" // E T "wow thats so meta"
// T E -- the one who said "wow thats so meta" // T E -- the one who said "wow thats so meta"

View File

@ -150,8 +150,7 @@ func FriendsAddPOST(md common.MethodData) (r common.Response) {
d := friendAddPOSTData{} d := friendAddPOSTData{}
err := md.RequestData.Unmarshal(&d) err := md.RequestData.Unmarshal(&d)
if err != nil { if err != nil {
md.Err(err) r = ErrBadJSON
r = Err500
return return
} }
return addFriend(md, d.UserID) return addFriend(md, d.UserID)
@ -196,7 +195,7 @@ func addFriend(md common.MethodData, u int) (r common.Response) {
// userExists makes sure an user exists. // userExists makes sure an user exists.
func userExists(md common.MethodData, u int) (r bool) { func userExists(md common.MethodData, u int) (r bool) {
err := md.DB.QueryRow("SELECT EXISTS(SELECT 1 FROM users WHERE id = ?)", u).Scan(&r) err := md.DB.QueryRow("SELECT EXISTS(SELECT 1 FROM users WHERE id = ? AND users.allowed='1')", u).Scan(&r)
if err != nil && err != sql.ErrNoRows { if err != nil && err != sql.ErrNoRows {
md.Err(err) md.Err(err)
} }
@ -221,8 +220,7 @@ func FriendsDelPOST(md common.MethodData) (r common.Response) {
d := friendAddPOSTData{} d := friendAddPOSTData{}
err := md.RequestData.Unmarshal(&d) err := md.RequestData.Unmarshal(&d)
if err != nil { if err != nil {
md.Err(err) r = ErrBadJSON
r = Err500
return return
} }
return delFriend(md, d.UserID) return delFriend(md, d.UserID)

39
app/v1/manage_user.go Normal file
View File

@ -0,0 +1,39 @@
package v1
import "github.com/osuripple/api/common"
type setAllowedData struct {
UserID int `json:"user_id"`
Allowed int `json:"allowed"`
}
// UserManageSetAllowedPOST allows to set the allowed status of an user.
func UserManageSetAllowedPOST(md common.MethodData) (r common.Response) {
data := setAllowedData{}
if err := md.RequestData.Unmarshal(&data); err != nil {
r = ErrBadJSON
return
}
if data.Allowed < 0 || data.Allowed > 2 {
r.Code = 400
r.Message = "Allowed status must be between 0 and 2"
return
}
_, err := md.DB.Exec("UPDATE users SET allowed = ? WHERE id = ?", data.Allowed, data.UserID)
if err != nil {
md.Err(err)
r = Err500
return
}
query := `
SELECT users.id, users.username, register_datetime, rank,
latest_activity, users_stats.username_aka,
users_stats.country, users_stats.show_country
FROM users
LEFT JOIN users_stats
ON users.id=users_stats.id
WHERE users.id=?
LIMIT 1`
r = userPuts(md, md.DB.QueryRow(query, data.UserID))
return
}

View File

@ -45,7 +45,7 @@ SELECT users.id, users.username, register_datetime, rank,
FROM users FROM users
LEFT JOIN users_stats LEFT JOIN users_stats
ON users.id=users_stats.id ON users.id=users_stats.id
WHERE users.id=? WHERE users.id=? AND users.allowed='1'
LIMIT 1` LIMIT 1`
r = userPuts(md, md.DB.QueryRow(query, uid)) r = userPuts(md, md.DB.QueryRow(query, uid))
return return
@ -62,7 +62,7 @@ SELECT users.id, users.username, register_datetime, rank,
FROM users FROM users
LEFT JOIN users_stats LEFT JOIN users_stats
ON users.id=users_stats.id ON users.id=users_stats.id
WHERE users.username=? WHERE users.username=? AND users.allowed='1'
LIMIT 1` LIMIT 1`
r = userPuts(md, md.DB.QueryRow(query, username)) r = userPuts(md, md.DB.QueryRow(query, username))
return return