List item creation is now done via handler

2018-07-11 02:13:53 +02:00
parent b067425dc3
commit 592dc20af4
12 changed files with 114 additions and 18 deletions
--- a/models/crudable.go
+++ b/models/crudable.go
@ -2,7 +2,7 @@ package models

 // CRUDable defines the crud methods
 type CRUDable interface {
-	Create(*User) error
+	Create(*User, int64) error
 	ReadOne(int64) error
 	ReadAll(*User) (interface{}, error)
 	Update(int64, *User) error
--- a/models/error.go
+++ b/models/error.go
@ -159,6 +159,22 @@ func (err ErrNeedToBeListAdmin) Error() string {
 	return fmt.Sprintf("You need to be list owner to do that [ListID: %d, UserID: %d]", err.ListID, err.UserID)
 }

+// ErrNeedToBeListWriter represents an error, where the user is not the owner of that list (used i.e. when deleting a list)
+type ErrNeedToBeListWriter struct {
+	ListID int64
+	UserID int64
+}
+
+// IsErrNeedToBeListWriter checks if an error is a ErrListDoesNotExist.
+func IsErrNeedToBeListWriter(err error) bool {
+	_, ok := err.(ErrNeedToBeListWriter)
+	return ok
+}
+
+func (err ErrNeedToBeListWriter) Error() string {
+	return fmt.Sprintf("You need to have write acces to the list to do that [ListID: %d, UserID: %d]", err.ListID, err.UserID)
+}
+
 // ================
 // List item errors
 // ================
--- a/models/list_create_update.go
+++ b/models/list_create_update.go
@ -43,7 +43,7 @@ func (l *List) Update(id int64, doer *User) (err error) {
 }

 // Create implements the create method of CRUDable
-func (l *List) Create(doer *User) (err error) {
+func (l *List) Create(doer *User, id int64) (err error) {
 	// Check rights
 	user, _, err := GetUserByID(doer.ID)
 	if err != nil {
--- a/models/list_items.go
+++ b/models/list_items.go
@ -14,6 +14,9 @@ type ListItem struct {
 	Updated      int64  `xorm:"updated" json:"updated"`

 	CreatedBy User `xorm:"-" json:"createdBy"`
+
+	CRUDable `xorm:"-" json:"-"`
+	Rights   `xorm:"-" json:"-"`
 }

 // TableName returns the table name for listitems
--- a/models/list_items_create_update.go
+++ b/models/list_items_create_update.go
@ -38,3 +38,38 @@ func CreateOrUpdateListItem(item *ListItem) (newItem *ListItem, err error) {

 	return &finalItem, err
 }
+
+// Create is the implementation to create a list item
+func (i *ListItem) Create(doer *User, lID int64) (err error) {
+	i.ListID = lID
+
+	// Check rights
+	user, _, err := GetUserByID(doer.ID)
+	if err != nil {
+		return
+	}
+	i.CreatedBy = user // Needed because we return the full item object
+	i.CreatedByID = user.ID
+
+	// Get the list to check if the user has the right to write to that list
+	list, err := GetListByID(lID)
+	if err != nil {
+		return
+	}
+
+	if !list.CanWrite(&user) {
+		return ErrNeedToBeListWriter{ListID: lID, UserID: user.ID}
+	}
+
+	// Check if we have at least a text
+	if i.Text == "" {
+		return ErrListItemCannotBeEmpty{}
+	}
+
+	_, err = x.Insert(i)
+	if err != nil {
+		return
+	}
+
+	return
+}
--- a/models/lists.go
+++ b/models/lists.go
@ -90,5 +90,33 @@ func (l *List) IsAdmin(user *User) bool {
 	// Check Namespace rights
 	// TODO

+	// Check individual rights
+	// TODO
+
 	return false
 }
+
+// CanWrite return whether the user can write on that list or not
+func (l *List) CanWrite(user *User) bool {
+	// Admins always have write access
+	if l.IsAdmin(user) {
+		return true
+	}
+
+	// Owners always have write access
+	if l.Owner.ID == user.ID {
+		return true
+	}
+
+	// Check Namespace rights
+	// TODO
+	// TODO find a way to prioritize: what happens if a user has namespace write access but is not in that list?
+
+	// Check Team rights
+	// TODO
+
+	// Check individual rights
+	// TODO
+
+	return false
+}