github.com/saadullahsaeed/fragmenta-cms@v1.5.4/src/users/actions/update.go

github.com/saadullahsaeed/fragmenta-cms@v1.5.4/src/users/actions/update.go (about)

     1  package useractions
     2  
     3  import (
     4  	"net/http"
     5  
     6  	"github.com/fragmenta/auth"
     7  	"github.com/fragmenta/auth/can"
     8  	"github.com/fragmenta/mux"
     9  	"github.com/fragmenta/server"
    10  	"github.com/fragmenta/view"
    11  
    12  	"github.com/fragmenta/fragmenta-cms/src/lib/session"
    13  	"github.com/fragmenta/fragmenta-cms/src/users"
    14  )
    15  
    16  // HandleUpdateShow renders the form to update a user.
    17  func HandleUpdateShow(w http.ResponseWriter, r *http.Request) error {
    18  
    19  	// Get the user params for id
    20  	params, err := mux.Params(r)
    21  	if err != nil {
    22  		return server.InternalError(err)
    23  	}
    24  
    25  	// Find the user
    26  	user, err := users.Find(params.GetInt(users.KeyName))
    27  	if err != nil {
    28  		return server.NotFoundError(err)
    29  	}
    30  
    31  	// Authorise update user
    32  	currentUser := session.CurrentUser(w, r)
    33  	err = can.Update(user, currentUser)
    34  	if err != nil {
    35  		return server.NotAuthorizedError(err)
    36  	}
    37  
    38  	// Render the template
    39  	view := view.NewRenderer(w, r)
    40  	view.AddKey("currentUser", currentUser)
    41  	view.AddKey("user", user)
    42  	return view.Render()
    43  }
    44  
    45  // HandleUpdate handles the POST of the form to update a user
    46  func HandleUpdate(w http.ResponseWriter, r *http.Request) error {
    47  
    48  	// Get the user params for id
    49  	params, err := mux.Params(r)
    50  	if err != nil {
    51  		return server.InternalError(err)
    52  	}
    53  
    54  	// Find the user
    55  	user, err := users.Find(params.GetInt(users.KeyName))
    56  	if err != nil {
    57  		return server.NotFoundError(err)
    58  	}
    59  
    60  	// Check the authenticity token
    61  	err = session.CheckAuthenticity(w, r)
    62  	if err != nil {
    63  		return err
    64  	}
    65  
    66  	// Authorise update user
    67  	err = can.Update(user, user)
    68  	if err != nil {
    69  		return server.NotAuthorizedError(err)
    70  	}
    71  
    72  	// Convert the password param to a password_hash
    73  	hash, err := auth.HashPassword(params.Get("password"))
    74  	if err != nil {
    75  		return server.InternalError(err, "Problem hashing password")
    76  	}
    77  	params.SetString("password_hash", hash)
    78  
    79  	// Validate the params, removing any we don't accept
    80  	userParams := user.ValidateParams(params.Map(), users.AllowedParams())
    81  
    82  	err = user.Update(userParams)
    83  	if err != nil {
    84  		return server.InternalError(err)
    85  	}
    86  
    87  	// Redirect to user
    88  	return server.Redirect(w, r, user.ShowURL())
    89  }