diff options
| author |   Max Magorsch <arzano@gentoo.org> | 2020-04-18 02:38:35 +0200 |
|---|---|---|
| committer | Max Magorsch <arzano@gentoo.org> | 2020-04-18 02:50:54 +0200 |
| commit | 35a41e63ebd5f6cf9d17419c150eb53a005d2e87 (patch) | |
| tree | e0bcc21bbb1e7e200857cfbd52acb82b008a3a6d /pkg/app/handler/glsa/comments.go | |
| parent | Display version and last update in the footer (diff) | |
| download | glsamaker-35a41e63ebd5f6cf9d17419c150eb53a005d2e87.tar.gz glsamaker-35a41e63ebd5f6cf9d17419c150eb53a005d2e87.tar.bz2 glsamaker-35a41e63ebd5f6cf9d17419c150eb53a005d2e87.zip | |
Add the initial version of the rewritten glsamaker
The glsamaker has been completly rewritten in go. It is
using postgres instead of mysql now. The look and feel is
based on tyrian.
Signed-off-by: Max Magorsch <arzano@gentoo.org>
Diffstat (limited to 'pkg/app/handler/glsa/comments.go')
| -rw-r--r-- | pkg/app/handler/glsa/comments.go | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/pkg/app/handler/glsa/comments.go b/pkg/app/handler/glsa/comments.go new file mode 100644 index 0000000..9412b62 --- /dev/null +++ b/pkg/app/handler/glsa/comments.go @@ -0,0 +1,110 @@ +package glsa + +import ( + "glsamaker/pkg/app/handler/authentication" + "glsamaker/pkg/app/handler/authentication/utils" + "glsamaker/pkg/database/connection" + "glsamaker/pkg/logger" + "glsamaker/pkg/models" + "glsamaker/pkg/models/cve" + "glsamaker/pkg/models/users" + "encoding/json" + "errors" + "net/http" + "strconv" + "time" +) + +// Show renders a template to show the landing page of the application +func AddComment(w http.ResponseWriter, r *http.Request) { + + user := utils.GetAuthenticatedUser(r) + + if !user.Permissions.Glsa.Comment { + authentication.AccessDenied(w, r) + return + } + + if !user.CanEditCVEs() { + w.Write([]byte("err")) + return + } + + id, comment, commentType, err := getParams(r) + + newComment, err := AddNewCommment(id, user, comment, commentType) + + if err != nil { + logger.Info.Println("Err") + logger.Info.Println(err) + w.Write([]byte("err")) + return + } + + newCommentString, _ := json.Marshal(newComment) + + w.Write(newCommentString) + +} + +func AddNewCommment(id string, user *users.User, comment string, commentType string) (cve.Comment, error) { + + glsaID, err := strconv.ParseInt(id, 10, 64) + + if err != nil { + return cve.Comment{}, err + } + + glsa := &models.Glsa{Id: glsaID} + err = user.CanAccess(connection.DB.Model(glsa).WherePK()).Select() + + if err != nil { + return cve.Comment{}, err + } + + // TODO: VALIDATE !! + + if commentType == "approve" && !user.Permissions.Glsa.Approve { + return cve.Comment{}, errors.New("ACCESS DENIED") + } else if commentType == "approve" && glsa.CreatorId == user.Id && !user.Permissions.Glsa.ApproveOwnGlsa { + return cve.Comment{}, errors.New("ACCESS DENIED") + } else if commentType == "decline" && !user.Permissions.Glsa.Decline { + return cve.Comment{}, errors.New("ACCESS DENIED") + } + + if commentType == "approve" { + glsa.ApprovedBy = append(glsa.ApprovedBy, user.Id) + _, err = connection.DB.Model(glsa).Column("approved_by").WherePK().Update() + } else if commentType == "decline" { + glsa.DeclinedBy = append(glsa.DeclinedBy, user.Id) + _, err = connection.DB.Model(glsa).Column("declined_by").WherePK().Update() + } + + newComment := cve.Comment{ + GlsaId: glsaID, + User: user.Id, + UserBadge: user.Badge, + Type: commentType, + Message: comment, + Date: time.Now(), + } + + glsa.Comments = append(glsa.Comments, newComment) + + //_, err = connection.DB.Model(glsa).Column("comments").WherePK().Update() + _, err = connection.DB.Model(&newComment).Insert() + + return newComment, err + +} + +func getParams(r *http.Request) (string, string, string, error) { + err := r.ParseForm() + if err != nil { + return "", "", "", err + } + id := r.Form.Get("glsaid") + comment := r.Form.Get("comment") + commentType := r.Form.Get("commentType") + return id, comment, commentType, err +} |