Initial commit
This commit is contained in:
@@ -0,0 +1,235 @@
|
||||
package api
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
|
||||
"carcontrol/api/internal/models"
|
||||
)
|
||||
|
||||
// Access levels a user can have on a car. accessNone means no access at all.
|
||||
const (
|
||||
accessNone = ""
|
||||
accessRead = "read"
|
||||
accessWrite = "write"
|
||||
accessOwner = "owner"
|
||||
)
|
||||
|
||||
// carAccessLevel reports the requesting user's permission on a car: "owner" if
|
||||
// they own it, otherwise the permission from any car_shares grant ("read"/
|
||||
// "write"), otherwise "" (no access). It also returns the car record so callers
|
||||
// that already need it avoid a second fetch.
|
||||
func (s *Server) carAccessLevel(ctx context.Context, userID, carID string) (string, *carRecord, error) {
|
||||
var rec carRecord
|
||||
if err := s.pb.GetOne(ctx, colCars, carID, &rec); err != nil {
|
||||
return accessNone, nil, err
|
||||
}
|
||||
if rec.Owner == userID {
|
||||
return accessOwner, &rec, nil
|
||||
}
|
||||
perm, err := s.sharePermission(ctx, carID, userID)
|
||||
if err != nil {
|
||||
return accessNone, &rec, err
|
||||
}
|
||||
return perm, &rec, nil
|
||||
}
|
||||
|
||||
// sharePermission returns the permission ("read"/"write") granted to userID on
|
||||
// carID via car_shares, or "" if there is no grant.
|
||||
func (s *Server) sharePermission(ctx context.Context, carID, userID string) (string, error) {
|
||||
res, err := s.pb.List(ctx, colShares, url.Values{
|
||||
"filter": {fmt.Sprintf("car='%s' && user='%s'", carID, userID)},
|
||||
"perPage": {"1"},
|
||||
})
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
var recs []shareRecord
|
||||
if err := json.Unmarshal(res.Items, &recs); err != nil || len(recs) == 0 {
|
||||
return "", err
|
||||
}
|
||||
return recs[0].Permission, nil
|
||||
}
|
||||
|
||||
func canWrite(level string) bool { return level == accessOwner || level == accessWrite }
|
||||
|
||||
// requireCarAccess enforces that the current user's access to carID meets the
|
||||
// minimum `need` (accessRead = any access, accessWrite = write or owner,
|
||||
// accessOwner = owner only). On failure it writes the HTTP response and returns
|
||||
// false, so callers can `if !s.requireCarAccess(...) { return }`.
|
||||
func (s *Server) requireCarAccess(w http.ResponseWriter, r *http.Request, carID, need string) bool {
|
||||
if carID == "" {
|
||||
writeError(w, http.StatusBadRequest, "car is required")
|
||||
return false
|
||||
}
|
||||
level, _, err := s.carAccessLevel(r.Context(), s.currentUserID(r), carID)
|
||||
if err != nil {
|
||||
writePBError(w, err)
|
||||
return false
|
||||
}
|
||||
var ok bool
|
||||
switch need {
|
||||
case accessWrite:
|
||||
ok = canWrite(level)
|
||||
case accessOwner:
|
||||
ok = level == accessOwner
|
||||
default: // accessRead / any
|
||||
ok = level != accessNone
|
||||
}
|
||||
if !ok {
|
||||
writeError(w, http.StatusForbidden, "you do not have access to this car")
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
func (s *Server) listCars(w http.ResponseWriter, r *http.Request) {
|
||||
me := s.currentUserID(r)
|
||||
|
||||
// Cars the user owns.
|
||||
ownedRes, err := s.pb.List(r.Context(), colCars, url.Values{
|
||||
"filter": {fmt.Sprintf("owner='%s'", me)},
|
||||
"sort": {"name"},
|
||||
"perPage": {"200"},
|
||||
})
|
||||
if err != nil {
|
||||
writePBError(w, err)
|
||||
return
|
||||
}
|
||||
var owned []carRecord
|
||||
if err := json.Unmarshal(ownedRes.Items, &owned); err != nil {
|
||||
writeError(w, http.StatusInternalServerError, err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
out := make([]models.Car, 0, len(owned))
|
||||
for _, rec := range owned {
|
||||
m := rec.toModel()
|
||||
m.Access = accessOwner
|
||||
out = append(out, m)
|
||||
}
|
||||
|
||||
// Cars shared with the user (each grant → fetch the car, annotate access).
|
||||
sharesRes, err := s.pb.List(r.Context(), colShares, url.Values{
|
||||
"filter": {fmt.Sprintf("user='%s'", me)},
|
||||
"perPage": {"200"},
|
||||
})
|
||||
if err != nil {
|
||||
writePBError(w, err)
|
||||
return
|
||||
}
|
||||
var shares []shareRecord
|
||||
if err := json.Unmarshal(sharesRes.Items, &shares); err != nil {
|
||||
writeError(w, http.StatusInternalServerError, err.Error())
|
||||
return
|
||||
}
|
||||
for _, sh := range shares {
|
||||
var rec carRecord
|
||||
if err := s.pb.GetOne(r.Context(), colCars, sh.Car, &rec); err != nil {
|
||||
continue // grant points at a deleted car; skip defensively
|
||||
}
|
||||
m := rec.toModel()
|
||||
m.Access = sh.Permission
|
||||
out = append(out, m)
|
||||
}
|
||||
|
||||
writeJSON(w, http.StatusOK, out)
|
||||
}
|
||||
|
||||
func (s *Server) getCar(w http.ResponseWriter, r *http.Request) {
|
||||
level, rec, err := s.carAccessLevel(r.Context(), s.currentUserID(r), r.PathValue("id"))
|
||||
if err != nil {
|
||||
writePBError(w, err)
|
||||
return
|
||||
}
|
||||
if level == accessNone {
|
||||
writeError(w, http.StatusForbidden, "you do not have access to this car")
|
||||
return
|
||||
}
|
||||
m := rec.toModel()
|
||||
m.Access = level
|
||||
writeJSON(w, http.StatusOK, m)
|
||||
}
|
||||
|
||||
func (s *Server) createCar(w http.ResponseWriter, r *http.Request) {
|
||||
var in models.Car
|
||||
if err := decodeJSON(r, &in); err != nil {
|
||||
writeError(w, http.StatusBadRequest, err.Error())
|
||||
return
|
||||
}
|
||||
if in.Name == "" {
|
||||
writeError(w, http.StatusBadRequest, "name is required")
|
||||
return
|
||||
}
|
||||
applyCarDefaults(&in)
|
||||
|
||||
// Owner is always the authenticated user; ignore any client-supplied owner.
|
||||
payload := carPayload(in)
|
||||
payload["owner"] = s.currentUserID(r)
|
||||
|
||||
var rec carRecord
|
||||
if err := s.pb.Create(r.Context(), colCars, payload, &rec); err != nil {
|
||||
writePBError(w, err)
|
||||
return
|
||||
}
|
||||
m := rec.toModel()
|
||||
m.Access = accessOwner
|
||||
writeJSON(w, http.StatusCreated, m)
|
||||
}
|
||||
|
||||
func (s *Server) updateCar(w http.ResponseWriter, r *http.Request) {
|
||||
var in models.Car
|
||||
if err := decodeJSON(r, &in); err != nil {
|
||||
writeError(w, http.StatusBadRequest, err.Error())
|
||||
return
|
||||
}
|
||||
level, _, err := s.carAccessLevel(r.Context(), s.currentUserID(r), r.PathValue("id"))
|
||||
if err != nil {
|
||||
writePBError(w, err)
|
||||
return
|
||||
}
|
||||
if !canWrite(level) {
|
||||
writeError(w, http.StatusForbidden, "you cannot edit this car")
|
||||
return
|
||||
}
|
||||
// carPayload deliberately omits owner, so a PATCH never reassigns ownership.
|
||||
var rec carRecord
|
||||
if err := s.pb.Update(r.Context(), colCars, r.PathValue("id"), carPayload(in), &rec); err != nil {
|
||||
writePBError(w, err)
|
||||
return
|
||||
}
|
||||
m := rec.toModel()
|
||||
m.Access = level
|
||||
writeJSON(w, http.StatusOK, m)
|
||||
}
|
||||
|
||||
func (s *Server) deleteCar(w http.ResponseWriter, r *http.Request) {
|
||||
level, _, err := s.carAccessLevel(r.Context(), s.currentUserID(r), r.PathValue("id"))
|
||||
if err != nil {
|
||||
writePBError(w, err)
|
||||
return
|
||||
}
|
||||
if level != accessOwner {
|
||||
writeError(w, http.StatusForbidden, "only the owner can delete this car")
|
||||
return
|
||||
}
|
||||
if err := s.pb.Delete(r.Context(), colCars, r.PathValue("id")); err != nil {
|
||||
writePBError(w, err)
|
||||
return
|
||||
}
|
||||
w.WriteHeader(http.StatusNoContent)
|
||||
}
|
||||
|
||||
// applyCarDefaults fills the spreadsheet's default maintenance intervals when
|
||||
// the client didn't specify them.
|
||||
func applyCarDefaults(c *models.Car) {
|
||||
if c.ServiceIntervalDays <= 0 {
|
||||
c.ServiceIntervalDays = 365
|
||||
}
|
||||
if c.ServiceIntervalKm <= 0 {
|
||||
c.ServiceIntervalKm = 15000
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user