package api import ( "context" "encoding/json" "fmt" "net/http" "net/url" "carcontrol/api/internal/models" ) // Access levels a user can have on a car. accessNone means no access at all. const ( accessNone = "" accessRead = "read" accessWrite = "write" accessOwner = "owner" ) // carAccessLevel reports the requesting user's permission on a car: "owner" if // they own it, otherwise the permission from any car_shares grant ("read"/ // "write"), otherwise "" (no access). It also returns the car record so callers // that already need it avoid a second fetch. func (s *Server) carAccessLevel(ctx context.Context, userID, carID string) (string, *carRecord, error) { var rec carRecord if err := s.pb.GetOne(ctx, colCars, carID, &rec); err != nil { return accessNone, nil, err } if rec.Owner == userID { return accessOwner, &rec, nil } perm, err := s.sharePermission(ctx, carID, userID) if err != nil { return accessNone, &rec, err } return perm, &rec, nil } // sharePermission returns the permission ("read"/"write") granted to userID on // carID via car_shares, or "" if there is no grant. func (s *Server) sharePermission(ctx context.Context, carID, userID string) (string, error) { res, err := s.pb.List(ctx, colShares, url.Values{ "filter": {fmt.Sprintf("car='%s' && user='%s'", carID, userID)}, "perPage": {"1"}, }) if err != nil { return "", err } var recs []shareRecord if err := json.Unmarshal(res.Items, &recs); err != nil || len(recs) == 0 { return "", err } return recs[0].Permission, nil } func canWrite(level string) bool { return level == accessOwner || level == accessWrite } // requireCarAccess enforces that the current user's access to carID meets the // minimum `need` (accessRead = any access, accessWrite = write or owner, // accessOwner = owner only). On failure it writes the HTTP response and returns // false, so callers can `if !s.requireCarAccess(...) { return }`. func (s *Server) requireCarAccess(w http.ResponseWriter, r *http.Request, carID, need string) bool { if carID == "" { writeError(w, http.StatusBadRequest, "car is required") return false } level, _, err := s.carAccessLevel(r.Context(), s.currentUserID(r), carID) if err != nil { writePBError(w, err) return false } var ok bool switch need { case accessWrite: ok = canWrite(level) case accessOwner: ok = level == accessOwner default: // accessRead / any ok = level != accessNone } if !ok { writeError(w, http.StatusForbidden, "you do not have access to this car") return false } return true } func (s *Server) listCars(w http.ResponseWriter, r *http.Request) { me := s.currentUserID(r) // Cars the user owns. ownedRes, err := s.pb.List(r.Context(), colCars, url.Values{ "filter": {fmt.Sprintf("owner='%s'", me)}, "sort": {"name"}, "perPage": {"200"}, }) if err != nil { writePBError(w, err) return } var owned []carRecord if err := json.Unmarshal(ownedRes.Items, &owned); err != nil { writeError(w, http.StatusInternalServerError, err.Error()) return } out := make([]models.Car, 0, len(owned)) for _, rec := range owned { m := rec.toModel() m.Access = accessOwner out = append(out, m) } // Cars shared with the user (each grant → fetch the car, annotate access). sharesRes, err := s.pb.List(r.Context(), colShares, url.Values{ "filter": {fmt.Sprintf("user='%s'", me)}, "perPage": {"200"}, }) if err != nil { writePBError(w, err) return } var shares []shareRecord if err := json.Unmarshal(sharesRes.Items, &shares); err != nil { writeError(w, http.StatusInternalServerError, err.Error()) return } for _, sh := range shares { var rec carRecord if err := s.pb.GetOne(r.Context(), colCars, sh.Car, &rec); err != nil { continue // grant points at a deleted car; skip defensively } m := rec.toModel() m.Access = sh.Permission out = append(out, m) } writeJSON(w, http.StatusOK, out) } func (s *Server) getCar(w http.ResponseWriter, r *http.Request) { level, rec, err := s.carAccessLevel(r.Context(), s.currentUserID(r), r.PathValue("id")) if err != nil { writePBError(w, err) return } if level == accessNone { writeError(w, http.StatusForbidden, "you do not have access to this car") return } m := rec.toModel() m.Access = level writeJSON(w, http.StatusOK, m) } func (s *Server) createCar(w http.ResponseWriter, r *http.Request) { var in models.Car if err := decodeJSON(r, &in); err != nil { writeError(w, http.StatusBadRequest, err.Error()) return } if in.Name == "" { writeError(w, http.StatusBadRequest, "name is required") return } applyCarDefaults(&in) // Owner is always the authenticated user; ignore any client-supplied owner. payload := carPayload(in) payload["owner"] = s.currentUserID(r) var rec carRecord if err := s.pb.Create(r.Context(), colCars, payload, &rec); err != nil { writePBError(w, err) return } m := rec.toModel() m.Access = accessOwner writeJSON(w, http.StatusCreated, m) } func (s *Server) updateCar(w http.ResponseWriter, r *http.Request) { var in models.Car if err := decodeJSON(r, &in); err != nil { writeError(w, http.StatusBadRequest, err.Error()) return } level, _, err := s.carAccessLevel(r.Context(), s.currentUserID(r), r.PathValue("id")) if err != nil { writePBError(w, err) return } if !canWrite(level) { writeError(w, http.StatusForbidden, "you cannot edit this car") return } // carPayload deliberately omits owner, so a PATCH never reassigns ownership. var rec carRecord if err := s.pb.Update(r.Context(), colCars, r.PathValue("id"), carPayload(in), &rec); err != nil { writePBError(w, err) return } m := rec.toModel() m.Access = level writeJSON(w, http.StatusOK, m) } func (s *Server) deleteCar(w http.ResponseWriter, r *http.Request) { level, _, err := s.carAccessLevel(r.Context(), s.currentUserID(r), r.PathValue("id")) if err != nil { writePBError(w, err) return } if level != accessOwner { writeError(w, http.StatusForbidden, "only the owner can delete this car") return } if err := s.pb.Delete(r.Context(), colCars, r.PathValue("id")); err != nil { writePBError(w, err) return } w.WriteHeader(http.StatusNoContent) } // applyCarDefaults fills the spreadsheet's default maintenance intervals when // the client didn't specify them. func applyCarDefaults(c *models.Car) { if c.ServiceIntervalDays <= 0 { c.ServiceIntervalDays = 365 } if c.ServiceIntervalKm <= 0 { c.ServiceIntervalKm = 15000 } }