236 lines
6.3 KiB
Go
236 lines
6.3 KiB
Go
package api
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
"net/url"
|
|
|
|
"carcontrol/api/internal/models"
|
|
)
|
|
|
|
// Access levels a user can have on a car. accessNone means no access at all.
|
|
const (
|
|
accessNone = ""
|
|
accessRead = "read"
|
|
accessWrite = "write"
|
|
accessOwner = "owner"
|
|
)
|
|
|
|
// carAccessLevel reports the requesting user's permission on a car: "owner" if
|
|
// they own it, otherwise the permission from any car_shares grant ("read"/
|
|
// "write"), otherwise "" (no access). It also returns the car record so callers
|
|
// that already need it avoid a second fetch.
|
|
func (s *Server) carAccessLevel(ctx context.Context, userID, carID string) (string, *carRecord, error) {
|
|
var rec carRecord
|
|
if err := s.pb.GetOne(ctx, colCars, carID, &rec); err != nil {
|
|
return accessNone, nil, err
|
|
}
|
|
if rec.Owner == userID {
|
|
return accessOwner, &rec, nil
|
|
}
|
|
perm, err := s.sharePermission(ctx, carID, userID)
|
|
if err != nil {
|
|
return accessNone, &rec, err
|
|
}
|
|
return perm, &rec, nil
|
|
}
|
|
|
|
// sharePermission returns the permission ("read"/"write") granted to userID on
|
|
// carID via car_shares, or "" if there is no grant.
|
|
func (s *Server) sharePermission(ctx context.Context, carID, userID string) (string, error) {
|
|
res, err := s.pb.List(ctx, colShares, url.Values{
|
|
"filter": {fmt.Sprintf("car='%s' && user='%s'", carID, userID)},
|
|
"perPage": {"1"},
|
|
})
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
var recs []shareRecord
|
|
if err := json.Unmarshal(res.Items, &recs); err != nil || len(recs) == 0 {
|
|
return "", err
|
|
}
|
|
return recs[0].Permission, nil
|
|
}
|
|
|
|
func canWrite(level string) bool { return level == accessOwner || level == accessWrite }
|
|
|
|
// requireCarAccess enforces that the current user's access to carID meets the
|
|
// minimum `need` (accessRead = any access, accessWrite = write or owner,
|
|
// accessOwner = owner only). On failure it writes the HTTP response and returns
|
|
// false, so callers can `if !s.requireCarAccess(...) { return }`.
|
|
func (s *Server) requireCarAccess(w http.ResponseWriter, r *http.Request, carID, need string) bool {
|
|
if carID == "" {
|
|
writeError(w, http.StatusBadRequest, "car is required")
|
|
return false
|
|
}
|
|
level, _, err := s.carAccessLevel(r.Context(), s.currentUserID(r), carID)
|
|
if err != nil {
|
|
writePBError(w, err)
|
|
return false
|
|
}
|
|
var ok bool
|
|
switch need {
|
|
case accessWrite:
|
|
ok = canWrite(level)
|
|
case accessOwner:
|
|
ok = level == accessOwner
|
|
default: // accessRead / any
|
|
ok = level != accessNone
|
|
}
|
|
if !ok {
|
|
writeError(w, http.StatusForbidden, "you do not have access to this car")
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
|
|
func (s *Server) listCars(w http.ResponseWriter, r *http.Request) {
|
|
me := s.currentUserID(r)
|
|
|
|
// Cars the user owns.
|
|
ownedRes, err := s.pb.List(r.Context(), colCars, url.Values{
|
|
"filter": {fmt.Sprintf("owner='%s'", me)},
|
|
"sort": {"name"},
|
|
"perPage": {"200"},
|
|
})
|
|
if err != nil {
|
|
writePBError(w, err)
|
|
return
|
|
}
|
|
var owned []carRecord
|
|
if err := json.Unmarshal(ownedRes.Items, &owned); err != nil {
|
|
writeError(w, http.StatusInternalServerError, err.Error())
|
|
return
|
|
}
|
|
|
|
out := make([]models.Car, 0, len(owned))
|
|
for _, rec := range owned {
|
|
m := rec.toModel()
|
|
m.Access = accessOwner
|
|
out = append(out, m)
|
|
}
|
|
|
|
// Cars shared with the user (each grant → fetch the car, annotate access).
|
|
sharesRes, err := s.pb.List(r.Context(), colShares, url.Values{
|
|
"filter": {fmt.Sprintf("user='%s'", me)},
|
|
"perPage": {"200"},
|
|
})
|
|
if err != nil {
|
|
writePBError(w, err)
|
|
return
|
|
}
|
|
var shares []shareRecord
|
|
if err := json.Unmarshal(sharesRes.Items, &shares); err != nil {
|
|
writeError(w, http.StatusInternalServerError, err.Error())
|
|
return
|
|
}
|
|
for _, sh := range shares {
|
|
var rec carRecord
|
|
if err := s.pb.GetOne(r.Context(), colCars, sh.Car, &rec); err != nil {
|
|
continue // grant points at a deleted car; skip defensively
|
|
}
|
|
m := rec.toModel()
|
|
m.Access = sh.Permission
|
|
out = append(out, m)
|
|
}
|
|
|
|
writeJSON(w, http.StatusOK, out)
|
|
}
|
|
|
|
func (s *Server) getCar(w http.ResponseWriter, r *http.Request) {
|
|
level, rec, err := s.carAccessLevel(r.Context(), s.currentUserID(r), r.PathValue("id"))
|
|
if err != nil {
|
|
writePBError(w, err)
|
|
return
|
|
}
|
|
if level == accessNone {
|
|
writeError(w, http.StatusForbidden, "you do not have access to this car")
|
|
return
|
|
}
|
|
m := rec.toModel()
|
|
m.Access = level
|
|
writeJSON(w, http.StatusOK, m)
|
|
}
|
|
|
|
func (s *Server) createCar(w http.ResponseWriter, r *http.Request) {
|
|
var in models.Car
|
|
if err := decodeJSON(r, &in); err != nil {
|
|
writeError(w, http.StatusBadRequest, err.Error())
|
|
return
|
|
}
|
|
if in.Name == "" {
|
|
writeError(w, http.StatusBadRequest, "name is required")
|
|
return
|
|
}
|
|
applyCarDefaults(&in)
|
|
|
|
// Owner is always the authenticated user; ignore any client-supplied owner.
|
|
payload := carPayload(in)
|
|
payload["owner"] = s.currentUserID(r)
|
|
|
|
var rec carRecord
|
|
if err := s.pb.Create(r.Context(), colCars, payload, &rec); err != nil {
|
|
writePBError(w, err)
|
|
return
|
|
}
|
|
m := rec.toModel()
|
|
m.Access = accessOwner
|
|
writeJSON(w, http.StatusCreated, m)
|
|
}
|
|
|
|
func (s *Server) updateCar(w http.ResponseWriter, r *http.Request) {
|
|
var in models.Car
|
|
if err := decodeJSON(r, &in); err != nil {
|
|
writeError(w, http.StatusBadRequest, err.Error())
|
|
return
|
|
}
|
|
level, _, err := s.carAccessLevel(r.Context(), s.currentUserID(r), r.PathValue("id"))
|
|
if err != nil {
|
|
writePBError(w, err)
|
|
return
|
|
}
|
|
if !canWrite(level) {
|
|
writeError(w, http.StatusForbidden, "you cannot edit this car")
|
|
return
|
|
}
|
|
// carPayload deliberately omits owner, so a PATCH never reassigns ownership.
|
|
var rec carRecord
|
|
if err := s.pb.Update(r.Context(), colCars, r.PathValue("id"), carPayload(in), &rec); err != nil {
|
|
writePBError(w, err)
|
|
return
|
|
}
|
|
m := rec.toModel()
|
|
m.Access = level
|
|
writeJSON(w, http.StatusOK, m)
|
|
}
|
|
|
|
func (s *Server) deleteCar(w http.ResponseWriter, r *http.Request) {
|
|
level, _, err := s.carAccessLevel(r.Context(), s.currentUserID(r), r.PathValue("id"))
|
|
if err != nil {
|
|
writePBError(w, err)
|
|
return
|
|
}
|
|
if level != accessOwner {
|
|
writeError(w, http.StatusForbidden, "only the owner can delete this car")
|
|
return
|
|
}
|
|
if err := s.pb.Delete(r.Context(), colCars, r.PathValue("id")); err != nil {
|
|
writePBError(w, err)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
|
|
// applyCarDefaults fills the spreadsheet's default maintenance intervals when
|
|
// the client didn't specify them.
|
|
func applyCarDefaults(c *models.Car) {
|
|
if c.ServiceIntervalDays <= 0 {
|
|
c.ServiceIntervalDays = 365
|
|
}
|
|
if c.ServiceIntervalKm <= 0 {
|
|
c.ServiceIntervalKm = 15000
|
|
}
|
|
}
|