aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Okay <okay@toyful.space>2022-02-15 16:52:31 -0600
committerColin Okay <okay@toyful.space>2022-02-15 16:52:31 -0600
commit23c61a347a5364159975345dcc47f095f15f326a (patch)
tree67cd0f09a9b359abf1926c95abbb6fb5ed10733e
parent4bb5e88cac5d9759f22c0601d2c0dfe593c46a5c (diff)
locking, unlocking, editing oneliner endpoints. admin only auth
-rw-r--r--src/main.lisp70
1 files changed, 64 insertions, 6 deletions
diff --git a/src/main.lisp b/src/main.lisp
index ee04b2b..1804267 100644
--- a/src/main.lisp
+++ b/src/main.lisp
@@ -234,7 +234,7 @@
:auth 'api-token-authorization)
(defun api-token-authorization ()
- ;; presently if the token merely exists then that's good enough.
+ "This request must be made with an API access token."
(request-contributor))
@@ -268,8 +268,38 @@
:brief brief))))
(defun flag-oneliner (oneliner &optional contributor)
- (db:with-transaction ()
- (setf (flagged-by oneliner) (or contributor :anonymous))))
+ "Flag a oneliner for review. If locked, ensure that CONTRIBUTOR is an admin. Returns T or NIL."
+ (when (or (not (lockedp oneliner)) (and contributor (adminp contributor)))
+ (db:with-transaction ()
+ (setf (flagged-by oneliner) (or contributor :anonymous))
+ t)))
+
+(defun lock-oneliner (oneliner contributor)
+ "Locks a oneliner. Only admins can lock and unlock."
+ (when (adminp contributor)
+ (db:with-transaction ()
+ (setf (lockedp oneliner) t))))
+
+(defun unlock-oneliner (oneliner contributor)
+ "Unlocks a oneliner. Only admins can lock and unlock."
+ (when (adminp contributor)
+ (db:with-transaction ()
+ (setf (lockedp oneliner) nil))))
+
+(defun edit-oneliner (ol contributor plist)
+ (when (or (not (lockedp ol)) (adminp contributor))
+ (with-plist
+ (oneliner tags brief description) plist
+ (db:with-transaction ()
+ (when oneliner
+ (setf (oneliner ol) oneliner))
+ (when tags
+ (setf (oneliner-tags ol) tags))
+ (when brief
+ (setf (oneliner-brief ol) brief))
+ (when description
+ (setf (oneliner-description ol) description))))))
+
;;; DATABASE QUERIES
@@ -365,6 +395,35 @@
(make-new-oneliner (request-contributor) (lzb:request-body))
"true")
+(defun admin-only ()
+ "The request requires an API access token.
+Only contributors with admin privileges are allowed to perform this action."
+ (a:when-let (contributor (request-contributor))
+ (adminp contributor)))
+
+(defendpoint* :patch "/lock/:oneliner a-oneliner-id:" () (:auth 'admin-only)
+ "Locks a oneliner. Locked oneliners cannot be edited or flagged."
+ (lock-oneliner oneliner (request-contributor))
+ "true")
+
+(defendpoint* :patch "/unlock/:oneliner a-oneliner-id:" () (:auth 'admin-only)
+ "Unlocks a oneliner."
+ (unlock-oneliner oneliner (request-contributor))
+ "true")
+
+(defendpoint* :patch "/edit/:oneliner a-oneliner-id:" ()
+ (:auth t)
+ "Edit the fields of a oneliner."
+ (if (edit-oneliner oneliner (request-contributor) (lzb:request-body))
+ "true"
+ (http-err 403))) ;; in case it is locked
+
+(defendpoint* :patch "/flag/:oneliner a-oneliner-id:" () ()
+ "Flag the oneliner for review. Open to anyone."
+ (if (flag-oneliner oneliner (request-contributor))
+ "true"
+ (http-err 403)))
+
(defendpoint* :get "/search" ((tags a-csl)
(limit an-int)
(notflagged a-boolean))
@@ -382,9 +441,8 @@
(t ; else responde with 400
(http-err 400))))
-(defendpoint* :patch "/flag/:oneliner a-oneliner-id:" () ()
- (flag-oneliner oneliner (request-contributor))
- "true")
+
+
;;; HELPERS