locking, unlocking, editing oneliner endpoints. admin only auth

1 files changed, 64 insertions, 6 deletions

diff --git a/src/main.lisp b/src/main.lisp
index ee04b2b..1804267 100644
--- a/src/main.lisp
+++ b/src/main.lisp
@@ -234,7 +234,7 @@
   :auth 'api-token-authorization)
 
 (defun api-token-authorization ()
-  ;; presently if the token merely exists then that's good enough.
+  "This request must be made with an API access token."
   (request-contributor)) 
 
 
@@ -268,8 +268,38 @@
                        :brief brief))))
 
 (defun flag-oneliner (oneliner &optional contributor)
-  (db:with-transaction ()
-    (setf (flagged-by oneliner) (or contributor :anonymous))))
+  "Flag a oneliner for review. If locked, ensure that CONTRIBUTOR is an admin. Returns T or NIL."
+  (when (or (not (lockedp oneliner)) (and contributor (adminp contributor))) 
+    (db:with-transaction ()
+      (setf (flagged-by oneliner) (or contributor :anonymous))
+      t)))
+
+(defun lock-oneliner (oneliner contributor)
+  "Locks a oneliner. Only admins can lock and unlock."
+  (when (adminp contributor)
+    (db:with-transaction () 
+      (setf (lockedp oneliner) t))))
+
+(defun unlock-oneliner (oneliner contributor)
+  "Unlocks a oneliner. Only admins can lock and unlock."
+  (when (adminp contributor)
+    (db:with-transaction () 
+      (setf (lockedp oneliner) nil))))
+
+(defun edit-oneliner (ol contributor plist)
+  (when (or (not (lockedp ol)) (adminp contributor))
+  (with-plist
+      (oneliner tags brief description) plist
+      (db:with-transaction ()
+        (when oneliner
+          (setf (oneliner ol) oneliner))
+        (when tags
+          (setf (oneliner-tags ol) tags))
+        (when brief
+          (setf (oneliner-brief ol) brief))
+        (when description
+          (setf (oneliner-description ol) description))))))
+
 
 ;;; DATABASE QUERIES
 
@@ -365,6 +395,35 @@
   (make-new-oneliner (request-contributor)  (lzb:request-body))
   "true")
 
+(defun admin-only ()
+  "The request requires an API access token. 
+Only contributors with admin privileges are allowed to perform this action."
+  (a:when-let (contributor (request-contributor))
+    (adminp contributor)))
+
+(defendpoint* :patch "/lock/:oneliner a-oneliner-id:" () (:auth 'admin-only)
+  "Locks a oneliner. Locked oneliners cannot be edited or flagged."
+  (lock-oneliner oneliner (request-contributor))
+  "true")
+
+(defendpoint* :patch "/unlock/:oneliner a-oneliner-id:" () (:auth 'admin-only)
+  "Unlocks a oneliner."
+  (unlock-oneliner oneliner (request-contributor))
+  "true")
+
+(defendpoint* :patch "/edit/:oneliner a-oneliner-id:" ()
+  (:auth t)
+  "Edit the fields of a oneliner."
+  (if (edit-oneliner oneliner (request-contributor) (lzb:request-body))
+      "true"
+      (http-err 403))) ;; in case it is locked
+
+(defendpoint* :patch "/flag/:oneliner a-oneliner-id:" () ()
+  "Flag the oneliner for review. Open to anyone."
+  (if  (flag-oneliner oneliner (request-contributor))
+       "true"
+       (http-err 403)))
+
 (defendpoint* :get "/search" ((tags a-csl)
                               (limit an-int)
                               (notflagged a-boolean))
@@ -382,9 +441,8 @@
       (t                                  ; else responde with 400
        (http-err 400))))
 
-(defendpoint* :patch "/flag/:oneliner a-oneliner-id:" () ()
-  (flag-oneliner oneliner (request-contributor))
-  "true")
+
+
 
 ;;; HELPERS