From 23c61a347a5364159975345dcc47f095f15f326a Mon Sep 17 00:00:00 2001 From: Colin Okay Date: Tue, 15 Feb 2022 16:52:31 -0600 Subject: locking, unlocking, editing oneliner endpoints. admin only auth --- src/main.lisp | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 64 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/main.lisp b/src/main.lisp index ee04b2b..1804267 100644 --- a/src/main.lisp +++ b/src/main.lisp @@ -234,7 +234,7 @@ :auth 'api-token-authorization) (defun api-token-authorization () - ;; presently if the token merely exists then that's good enough. + "This request must be made with an API access token." (request-contributor)) @@ -268,8 +268,38 @@ :brief brief)))) (defun flag-oneliner (oneliner &optional contributor) - (db:with-transaction () - (setf (flagged-by oneliner) (or contributor :anonymous)))) + "Flag a oneliner for review. If locked, ensure that CONTRIBUTOR is an admin. Returns T or NIL." + (when (or (not (lockedp oneliner)) (and contributor (adminp contributor))) + (db:with-transaction () + (setf (flagged-by oneliner) (or contributor :anonymous)) + t))) + +(defun lock-oneliner (oneliner contributor) + "Locks a oneliner. Only admins can lock and unlock." + (when (adminp contributor) + (db:with-transaction () + (setf (lockedp oneliner) t)))) + +(defun unlock-oneliner (oneliner contributor) + "Unlocks a oneliner. Only admins can lock and unlock." + (when (adminp contributor) + (db:with-transaction () + (setf (lockedp oneliner) nil)))) + +(defun edit-oneliner (ol contributor plist) + (when (or (not (lockedp ol)) (adminp contributor)) + (with-plist + (oneliner tags brief description) plist + (db:with-transaction () + (when oneliner + (setf (oneliner ol) oneliner)) + (when tags + (setf (oneliner-tags ol) tags)) + (when brief + (setf (oneliner-brief ol) brief)) + (when description + (setf (oneliner-description ol) description)))))) + ;;; DATABASE QUERIES @@ -365,6 +395,35 @@ (make-new-oneliner (request-contributor) (lzb:request-body)) "true") +(defun admin-only () + "The request requires an API access token. +Only contributors with admin privileges are allowed to perform this action." + (a:when-let (contributor (request-contributor)) + (adminp contributor))) + +(defendpoint* :patch "/lock/:oneliner a-oneliner-id:" () (:auth 'admin-only) + "Locks a oneliner. Locked oneliners cannot be edited or flagged." + (lock-oneliner oneliner (request-contributor)) + "true") + +(defendpoint* :patch "/unlock/:oneliner a-oneliner-id:" () (:auth 'admin-only) + "Unlocks a oneliner." + (unlock-oneliner oneliner (request-contributor)) + "true") + +(defendpoint* :patch "/edit/:oneliner a-oneliner-id:" () + (:auth t) + "Edit the fields of a oneliner." + (if (edit-oneliner oneliner (request-contributor) (lzb:request-body)) + "true" + (http-err 403))) ;; in case it is locked + +(defendpoint* :patch "/flag/:oneliner a-oneliner-id:" () () + "Flag the oneliner for review. Open to anyone." + (if (flag-oneliner oneliner (request-contributor)) + "true" + (http-err 403))) + (defendpoint* :get "/search" ((tags a-csl) (limit an-int) (notflagged a-boolean)) @@ -382,9 +441,8 @@ (t ; else responde with 400 (http-err 400)))) -(defendpoint* :patch "/flag/:oneliner a-oneliner-id:" () () - (flag-oneliner oneliner (request-contributor)) - "true") + + ;;; HELPERS -- cgit v1.2.3