SQuiz/core
2
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

fix ownership for statistic handlers

Browse Source
This commit is contained in:
Pasha 2025-04-23 16:40:59 +03:00 committed by skeris
parent 7556af9487
commit 612062a1f2
1 changed files with 57 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
internal/controllers/http_controllers/statistic/statistic.go
View File

@ -2,6 +2,7 @@ package statistic
import (
"gitea.pena/SQuiz/common/dal"
"gitea.pena/SQuiz/common/middleware"
"gitea.pena/SQuiz/common/repository/statistics"
"github.com/gofiber/fiber/v2"
"strconv"
@ -32,6 +33,11 @@ type DeviceStatReq struct {
}
func (r *Statistic) GetDeviceStatistics(ctx *fiber.Ctx) error {
accountID, ok := middleware.GetAccountId(ctx)
if !ok {
return ctx.Status(fiber.StatusUnauthorized).SendString("account id is required")
}
quizIDStr := ctx.Params("quizID")
quizID, err := strconv.ParseInt(quizIDStr, 10, 64)
@ -39,6 +45,15 @@ func (r *Statistic) GetDeviceStatistics(ctx *fiber.Ctx) error {
return ctx.Status(fiber.StatusBadRequest).SendString("Invalid quiz ID format")
}
isOwner, err := r.dal.QuizRepo.CheckQuizOwner(ctx.Context(), accountID, uint64(quizID))
if err != nil {
return ctx.Status(fiber.StatusInternalServerError).SendString(err.Error())
}
if !isOwner {
return ctx.Status(fiber.StatusUnauthorized).SendString("not the owner")
}
var req DeviceStatReq
if err := ctx.BodyParser(&req); err != nil {
return ctx.Status(fiber.StatusBadRequest).SendString("Invalid request data")
@ -61,12 +76,26 @@ type GeneralStatsResp struct {
}
func (r *Statistic) GetGeneralStatistics(ctx *fiber.Ctx) error {
acountId, ok := middleware.GetAccountId(ctx)
if !ok {
return ctx.Status(fiber.StatusUnauthorized).SendString("account id is required")
}
quizIDStr := ctx.Params("quizID")
quizID, err := strconv.ParseInt(quizIDStr, 10, 64)
if err != nil {
return ctx.Status(fiber.StatusBadRequest).SendString("Invalid quiz ID format")
}
isOwner, err := r.dal.QuizRepo.CheckQuizOwner(ctx.Context(), acountId, uint64(quizID))
if err != nil {
return ctx.Status(fiber.StatusInternalServerError).SendString(err.Error())
}
if !isOwner {
return ctx.Status(fiber.StatusUnauthorized).SendString("not the owner")
}
var req DeviceStatReq
if err := ctx.BodyParser(&req); err != nil {
return ctx.Status(fiber.StatusBadRequest).SendString("Invalid request data")
@ -85,12 +114,26 @@ func (r *Statistic) GetGeneralStatistics(ctx *fiber.Ctx) error {
}
func (r *Statistic) GetQuestionsStatistics(ctx *fiber.Ctx) error {
accountID, ok := middleware.GetAccountId(ctx)
if !ok {
return ctx.Status(fiber.StatusUnauthorized).SendString("account id is required")
}
quizIDStr := ctx.Params("quizID")
quizID, err := strconv.ParseInt(quizIDStr, 0, 64)
if err != nil {
return ctx.Status(fiber.StatusBadRequest).SendString("Invalid quiz ID format")
}
isOwner, err := r.dal.QuizRepo.CheckQuizOwner(ctx.Context(), accountID, uint64(quizID))
if err != nil {
return ctx.Status(fiber.StatusInternalServerError).SendString(err.Error())
}
if !isOwner {
return ctx.Status(fiber.StatusUnauthorized).SendString("not the owner")
}
var req DeviceStatReq
if err := ctx.BodyParser(&req); err != nil {
return ctx.Status(fiber.StatusBadRequest).SendString("Invalid request data")
@ -127,6 +170,11 @@ func (r *Statistic) AllServiceStatistics(ctx *fiber.Ctx) error {
}
func (r *Statistic) GetPipelinesStatistics(ctx *fiber.Ctx) error {
accountID, ok := middleware.GetAccountId(ctx)
if !ok {
return ctx.Status(fiber.StatusUnauthorized).SendString("account id is required")
}
var req StatisticReq
if err := ctx.BodyParser(&req); err != nil {
return ctx.Status(fiber.StatusBadRequest).SendString("Invalid request data")
@ -138,6 +186,15 @@ func (r *Statistic) GetPipelinesStatistics(ctx *fiber.Ctx) error {
return ctx.Status(fiber.StatusBadRequest).SendString("Invalid quiz ID format")
}
isOwner, err := r.dal.QuizRepo.CheckQuizOwner(ctx.Context(), accountID, uint64(quizID))
if err != nil {
return ctx.Status(fiber.StatusInternalServerError).SendString(err.Error())
}
if !isOwner {
return ctx.Status(fiber.StatusUnauthorized).SendString("not the owner")
}
result, err := r.chDAL.StatisticClickRepo.GetPipelinesStatistics(ctx.Context(), quizID, req.From, req.To)
if err != nil {
return ctx.Status(fiber.StatusInternalServerError).SendString(err.Error())