Gleipnir/nidus-sync
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Separate out a public and non-public halves to publicreport APIs

Browse source 
This prevents us from leaking text messaging details on public
endpoints.
This commit is contained in:
Eli Ribble 2026-04-28 06:36:55 +00:00
parent 8fcd926d43
commit 8bdd18649d
No known key found for this signature in database
12 changed files with 169 additions and 136 deletions
Download patch file Download diff file Expand all files Collapse all files

2
resource/communication.go
View file

@ -47,7 +47,7 @@ func toImageURLs(m map[string][]uuid.UUID, id string) []string {
return urls
}
func (res *communicationR) List(ctx context.Context, r *http.Request, user platform.User, query QueryParams) (*communicationList, *nhttp.ErrorWithStatus) {
reports, err := platform.PublicReportsForOrganization(ctx, user.Organization.ID)
reports, err := platform.PublicReportsForOrganization(ctx, user.Organization.ID, false)
if err != nil {
return nil, nhttp.NewError("nuisance report query: %w", err)
}

37
resource/publicreport.go
View file

@ -23,7 +23,7 @@ func Publicreport(r *router) *publicreportR {
}
}
func (res *publicreportR) ByID(ctx context.Context, w http.ResponseWriter, r *http.Request) *nhttp.ErrorWithStatus {
func (res *publicreportR) ByID(ctx context.Context, w http.ResponseWriter, r *http.Request, u platform.User) *nhttp.ErrorWithStatus {
vars := mux.Vars(r)
public_id := vars["id"]
if public_id == "" {
@ -40,6 +40,23 @@ func (res *publicreportR) ByID(ctx context.Context, w http.ResponseWriter, r *ht
http.Redirect(w, r, path, http.StatusFound)
return nil
}
func (res *publicreportR) ByIDPublic(ctx context.Context, w http.ResponseWriter, r *http.Request) *nhttp.ErrorWithStatus {
vars := mux.Vars(r)
public_id := vars["id"]
if public_id == "" {
return nhttp.NewBadRequest("You must provide an ID")
}
report_type, err := platform.PublicReportTypeByID(ctx, public_id)
if err != nil {
return nhttp.NewError("get report '%s': %w", public_id, err)
}
path, err := reportURIPublic(res.router, report_type, public_id)
if err != nil {
return nhttp.NewError("get uri '%s': %w", public_id, err)
}
http.Redirect(w, r, path, http.StatusFound)
return nil
}
type image struct {
Status string `json:"status"`
@ -100,3 +117,21 @@ func reportURI(r *router, report_type string, public_id string) (string, error)
}
return uri, nil
}
func reportURIPublic(r *router, report_type string, public_id string) (string, error) {
var route_name string
switch report_type {
case "compliance":
route_name = "publicreport.compliance.ByIDGetPublic"
case "nuisance":
route_name = "publicreport.nuisance.ByIDGetPublic"
case "water":
route_name = "publicreport.water.ByIDGetPublic"
default:
return "", fmt.Errorf("Unrecognized report type '%s'", report_type)
}
uri, err := r.IDStrToURI(route_name, public_id)
if err != nil {
return "", fmt.Errorf("id str to uri '%s' '%s': %w", route_name, public_id, err)
}
return uri, nil
}

13
resource/publicreport_compliance.go
View file

@ -45,13 +45,16 @@ type publicreportComplianceForm struct {
WantsScheduled omitnull.Val[bool] `schema:"wants_scheduled" json:"wants_scheduled"`
}
func (res *complianceR) ByID(ctx context.Context, r *http.Request, query QueryParams) (*types.PublicReportCompliance, *nhttp.ErrorWithStatus) {
func (res *complianceR) ByID(ctx context.Context, r *http.Request, u platform.User, query QueryParams) (*types.PublicReportCompliance, *nhttp.ErrorWithStatus) {
return res.ByIDPublic(ctx, r, query)
}
func (res *complianceR) ByIDPublic(ctx context.Context, r *http.Request, query QueryParams) (*types.PublicReportCompliance, *nhttp.ErrorWithStatus) {
vars := mux.Vars(r)
public_id := vars["id"]
if public_id == "" {
return nil, nhttp.NewBadRequest("You must provid an ID")
}
report, err := platform.PublicreportByIDCompliance(ctx, public_id)
report, err := platform.PublicReportByIDCompliance(ctx, public_id, true)
if err != nil {
return nil, nhttp.NewError("get report: %w", err)
}
@ -132,7 +135,7 @@ func (res *complianceR) Create(ctx context.Context, r *http.Request, n publicrep
return nil, nhttp.NewError("create compliance report: %w", err)
}
// Return a fully-fleshed-out report object, even though it's a bit more expensive
result, err := platform.PublicreportByIDCompliance(ctx, report.PublicID)
result, err := platform.PublicReportByIDCompliance(ctx, report.PublicID, true)
if err != nil {
return nil, nhttp.NewError("get report after creation: %w", err)
}
@ -206,7 +209,7 @@ func (res *complianceR) Update(ctx context.Context, r *http.Request, prf publicr
return nil, nhttp.NewError("platform update report compliance: %w", err)
}
// Return a fully-fleshed-out report object, even though it's a bit more expensive
report, err = platform.PublicreportByIDCompliance(ctx, public_id)
report, err = platform.PublicReportByIDCompliance(ctx, public_id, true)
if err != nil {
return nil, nhttp.NewError("get report after update: %w", err)
}
@ -223,7 +226,7 @@ func (res *complianceR) Submit(ctx context.Context, r *http.Request, prf publicr
if public_id == "" {
return nil, nhttp.NewBadRequest("You must provide an ID")
}
report, err := platform.PublicreportComplianceSubmit(ctx, public_id)
report, err := platform.PublicReportComplianceSubmit(ctx, public_id, true)
if err != nil {
return nil, nhttp.NewError("submit report: %w", err)
}

7
resource/publicreport_nuisance.go
View file

@ -51,13 +51,16 @@ type nuisanceForm struct {
TODNight bool `schema:"tod-night"`
}
func (res *nuisanceR) ByID(ctx context.Context, r *http.Request, query QueryParams) (*types.PublicReportNuisance, *nhttp.ErrorWithStatus) {
func (res *nuisanceR) ByID(ctx context.Context, r *http.Request, u platform.User, query QueryParams) (*types.PublicReportNuisance, *nhttp.ErrorWithStatus) {
return res.ByIDPublic(ctx, r, query)
}
func (res *nuisanceR) ByIDPublic(ctx context.Context, r *http.Request, query QueryParams) (*types.PublicReportNuisance, *nhttp.ErrorWithStatus) {
vars := mux.Vars(r)
public_id := vars["id"]
if public_id == "" {
return nil, nhttp.NewBadRequest("You must provid an ID")
}
report, err := platform.PublicreportByIDNuisance(ctx, public_id)
report, err := platform.PublicReportByIDNuisance(ctx, public_id, true)
if err != nil {
return nil, nhttp.NewError("get report: %w", err)
}

32
resource/publicreport_water.go
View file

@ -56,19 +56,11 @@ type waterForm struct {
OwnerPhone string `schema:"owner-phone"`
}
func (res *waterR) ByID(ctx context.Context, r *http.Request, query QueryParams) (*types.PublicReportWater, *nhttp.ErrorWithStatus) {
vars := mux.Vars(r)
public_id := vars["id"]
if public_id == "" {
return nil, nhttp.NewBadRequest("You must provid an ID")
}
report, err := platform.PublicreportByIDWater(ctx, public_id)
if err != nil {
return nil, nhttp.NewError("get report: %w", err)
}
populateDistrictURI(&report.PublicReport, res.router)
populateReportURI(&report.PublicReport, res.router)
return report, nil
func (res *waterR) ByID(ctx context.Context, r *http.Request, u platform.User, query QueryParams) (*types.PublicReportWater, *nhttp.ErrorWithStatus) {
return res.byID(ctx, r, false)
}
func (res *waterR) ByIDPublic(ctx context.Context, r *http.Request, query QueryParams) (*types.PublicReportWater, *nhttp.ErrorWithStatus) {
return res.byID(ctx, r, true)
}
func (res *waterR) Create(ctx context.Context, r *http.Request, w waterForm) (*water, *nhttp.ErrorWithStatus) {
@ -146,3 +138,17 @@ func (res *waterR) Create(ctx context.Context, r *http.Request, w waterForm) (*w
URI: uri,
}, nil
}
func (res *waterR) byID(ctx context.Context, r *http.Request, is_public bool) (*types.PublicReportWater, *nhttp.ErrorWithStatus) {
vars := mux.Vars(r)
public_id := vars["id"]
if public_id == "" {
return nil, nhttp.NewBadRequest("You must provid an ID")
}
report, err := platform.PublicReportByIDWater(ctx, public_id, is_public)
if err != nil {
return nil, nhttp.NewError("get report: %w", err)
}
populateDistrictURI(&report.PublicReport, res.router)
populateReportURI(&report.PublicReport, res.router)
return report, nil
}