2026-03-03 11:27:07 -06:00
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"encoding/json"
|
2026-03-05 20:28:21 -06:00
|
|
|
"log"
|
2026-03-03 11:27:07 -06:00
|
|
|
"net/http"
|
|
|
|
|
"strconv"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func (app *App) handleListVolunteers(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
q := r.URL.Query()
|
|
|
|
|
search := q.Get("search")
|
|
|
|
|
since := q.Get("since")
|
|
|
|
|
|
2026-03-10 15:14:36 -05:00
|
|
|
var deptIDs []int
|
2026-03-03 11:27:07 -06:00
|
|
|
if d := q.Get("dept"); d != "" {
|
2026-03-10 15:14:36 -05:00
|
|
|
if id, err := strconv.Atoi(d); err == nil {
|
|
|
|
|
deptIDs = []int{id}
|
2026-03-03 11:27:07 -06:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
claims := claimsFromContext(r)
|
2026-03-10 15:14:36 -05:00
|
|
|
if isCoLeadOnly(claims) && len(deptIDs) == 0 {
|
|
|
|
|
deptIDs = claims.DeptIDs
|
2026-03-03 11:27:07 -06:00
|
|
|
}
|
|
|
|
|
|
2026-03-10 15:14:36 -05:00
|
|
|
volunteers, err := app.listVolunteers(search, deptIDs, since)
|
2026-03-03 11:27:07 -06:00
|
|
|
if err != nil {
|
|
|
|
|
writeError(w, err.Error(), http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
writeJSON(w, volunteers)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (app *App) handleCreateVolunteer(w http.ResponseWriter, r *http.Request) {
|
2026-03-05 20:09:58 -06:00
|
|
|
var body struct {
|
2026-03-06 07:11:19 -06:00
|
|
|
Name string `json:"name"`
|
|
|
|
|
TicketName string `json:"ticket_name"`
|
|
|
|
|
Email string `json:"email"`
|
|
|
|
|
DepartmentID *int `json:"department_id"`
|
|
|
|
|
IsLead bool `json:"is_lead"`
|
|
|
|
|
Note string `json:"note"`
|
2026-03-05 20:09:58 -06:00
|
|
|
}
|
|
|
|
|
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
|
2026-03-03 11:27:07 -06:00
|
|
|
writeError(w, "invalid request", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
2026-03-06 07:11:19 -06:00
|
|
|
if body.Name == "" {
|
2026-03-03 11:27:07 -06:00
|
|
|
writeError(w, "name is required", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
2026-03-06 07:11:19 -06:00
|
|
|
if body.Email == "" {
|
2026-03-05 20:17:25 -06:00
|
|
|
writeError(w, "email is required", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
2026-03-03 11:27:07 -06:00
|
|
|
claims := claimsFromContext(r)
|
2026-03-10 15:14:36 -05:00
|
|
|
if isCoLeadOnly(claims) {
|
2026-03-06 07:11:19 -06:00
|
|
|
if body.DepartmentID == nil || !inSlice(*body.DepartmentID, claims.DeptIDs) {
|
2026-03-03 11:27:07 -06:00
|
|
|
writeError(w, "forbidden: outside your department", http.StatusForbidden)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
2026-03-06 07:11:19 -06:00
|
|
|
p, _ := app.getParticipantByEmail(body.Email)
|
|
|
|
|
if p == nil {
|
|
|
|
|
p, _ = app.createParticipant(Participant{PreferredName: body.Name, Email: body.Email, TicketName: body.TicketName})
|
|
|
|
|
} else if body.TicketName != "" && p.TicketName == "" {
|
|
|
|
|
app.db.Exec(`UPDATE participants SET ticket_name = ?, updated_at = ? WHERE id = ?`, body.TicketName, now(), p.ID)
|
|
|
|
|
}
|
|
|
|
|
if p == nil {
|
|
|
|
|
writeError(w, "failed to create participant", http.StatusInternalServerError)
|
|
|
|
|
return
|
2026-03-04 12:00:36 -06:00
|
|
|
}
|
2026-03-05 20:28:21 -06:00
|
|
|
confirmToken, err := generateConfirmationToken()
|
|
|
|
|
if err != nil {
|
|
|
|
|
writeError(w, "internal error", http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
2026-03-06 07:11:19 -06:00
|
|
|
app.setParticipantConfirmationToken(p.ID, confirmToken)
|
|
|
|
|
v := Volunteer{
|
|
|
|
|
ParticipantID: p.ID,
|
|
|
|
|
DepartmentID: body.DepartmentID,
|
|
|
|
|
IsLead: body.IsLead,
|
|
|
|
|
Note: body.Note,
|
|
|
|
|
}
|
2026-03-03 11:27:07 -06:00
|
|
|
created, err := app.createVolunteer(v)
|
|
|
|
|
if err != nil {
|
|
|
|
|
writeError(w, err.Error(), http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
2026-03-05 20:28:21 -06:00
|
|
|
go func() {
|
2026-03-06 07:11:19 -06:00
|
|
|
if err := app.sendConfirmationEmail(body.Email, body.Name, confirmToken); err != nil {
|
|
|
|
|
log.Printf("confirmation email to %s failed: %v", body.Email, err)
|
2026-03-05 20:28:21 -06:00
|
|
|
}
|
|
|
|
|
}()
|
2026-03-03 11:27:07 -06:00
|
|
|
w.WriteHeader(http.StatusCreated)
|
|
|
|
|
writeJSON(w, created)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (app *App) handleGetVolunteer(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
id, err := strconv.Atoi(r.PathValue("id"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
writeError(w, "invalid id", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
v, err := app.getVolunteer(id)
|
|
|
|
|
if err != nil || v == nil {
|
|
|
|
|
writeError(w, "not found", http.StatusNotFound)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
writeJSON(w, v)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (app *App) handleUpdateVolunteer(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
id, err := strconv.Atoi(r.PathValue("id"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
writeError(w, "invalid id", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
2026-03-06 07:11:19 -06:00
|
|
|
var body struct {
|
|
|
|
|
DepartmentID *int `json:"department_id"`
|
|
|
|
|
IsLead bool `json:"is_lead"`
|
|
|
|
|
Note string `json:"note"`
|
2026-03-03 11:27:07 -06:00
|
|
|
}
|
2026-03-06 07:11:19 -06:00
|
|
|
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
|
|
|
|
|
writeError(w, "invalid request", http.StatusBadRequest)
|
2026-03-03 11:27:07 -06:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
claims := claimsFromContext(r)
|
2026-03-10 15:14:36 -05:00
|
|
|
if isCoLeadOnly(claims) {
|
2026-03-03 11:27:07 -06:00
|
|
|
existing, _ := app.getVolunteer(id)
|
|
|
|
|
if existing == nil || existing.DepartmentID == nil || !inSlice(*existing.DepartmentID, claims.DeptIDs) {
|
|
|
|
|
writeError(w, "forbidden: outside your department", http.StatusForbidden)
|
|
|
|
|
return
|
|
|
|
|
}
|
2026-03-10 15:14:36 -05:00
|
|
|
if body.DepartmentID != nil && !inSlice(*body.DepartmentID, claims.DeptIDs) {
|
|
|
|
|
writeError(w, "forbidden: cannot move volunteer to that department", http.StatusForbidden)
|
|
|
|
|
return
|
|
|
|
|
}
|
2026-03-03 11:27:07 -06:00
|
|
|
}
|
2026-03-06 07:11:19 -06:00
|
|
|
v := Volunteer{
|
|
|
|
|
ID: id,
|
|
|
|
|
DepartmentID: body.DepartmentID,
|
|
|
|
|
IsLead: body.IsLead,
|
|
|
|
|
Note: body.Note,
|
|
|
|
|
}
|
2026-03-03 11:27:07 -06:00
|
|
|
if err := app.updateVolunteer(v); err != nil {
|
|
|
|
|
writeError(w, err.Error(), http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
2026-03-05 16:51:39 -06:00
|
|
|
if v.IsLead {
|
|
|
|
|
app.confirmVolunteer(id)
|
|
|
|
|
}
|
2026-03-03 11:27:07 -06:00
|
|
|
updated, _ := app.getVolunteer(id)
|
|
|
|
|
writeJSON(w, updated)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (app *App) handleDeleteVolunteer(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
id, err := strconv.Atoi(r.PathValue("id"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
writeError(w, "invalid id", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
2026-03-10 15:14:36 -05:00
|
|
|
claims := claimsFromContext(r)
|
|
|
|
|
if isCoLeadOnly(claims) {
|
|
|
|
|
v, _ := app.getVolunteer(id)
|
|
|
|
|
if v == nil || v.DepartmentID == nil || !inSlice(*v.DepartmentID, claims.DeptIDs) {
|
|
|
|
|
writeError(w, "forbidden: outside your department", http.StatusForbidden)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
2026-03-03 11:27:07 -06:00
|
|
|
if err := app.deleteVolunteer(id); err != nil {
|
|
|
|
|
writeError(w, err.Error(), http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
w.WriteHeader(http.StatusNoContent)
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-05 17:34:50 -06:00
|
|
|
func (app *App) handleMarkVolunteerReady(w http.ResponseWriter, r *http.Request) {
|
2026-03-03 11:27:07 -06:00
|
|
|
id, err := strconv.Atoi(r.PathValue("id"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
writeError(w, "invalid id", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
claims := claimsFromContext(r)
|
2026-03-10 15:14:36 -05:00
|
|
|
if isCoLeadOnly(claims) {
|
|
|
|
|
v, _ := app.getVolunteer(id)
|
|
|
|
|
if v == nil || v.DepartmentID == nil || !inSlice(*v.DepartmentID, claims.DeptIDs) {
|
|
|
|
|
writeError(w, "forbidden: outside your department", http.StatusForbidden)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
2026-03-10 14:08:00 -05:00
|
|
|
v, err := app.markVolunteerReady(id, claims.ParticipantID)
|
2026-03-03 11:27:07 -06:00
|
|
|
if err != nil {
|
|
|
|
|
writeError(w, err.Error(), http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
app.broker.publish("checkin", map[string]any{"type": "volunteer", "volunteer": v})
|
|
|
|
|
writeJSON(w, v)
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-05 15:52:40 -06:00
|
|
|
func (app *App) handleConfirmVolunteer(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
id, err := strconv.Atoi(r.PathValue("id"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
writeError(w, "invalid id", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
2026-03-10 15:14:36 -05:00
|
|
|
claims := claimsFromContext(r)
|
|
|
|
|
if isCoLeadOnly(claims) {
|
|
|
|
|
v, _ := app.getVolunteer(id)
|
|
|
|
|
if v == nil || v.DepartmentID == nil || !inSlice(*v.DepartmentID, claims.DeptIDs) {
|
|
|
|
|
writeError(w, "forbidden: outside your department", http.StatusForbidden)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
2026-03-05 15:52:40 -06:00
|
|
|
v, err := app.confirmVolunteer(id)
|
|
|
|
|
if err != nil {
|
|
|
|
|
writeError(w, err.Error(), http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
writeJSON(w, v)
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-03 11:27:07 -06:00
|
|
|
func (app *App) handleAssignShift(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
volunteerID, err := strconv.Atoi(r.PathValue("id"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
writeError(w, "invalid volunteer id", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
var body struct {
|
|
|
|
|
ShiftID int `json:"shift_id"`
|
|
|
|
|
}
|
|
|
|
|
if err := json.NewDecoder(r.Body).Decode(&body); err != nil || body.ShiftID == 0 {
|
|
|
|
|
writeError(w, "shift_id required", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
2026-03-10 15:14:36 -05:00
|
|
|
claims := claimsFromContext(r)
|
|
|
|
|
if isCoLeadOnly(claims) {
|
|
|
|
|
v, _ := app.getVolunteer(volunteerID)
|
|
|
|
|
if v == nil || v.DepartmentID == nil || !inSlice(*v.DepartmentID, claims.DeptIDs) {
|
|
|
|
|
writeError(w, "forbidden: outside your department", http.StatusForbidden)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
shift, err := app.getShift(body.ShiftID)
|
|
|
|
|
if err != nil || shift == nil {
|
|
|
|
|
writeError(w, "shift not found", http.StatusNotFound)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if err := app.assignShiftWithCapacity(volunteerID, body.ShiftID, shift.Capacity); err != nil {
|
|
|
|
|
if err == errShiftFull {
|
|
|
|
|
writeError(w, "shift is at capacity", http.StatusConflict)
|
|
|
|
|
return
|
|
|
|
|
}
|
2026-03-03 11:27:07 -06:00
|
|
|
writeError(w, err.Error(), http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
w.WriteHeader(http.StatusNoContent)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (app *App) handleUnassignShift(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
volunteerID, err := strconv.Atoi(r.PathValue("id"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
writeError(w, "invalid volunteer id", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
shiftID, err := strconv.Atoi(r.PathValue("shift_id"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
writeError(w, "invalid shift id", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
2026-03-10 15:14:36 -05:00
|
|
|
claims := claimsFromContext(r)
|
|
|
|
|
if isCoLeadOnly(claims) {
|
|
|
|
|
v, _ := app.getVolunteer(volunteerID)
|
|
|
|
|
if v == nil || v.DepartmentID == nil || !inSlice(*v.DepartmentID, claims.DeptIDs) {
|
|
|
|
|
writeError(w, "forbidden: outside your department", http.StatusForbidden)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
2026-03-03 11:27:07 -06:00
|
|
|
if err := app.unassignShift(volunteerID, shiftID); err != nil {
|
|
|
|
|
writeError(w, err.Error(), http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
w.WriteHeader(http.StatusNoContent)
|
|
|
|
|
}
|
|
|
|
|
|
