Turnpike/handle_users.go

package main

import (
	"encoding/json"
	"net/http"
	"strconv"
)

func (app *App) handleListUsers(w http.ResponseWriter, r *http.Request) {
	users, err := app.listUsers()
	if err != nil {
		writeError(w, err.Error(), http.StatusInternalServerError)
		return
	}
	writeJSON(w, users)
}

func (app *App) handleCreateUser(w http.ResponseWriter, r *http.Request) {
	var body struct {
		Username      string `json:"username"`
		Password      string `json:"password"`
		Role          string `json:"role"`
		DepartmentIDs []int  `json:"department_ids"`
	}
	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
		writeError(w, "invalid request", http.StatusBadRequest)
		return
	}
	if body.Username == "" || body.Password == "" || body.Role == "" {
		writeError(w, "username, password, and role are required", http.StatusBadRequest)
		return
	}
	hash, err := hashPassword(body.Password)
	if err != nil {
		writeError(w, "hash error", http.StatusInternalServerError)
		return
	}
	if body.DepartmentIDs == nil {
		body.DepartmentIDs = []int{}
	}
	user, err := app.createUser(body.Username, hash, body.Role, body.DepartmentIDs)
	if err != nil {
		writeError(w, err.Error(), http.StatusInternalServerError)
		return
	}
	w.WriteHeader(http.StatusCreated)
	writeJSON(w, user)
}

func (app *App) handleUpdateUser(w http.ResponseWriter, r *http.Request) {
	id, err := strconv.Atoi(r.PathValue("id"))
	if err != nil {
		writeError(w, "invalid id", http.StatusBadRequest)
		return
	}
	var body struct {
		Role          string `json:"role"`
		Password      string `json:"password"`
		DepartmentIDs []int  `json:"department_ids"`
	}
	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
		writeError(w, "invalid request", http.StatusBadRequest)
		return
	}
	if body.DepartmentIDs == nil {
		body.DepartmentIDs = []int{}
	}
	if body.Role != "" {
		if err := app.updateUser(id, body.Role, body.DepartmentIDs); err != nil {
			writeError(w, err.Error(), http.StatusInternalServerError)
			return
		}
	}
	if body.Password != "" {
		hash, err := hashPassword(body.Password)
		if err != nil {
			writeError(w, "hash error", http.StatusInternalServerError)
			return
		}
		if err := app.updateUserPassword(id, hash); err != nil {
			writeError(w, err.Error(), http.StatusInternalServerError)
			return
		}
	}
	user, _ := app.getUserByID(id)
	writeJSON(w, user)
}

func (app *App) handleDeleteUser(w http.ResponseWriter, r *http.Request) {
	id, err := strconv.Atoi(r.PathValue("id"))
	if err != nil {
		writeError(w, "invalid id", http.StatusBadRequest)
		return
	}
	claims := claimsFromContext(r)
	if claims.UserID == id {
		writeError(w, "cannot delete yourself", http.StatusBadRequest)
		return
	}
	if err := app.deleteUser(id); err != nil {
		writeError(w, err.Error(), http.StatusInternalServerError)
		return
	}
	w.WriteHeader(http.StatusNoContent)
}
Created Turnpike, event attendee and volunteer management Built after prototype, Traverse, an attendee and volunteer list maintainer. 2026-03-03 11:27:07 -06:00			`package main`

			`import (`
			`"encoding/json"`
			`"net/http"`
			`"strconv"`
			`)`

			`func (app App) handleListUsers(w http.ResponseWriter, r http.Request) {`
			`users, err := app.listUsers()`
			`if err != nil {`
			`writeError(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
			`writeJSON(w, users)`
			`}`

			`func (app App) handleCreateUser(w http.ResponseWriter, r http.Request) {`
			`var body struct {`
			Username string `json:"username"`
			Password string `json:"password"`
			Role string `json:"role"`
			DepartmentIDs []int `json:"department_ids"`
			`}`
			`if err := json.NewDecoder(r.Body).Decode(&body); err != nil {`
			`writeError(w, "invalid request", http.StatusBadRequest)`
			`return`
			`}`
			`if body.Username == "" \|\| body.Password == "" \|\| body.Role == "" {`
			`writeError(w, "username, password, and role are required", http.StatusBadRequest)`
			`return`
			`}`
			`hash, err := hashPassword(body.Password)`
			`if err != nil {`
			`writeError(w, "hash error", http.StatusInternalServerError)`
			`return`
			`}`
			`if body.DepartmentIDs == nil {`
			`body.DepartmentIDs = []int{}`
			`}`
			`user, err := app.createUser(body.Username, hash, body.Role, body.DepartmentIDs)`
			`if err != nil {`
			`writeError(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
			`w.WriteHeader(http.StatusCreated)`
			`writeJSON(w, user)`
			`}`

			`func (app App) handleUpdateUser(w http.ResponseWriter, r http.Request) {`
			`id, err := strconv.Atoi(r.PathValue("id"))`
			`if err != nil {`
			`writeError(w, "invalid id", http.StatusBadRequest)`
			`return`
			`}`
			`var body struct {`
			Role string `json:"role"`
			Password string `json:"password"`
			DepartmentIDs []int `json:"department_ids"`
			`}`
			`if err := json.NewDecoder(r.Body).Decode(&body); err != nil {`
			`writeError(w, "invalid request", http.StatusBadRequest)`
			`return`
			`}`
			`if body.DepartmentIDs == nil {`
			`body.DepartmentIDs = []int{}`
			`}`
			`if body.Role != "" {`
			`if err := app.updateUser(id, body.Role, body.DepartmentIDs); err != nil {`
			`writeError(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
			`}`
			`if body.Password != "" {`
			`hash, err := hashPassword(body.Password)`
			`if err != nil {`
			`writeError(w, "hash error", http.StatusInternalServerError)`
			`return`
			`}`
			`if err := app.updateUserPassword(id, hash); err != nil {`
			`writeError(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
			`}`
			`user, _ := app.getUserByID(id)`
			`writeJSON(w, user)`
			`}`

			`func (app App) handleDeleteUser(w http.ResponseWriter, r http.Request) {`
			`id, err := strconv.Atoi(r.PathValue("id"))`
			`if err != nil {`
			`writeError(w, "invalid id", http.StatusBadRequest)`
			`return`
			`}`
			`claims := claimsFromContext(r)`
			`if claims.UserID == id {`
			`writeError(w, "cannot delete yourself", http.StatusBadRequest)`
			`return`
			`}`
			`if err := app.deleteUser(id); err != nil {`
			`writeError(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
			`w.WriteHeader(http.StatusNoContent)`
			`}`