package main import ( "encoding/json" "net/http" "strconv" ) func (app *App) handleListVolunteers(w http.ResponseWriter, r *http.Request) { q := r.URL.Query() search := q.Get("search") since := q.Get("since") var deptID *int if d := q.Get("dept"); d != "" { id, err := strconv.Atoi(d) if err == nil { deptID = &id } } claims := claimsFromContext(r) if claims.Role == "colead" && deptID == nil && len(claims.DeptIDs) > 0 { deptID = &claims.DeptIDs[0] } volunteers, err := app.listVolunteers(search, deptID, since) if err != nil { writeError(w, err.Error(), http.StatusInternalServerError) return } writeJSON(w, volunteers) } func (app *App) handleCreateVolunteer(w http.ResponseWriter, r *http.Request) { var body struct { Volunteer TicketName string `json:"ticket_name"` } if err := json.NewDecoder(r.Body).Decode(&body); err != nil { writeError(w, "invalid request", http.StatusBadRequest) return } v := body.Volunteer if v.Name == "" { writeError(w, "name is required", http.StatusBadRequest) return } if v.Email == "" { writeError(w, "email is required", http.StatusBadRequest) return } claims := claimsFromContext(r) if claims.Role == "colead" { if v.DepartmentID == nil || !inSlice(*v.DepartmentID, claims.DeptIDs) { writeError(w, "forbidden: outside your department", http.StatusForbidden) return } } if v.Email != "" && v.ParticipantID == nil { p, _ := app.getParticipantByEmail(v.Email) if p == nil { p, _ = app.createParticipant(Participant{PreferredName: v.Name, Email: v.Email, TicketName: body.TicketName}) } else if body.TicketName != "" && p.TicketName == "" { app.db.Exec(`UPDATE participants SET ticket_name = ?, updated_at = ? WHERE id = ?`, body.TicketName, now(), p.ID) } if p != nil { v.ParticipantID = &p.ID } } created, err := app.createVolunteer(v) if err != nil { writeError(w, err.Error(), http.StatusInternalServerError) return } w.WriteHeader(http.StatusCreated) writeJSON(w, created) } func (app *App) handleGetVolunteer(w http.ResponseWriter, r *http.Request) { id, err := strconv.Atoi(r.PathValue("id")) if err != nil { writeError(w, "invalid id", http.StatusBadRequest) return } v, err := app.getVolunteer(id) if err != nil || v == nil { writeError(w, "not found", http.StatusNotFound) return } writeJSON(w, v) } func (app *App) handleUpdateVolunteer(w http.ResponseWriter, r *http.Request) { id, err := strconv.Atoi(r.PathValue("id")) if err != nil { writeError(w, "invalid id", http.StatusBadRequest) return } var v Volunteer if err := json.NewDecoder(r.Body).Decode(&v); err != nil { writeError(w, "invalid request", http.StatusBadRequest) return } if v.Name == "" { writeError(w, "name is required", http.StatusBadRequest) return } claims := claimsFromContext(r) if claims.Role == "colead" { existing, _ := app.getVolunteer(id) if existing == nil || existing.DepartmentID == nil || !inSlice(*existing.DepartmentID, claims.DeptIDs) { writeError(w, "forbidden: outside your department", http.StatusForbidden) return } } v.ID = id if err := app.updateVolunteer(v); err != nil { writeError(w, err.Error(), http.StatusInternalServerError) return } if v.IsLead { app.confirmVolunteer(id) } updated, _ := app.getVolunteer(id) writeJSON(w, updated) } func (app *App) handleDeleteVolunteer(w http.ResponseWriter, r *http.Request) { id, err := strconv.Atoi(r.PathValue("id")) if err != nil { writeError(w, "invalid id", http.StatusBadRequest) return } if err := app.deleteVolunteer(id); err != nil { writeError(w, err.Error(), http.StatusInternalServerError) return } w.WriteHeader(http.StatusNoContent) } func (app *App) handleMarkVolunteerReady(w http.ResponseWriter, r *http.Request) { id, err := strconv.Atoi(r.PathValue("id")) if err != nil { writeError(w, "invalid id", http.StatusBadRequest) return } claims := claimsFromContext(r) v, err := app.markVolunteerReady(id, claims.UserID) if err != nil { writeError(w, err.Error(), http.StatusInternalServerError) return } app.broker.publish("checkin", map[string]any{"type": "volunteer", "volunteer": v}) writeJSON(w, v) } func (app *App) handleConfirmVolunteer(w http.ResponseWriter, r *http.Request) { id, err := strconv.Atoi(r.PathValue("id")) if err != nil { writeError(w, "invalid id", http.StatusBadRequest) return } v, err := app.confirmVolunteer(id) if err != nil { writeError(w, err.Error(), http.StatusInternalServerError) return } writeJSON(w, v) } func (app *App) handleAssignShift(w http.ResponseWriter, r *http.Request) { volunteerID, err := strconv.Atoi(r.PathValue("id")) if err != nil { writeError(w, "invalid volunteer id", http.StatusBadRequest) return } var body struct { ShiftID int `json:"shift_id"` } if err := json.NewDecoder(r.Body).Decode(&body); err != nil || body.ShiftID == 0 { writeError(w, "shift_id required", http.StatusBadRequest) return } if err := app.assignShift(volunteerID, body.ShiftID); err != nil { writeError(w, err.Error(), http.StatusInternalServerError) return } w.WriteHeader(http.StatusNoContent) } func (app *App) handleUnassignShift(w http.ResponseWriter, r *http.Request) { volunteerID, err := strconv.Atoi(r.PathValue("id")) if err != nil { writeError(w, "invalid volunteer id", http.StatusBadRequest) return } shiftID, err := strconv.Atoi(r.PathValue("shift_id")) if err != nil { writeError(w, "invalid shift id", http.StatusBadRequest) return } if err := app.unassignShift(volunteerID, shiftID); err != nil { writeError(w, err.Error(), http.StatusInternalServerError) return } w.WriteHeader(http.StatusNoContent) } func inSlice(v int, s []int) bool { for _, x := range s { if x == v { return true } } return false }