From 4f538abc8384f8e9e3f86fa5086bf8423bb093c5 Mon Sep 17 00:00:00 2001
From: kolaente <konrad@kola-entertainments.de>
Date: Wed, 19 Sep 2018 07:54:47 +0200
Subject: [PATCH] Added endpoint to update a users right for a list

---
 REST-Tests/lists.http       | 11 ++++++++++-
 models/list_users_rights.go |  7 +++++++
 models/list_users_update.go | 16 ++++++++++++++++
 routes/routes.go            |  1 +
 4 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 models/list_users_update.go

diff --git a/REST-Tests/lists.http b/REST-Tests/lists.http
index e0a844798a2..8bbc25428da 100644
--- a/REST-Tests/lists.http
+++ b/REST-Tests/lists.http
@@ -68,7 +68,7 @@ Authorization: Bearer {{auth_token}}
 ###
 
 # Give a user access to that list
-PUT http://localhost:8080/api/v1/lists/28/users
+PUT http://localhost:8080/api/v1/lists/30/users
 Authorization: Bearer {{auth_token}}
 Content-Type: application/json
 
@@ -76,6 +76,15 @@ Content-Type: application/json
 
 ###
 
+# Update a users access to that list
+POST http://localhost:8080/api/v1/lists/30/users/3
+Authorization: Bearer {{auth_token}}
+Content-Type: application/json
+
+{"right":2}
+
+###
+
 # Delete a user from a list
 DELETE http://localhost:8080/api/v1/lists/28/users/3
 Authorization: Bearer {{auth_token}}
diff --git a/models/list_users_rights.go b/models/list_users_rights.go
index f720199e021..318f6692610 100644
--- a/models/list_users_rights.go
+++ b/models/list_users_rights.go
@@ -39,3 +39,10 @@ func (lu *ListUser) CanDelete(doer *User) bool {
 	l, _ := GetListByID(lu.ListID)
 	return l.CanWrite(doer)
 }
+
+// CanUpdate checks if the user can update a user <-> list relation
+func (lu *ListUser) CanUpdate(doer *User) bool {
+	// Get the list and check if the user has write access on it
+	l, _ := GetListByID(lu.ListID)
+	return l.CanWrite(doer)
+}
diff --git a/models/list_users_update.go b/models/list_users_update.go
new file mode 100644
index 00000000000..7df53d4e657
--- /dev/null
+++ b/models/list_users_update.go
@@ -0,0 +1,16 @@
+package models
+
+// Update updates a user <-> list relation
+func (lu *ListUser) Update() (err error) {
+
+	// Check if the right is valid
+	if err := lu.Right.isValid(); err != nil {
+		return err
+	}
+
+	_, err = x.
+		Where("list_id = ? AND user_id = ?", lu.ListID, lu.UserID).
+		Cols("right").
+		Update(lu)
+	return
+}
diff --git a/routes/routes.go b/routes/routes.go
index 33944f8f8b8..acf0fd631ed 100644
--- a/routes/routes.go
+++ b/routes/routes.go
@@ -100,6 +100,7 @@ func RegisterRoutes(e *echo.Echo) {
 	a.GET("/lists/:list/users", listUserHandler.ReadAllWeb)
 	a.PUT("/lists/:list/users", listUserHandler.CreateWeb)
 	a.DELETE("/lists/:list/users/:user", listUserHandler.DeleteWeb)
+	a.POST("/lists/:list/users/:user", listUserHandler.UpdateWeb)
 
 	namespaceHandler := &crud.WebHandler{
 		CObject: &models.Namespace{},