Add visibility + role-based access fields with validation for events

trista-chen-29 · trista-chen-29 · commit dcee0a9b74d4 · 2026-04-12T18:05:15.000-07:00
diff --git a/pkg/event/event.go b/pkg/event/event.go
@@ -1,5 +1,27 @@
 package event
 
+import (
+	"fmt"
+	"strings"
+)
+
+const (
+	StatusDraft     = "draft"
+	StatusPublished = "published"
+	StatusClosed    = "closed"
+)
+
+const (
+	VisibilityPublic  = "public"
+	VisibilityPrivate = "private"
+)
+
+const (
+	RoleMember  = "member"
+	RoleOfficer = "officer"
+	RoleAdmin   = "admin"
+)
+
 type AnswerDetails struct {
 	MaxChars int `bson:"max_chars,omitempty" json:"max_chars,omitempty"`
 }
@@ -29,6 +51,8 @@ type Event struct {
 	MaxAttendees     int            `bson:"max_attendees" json:"max_attendees"`
 	CreatedAt        string         `bson:"created_at" json:"created_at"`
 	Status           string         `bson:"status" json:"status"` // draft, published, closed
+	Visibility         string       `bson:"visibility" json:"visibility"` // public, private
+	MinimumVisibleRole string       `bson:"minimum_visible_role,omitempty" json:"minimum_visible_role,omitempty"`
 }
 
 // IsAdmin checks if the given userID is in the event's Admins list.
@@ -41,6 +65,210 @@ func (e *Event) IsAdmin(userID string) bool {
 	return false
 }
 
+// ApplyDefaults sets safe defaults for newly created events.
+func (e *Event) ApplyDefaults() {
+	if strings.TrimSpace(e.Status) == "" {
+		e.Status = StatusDraft
+	}
+
+	if strings.TrimSpace(e.Visibility) == "" {
+		e.Visibility = VisibilityPublic
+	}
+
+	// public events should not carry a minimum visible role
+	if e.Visibility == VisibilityPublic {
+		e.MinimumVisibleRole = ""
+	}
+}
+
+// Validate validates the event shape for create/replace scenarios.
+func (e *Event) Validate() error {
+	if strings.TrimSpace(e.Name) == "" {
+		return fmt.Errorf("name is required")
+	}
+
+	if strings.TrimSpace(e.Date) == "" {
+		return fmt.Errorf("date is required")
+	}
+
+	if strings.TrimSpace(e.Time) == "" {
+		return fmt.Errorf("time is required")
+	}
+
+	if strings.TrimSpace(e.Location) == "" {
+		return fmt.Errorf("location is required")
+	}
+
+	if err := ValidateStatus(e.Status); err != nil {
+		return err
+	}
+
+	if err := ValidateVisibility(e.Visibility); err != nil {
+		return err
+	}
+
+	if err := ValidateMinimumVisibleRole(e.Visibility, e.MinimumVisibleRole); err != nil {
+		return err
+	}
+
+	if e.MaxAttendees < 0 {
+		return fmt.Errorf("max_attendees cannot be negative")
+	}
+
+	return nil
+}
+
+func ValidateStatus(status string) error {
+	switch status {
+	case StatusDraft, StatusPublished, StatusClosed:
+		return nil
+	default:
+		return fmt.Errorf("invalid status: must be one of draft, published, closed")
+	}
+}
+
+func ValidateVisibility(visibility string) error {
+	switch visibility {
+	case VisibilityPublic, VisibilityPrivate:
+		return nil
+	default:
+		return fmt.Errorf("invalid visibility: must be one of public, private")
+	}
+}
+
+func ValidateRole(role string) error {
+	switch role {
+	case RoleMember, RoleOfficer, RoleAdmin:
+		return nil
+	default:
+		return fmt.Errorf("invalid minimum_visible_role: must be one of member, officer, admin")
+	}
+}
+
+func ValidateMinimumVisibleRole(visibility string, role string) error {
+	switch visibility {
+	case VisibilityPublic:
+		if strings.TrimSpace(role) != "" {
+			return fmt.Errorf("minimum_visible_role must be empty when visibility is public")
+		}
+		return nil
+
+	case VisibilityPrivate:
+		if strings.TrimSpace(role) == "" {
+			return fmt.Errorf("minimum_visible_role is required when visibility is private")
+		}
+		return ValidateRole(role)
+
+	default:
+		return fmt.Errorf("invalid visibility: must be one of public, private")
+	}
+}
+
+// ValidateUpdateFields validates only the fields present in a PATCH payload.
+func ValidateUpdateFields(fields map[string]interface{}) error {
+	var (
+		statusProvided     bool
+		visibilityProvided bool
+		roleProvided       bool
+
+		status     string
+		visibility string
+		role       string
+	)
+
+	for key, value := range fields {
+		switch key {
+		case "status":
+			s, ok := value.(string)
+			if !ok {
+				return fmt.Errorf("status must be a string")
+			}
+			statusProvided = true
+			status = strings.TrimSpace(s)
+			if err := ValidateStatus(status); err != nil {
+				return err
+			}
+
+		case "visibility":
+			s, ok := value.(string)
+			if !ok {
+				return fmt.Errorf("visibility must be a string")
+			}
+			visibilityProvided = true
+			visibility = strings.TrimSpace(s)
+			if err := ValidateVisibility(visibility); err != nil {
+				return err
+			}
+
+		case "minimum_visible_role":
+			s, ok := value.(string)
+			if !ok {
+				return fmt.Errorf("minimum_visible_role must be a string")
+			}
+			roleProvided = true
+			role = strings.TrimSpace(s)
+
+		case "max_attendees":
+			// JSON numbers come in as float64 when bound into map[string]interface{}
+			n, ok := value.(float64)
+			if !ok {
+				return fmt.Errorf("max_attendees must be a number")
+			}
+			if n < 0 {
+				return fmt.Errorf("max_attendees cannot be negative")
+			}
+
+		case "name", "date", "time", "location", "description":
+			s, ok := value.(string)
+			if !ok {
+				return fmt.Errorf("%s must be a string", key)
+			}
+			if key != "description" && strings.TrimSpace(s) == "" {
+				return fmt.Errorf("%s cannot be empty", key)
+			}
+		}
+	}
+
+	// Cross-field validation only when one of these fields is being updated.
+	if visibilityProvided || roleProvided {
+		if !visibilityProvided {
+			vRaw, ok := fields["visibility"]
+			if ok {
+				v, ok := vRaw.(string)
+				if !ok {
+					return fmt.Errorf("visibility must be a string")
+				}
+				visibility = strings.TrimSpace(v)
+			}
+		}
+
+		if !roleProvided {
+			rRaw, ok := fields["minimum_visible_role"]
+			if ok {
+				r, ok := rRaw.(string)
+				if !ok {
+					return fmt.Errorf("minimum_visible_role must be a string")
+				}
+				role = strings.TrimSpace(r)
+			}
+		}
+
+		// We only fully validate the relationship if visibility is present in the PATCH.
+		// This avoids breaking partial updates where only unrelated fields are sent.
+		if visibilityProvided {
+			if err := ValidateMinimumVisibleRole(visibility, role); err != nil {
+				return err
+			}
+		}
+	}
+
+	if statusProvided && status == "" {
+		return fmt.Errorf("status cannot be empty")
+	}
+
+	return nil
+}
+
 // SanitizeUpdateFields removes immutable fields from an update map
 // to prevent them from being overwritten.
 func SanitizeUpdateFields(fields map[string]interface{}) {
diff --git a/pkg/handlers/event.go b/pkg/handlers/event.go
@@ -135,6 +135,22 @@ func UpdateEventByID(c *gin.Context) {
 		return
 	}
 
+	// Validate patch fields for #36 visibility/status support
+	if err := event.ValidateUpdateFields(fields); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": err.Error(),
+		})
+		return
+	}
+
+	// Normalize public events: if visibility is being set to public in PATCH,
+	// clear minimum_visible_role automatically.
+	if visibilityRaw, ok := fields["visibility"]; ok {
+		if visibility, ok := visibilityRaw.(string); ok && strings.TrimSpace(visibility) == event.VisibilityPublic {
+			fields["minimum_visible_role"] = ""
+		}
+	}
+
 	err = db.UpdateEventByID(id, fields)
 	if err != nil {
 		if err == mongo.ErrNoDocuments {
