From 76c2fe9c22642ea70acb419797289cce4cbfadfd Mon Sep 17 00:00:00 2001 From: eikendev Date: Mon, 3 Aug 2020 15:37:16 +0200 Subject: [PATCH] Handle unbound members when binding request --- api/application.go | 18 +++++++++++++---- api/user.go | 48 +++++++++++++++++++++++++++++--------------- model/application.go | 2 +- model/user.go | 8 ++++---- 4 files changed, 51 insertions(+), 25 deletions(-) diff --git a/api/application.go b/api/application.go index d687b8f..43313da 100644 --- a/api/application.go +++ b/api/application.go @@ -97,6 +97,19 @@ func (h *ApplicationHandler) deleteApplication(ctx *gin.Context, a *model.Applic return nil } +func (h *ApplicationHandler) updateApplication(ctx *gin.Context, a *model.Application, updateApplication *model.UpdateApplication) error { + if updateApplication.Name != nil { + a.Name = *updateApplication.Name + } + + err := h.DB.UpdateApplication(a) + if success := successOrAbort(ctx, http.StatusInternalServerError, err); !success { + return err + } + + return nil +} + // CreateApplication creates an application. func (h *ApplicationHandler) CreateApplication(ctx *gin.Context) { var createApplication model.CreateApplication @@ -153,10 +166,7 @@ func (h *ApplicationHandler) UpdateApplication(ctx *gin.Context) { log.Printf("Updating application %s.\n", application.Name) - // TODO: Handle unbound members. - application.Name = updateApplication.Name - - if success := successOrAbort(ctx, http.StatusInternalServerError, h.DB.UpdateApplication(application)); !success { + if err := h.updateApplication(ctx, application, &updateApplication); err != nil { return } diff --git a/api/user.go b/api/user.go index 1565830..248d7a5 100644 --- a/api/user.go +++ b/api/user.go @@ -72,8 +72,8 @@ func (h *UserHandler) getUser(ctx *gin.Context) (*model.User, error) { return application, nil } -func (h *UserHandler) deleteApplications(ctx *gin.Context, user *model.User) error { - applications, err := h.DB.GetApplications(user) +func (h *UserHandler) deleteApplications(ctx *gin.Context, u *model.User) error { + applications, err := h.DB.GetApplications(u) if success := successOrAbort(ctx, http.StatusInternalServerError, err); !success { return err } @@ -112,6 +112,34 @@ func (h *UserHandler) updateChannels(ctx *gin.Context, u *model.User, channelID return nil } +func (h *UserHandler) updateUser(ctx *gin.Context, u *model.User, updateUser model.UpdateUser) error { + if updateUser.MatrixID != nil && u.MatrixID != *updateUser.MatrixID { + if err := h.updateChannels(ctx, u, *updateUser.MatrixID); err != nil { + return err + } + } + + if updateUser.Name != nil { + u.Name = *updateUser.Name + } + if updateUser.Password != nil { + u.PasswordHash = h.CM.CreatePasswordHash(*updateUser.Password) + } + if updateUser.MatrixID != nil { + u.MatrixID = *updateUser.MatrixID + } + if updateUser.IsAdmin != nil { + u.IsAdmin = *updateUser.IsAdmin + } + + err := h.DB.UpdateUser(u) + if success := successOrAbort(ctx, http.StatusInternalServerError, err); !success { + return err + } + + return nil +} + // CreateUser creates a new user. // This method assumes that the requesting user has privileges. func (h *UserHandler) CreateUser(ctx *gin.Context) { @@ -184,7 +212,7 @@ func (h *UserHandler) UpdateUser(ctx *gin.Context) { requestingUser := authentication.GetUser(ctx) // Last privileged user must not be taken privileges. Assumes that the current user has privileges. - if user.ID == requestingUser.ID && !updateUser.IsAdmin { + if user.ID == requestingUser.ID && updateUser.IsAdmin != nil && !(*updateUser.IsAdmin) { if err := h.requireMultipleAdmins(ctx); err != nil { return } @@ -192,19 +220,7 @@ func (h *UserHandler) UpdateUser(ctx *gin.Context) { log.Printf("Updating user %s.\n", user.Name) - if user.MatrixID != updateUser.MatrixID { - if err := h.updateChannels(ctx, user, updateUser.MatrixID); err != nil { - return - } - } - - // TODO: Handle unbound members. - user.Name = updateUser.Name - user.PasswordHash = h.CM.CreatePasswordHash(updateUser.Password) - user.MatrixID = updateUser.MatrixID - user.IsAdmin = updateUser.IsAdmin - - if success := successOrAbort(ctx, http.StatusInternalServerError, h.DB.UpdateUser(user)); !success { + if err := h.updateUser(ctx, user, updateUser); err != nil { return } diff --git a/model/application.go b/model/application.go index 0a32bf4..729e621 100644 --- a/model/application.go +++ b/model/application.go @@ -16,5 +16,5 @@ type CreateApplication struct { // UpdateApplication is used to process queries for updating applications. type UpdateApplication struct { - Name string `json:"name"` + Name *string `json:"name"` } diff --git a/model/user.go b/model/user.go index f335a68..86620e2 100644 --- a/model/user.go +++ b/model/user.go @@ -69,8 +69,8 @@ func (u *User) IntoExternalUser() *ExternalUser { // UpdateUser is used to process queries for updating users. type UpdateUser struct { - Name string `json:"name"` - Password string `json:"password"` - IsAdmin bool `json:"is_admin"` - MatrixID string `json:"matrix_id"` + Name *string `json:"name"` + Password *string `json:"password"` + IsAdmin *bool `json:"is_admin"` + MatrixID *string `json:"matrix_id"` }