mirror of
https://github.com/pushbits/server.git
synced 2025-07-19 09:27:24 +02:00
Partially implement updates of models
This commit is contained in:
parent
6a77df8373
commit
d621333b6e
9 changed files with 158 additions and 19 deletions
|
@ -1,7 +1,6 @@
|
|||
package api
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"log"
|
||||
"net/http"
|
||||
|
||||
|
@ -15,6 +14,7 @@ import (
|
|||
type ApplicationDatabase interface {
|
||||
CreateApplication(application *model.Application) error
|
||||
DeleteApplication(application *model.Application) error
|
||||
UpdateApplication(application *model.Application) error
|
||||
GetApplicationByID(ID uint) (*model.Application, error)
|
||||
GetApplicationByToken(token string) (*model.Application, error)
|
||||
}
|
||||
|
@ -76,15 +76,11 @@ func (h *ApplicationHandler) DeleteApplication(ctx *gin.Context) {
|
|||
}
|
||||
|
||||
application, err := h.DB.GetApplicationByID(deleteApplication.ID)
|
||||
|
||||
if success := successOrAbort(ctx, http.StatusBadRequest, err); !success {
|
||||
if success := successOrAbort(ctx, http.StatusNotFound, err); !success {
|
||||
return
|
||||
}
|
||||
|
||||
user := authentication.GetUser(ctx)
|
||||
|
||||
if user.ID != application.ID {
|
||||
ctx.AbortWithError(http.StatusForbidden, errors.New("only owner can delete application"))
|
||||
if !isCurrentUser(ctx, application.UserID) {
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -100,3 +96,32 @@ func (h *ApplicationHandler) DeleteApplication(ctx *gin.Context) {
|
|||
|
||||
ctx.JSON(http.StatusOK, gin.H{})
|
||||
}
|
||||
|
||||
// UpdateApplication updates an application with a certain ID.
|
||||
func (h *ApplicationHandler) UpdateApplication(ctx *gin.Context) {
|
||||
var updateApplication model.UpdateApplication
|
||||
|
||||
if success := successOrAbort(ctx, http.StatusBadRequest, ctx.BindUri(&updateApplication)); !success {
|
||||
return
|
||||
}
|
||||
|
||||
application, err := h.DB.GetApplicationByID(updateApplication.ID)
|
||||
if success := successOrAbort(ctx, http.StatusNotFound, err); !success {
|
||||
return
|
||||
}
|
||||
|
||||
if !isCurrentUser(ctx, application.UserID) {
|
||||
return
|
||||
}
|
||||
|
||||
log.Printf("Updating application %s.\n", application.Name)
|
||||
|
||||
// TODO: Handle unbound members.
|
||||
application.Name = updateApplication.Name
|
||||
|
||||
if success := successOrAbort(ctx, http.StatusInternalServerError, h.DB.UpdateApplication(application)); !success {
|
||||
return
|
||||
}
|
||||
|
||||
ctx.JSON(http.StatusOK, gin.H{})
|
||||
}
|
||||
|
|
62
api/user.go
62
api/user.go
|
@ -5,6 +5,7 @@ import (
|
|||
"log"
|
||||
"net/http"
|
||||
|
||||
"github.com/eikendev/pushbits/authentication"
|
||||
"github.com/eikendev/pushbits/model"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
|
@ -14,6 +15,7 @@ import (
|
|||
type UserDatabase interface {
|
||||
CreateUser(user model.ExternalUserWithCredentials) (*model.User, error)
|
||||
DeleteUser(user *model.User) error
|
||||
UpdateUser(user *model.User) error
|
||||
GetUserByID(ID uint) (*model.User, error)
|
||||
GetUserByName(name string) (*model.User, error)
|
||||
GetApplications(user *model.User) ([]model.Application, error)
|
||||
|
@ -36,6 +38,16 @@ func (h *UserHandler) userExists(name string) bool {
|
|||
return user != nil
|
||||
}
|
||||
|
||||
func (h *UserHandler) ensureIsNotLastAdmin(ctx *gin.Context) (int, error) {
|
||||
if count, err := h.DB.AdminUserCount(); err != nil {
|
||||
return http.StatusInternalServerError, err
|
||||
} else if count == 1 {
|
||||
return http.StatusBadRequest, errors.New("instance needs at least one privileged user")
|
||||
}
|
||||
|
||||
return 0, nil
|
||||
}
|
||||
|
||||
// CreateUser creates a new user.
|
||||
func (h *UserHandler) CreateUser(ctx *gin.Context) {
|
||||
var externalUser model.ExternalUserWithCredentials
|
||||
|
@ -67,16 +79,14 @@ func (h *UserHandler) DeleteUser(ctx *gin.Context) {
|
|||
}
|
||||
|
||||
user, err := h.DB.GetUserByID(deleteUser.ID)
|
||||
if success := successOrAbort(ctx, http.StatusBadRequest, err); !success {
|
||||
if success := successOrAbort(ctx, http.StatusNotFound, err); !success {
|
||||
return
|
||||
}
|
||||
|
||||
// Last privileged user must not be deleted.
|
||||
if user.IsAdmin {
|
||||
if count, err := h.DB.AdminUserCount(); err != nil {
|
||||
ctx.AbortWithError(http.StatusInternalServerError, err)
|
||||
return
|
||||
} else if count == 1 {
|
||||
ctx.AbortWithError(http.StatusBadRequest, errors.New("cannot delete last admin user"))
|
||||
if status, err := h.ensureIsNotLastAdmin(ctx); err != nil {
|
||||
ctx.AbortWithError(status, err)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
@ -100,3 +110,43 @@ func (h *UserHandler) DeleteUser(ctx *gin.Context) {
|
|||
|
||||
ctx.JSON(http.StatusOK, gin.H{})
|
||||
}
|
||||
|
||||
// UpdateUser updates a user with a certain ID.
|
||||
func (h *UserHandler) UpdateUser(ctx *gin.Context) {
|
||||
var updateUser model.UpdateUser
|
||||
|
||||
if success := successOrAbort(ctx, http.StatusBadRequest, ctx.BindUri(&updateUser)); !success {
|
||||
return
|
||||
}
|
||||
|
||||
user, err := h.DB.GetUserByID(updateUser.ID)
|
||||
if success := successOrAbort(ctx, http.StatusNotFound, err); !success {
|
||||
return
|
||||
}
|
||||
|
||||
currentUser := authentication.GetUser(ctx)
|
||||
|
||||
// Last privileged user must not be taken privileges. Assumes that the current user has privileges.
|
||||
if user.ID == currentUser.ID && !updateUser.IsAdmin {
|
||||
if status, err := h.ensureIsNotLastAdmin(ctx); err != nil {
|
||||
ctx.AbortWithError(status, err)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
log.Printf("Updating user %s.\n", user.Name)
|
||||
|
||||
// If users can later update their own user, make sure they cannot give themselves privileges.
|
||||
// TODO: Handle unbound members.
|
||||
// TODO: Allow updating of password.
|
||||
// TODO: Update rooms of applications when the user's MatrixID changes.
|
||||
user.Name = updateUser.Name
|
||||
user.MatrixID = updateUser.MatrixID
|
||||
user.IsAdmin = updateUser.IsAdmin
|
||||
|
||||
if success := successOrAbort(ctx, http.StatusInternalServerError, h.DB.UpdateUser(user)); !success {
|
||||
return
|
||||
}
|
||||
|
||||
ctx.JSON(http.StatusOK, gin.H{})
|
||||
}
|
||||
|
|
16
api/util.go
16
api/util.go
|
@ -1,6 +1,11 @@
|
|||
package api
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"net/http"
|
||||
|
||||
"github.com/eikendev/pushbits/authentication"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
|
@ -11,3 +16,14 @@ func successOrAbort(ctx *gin.Context, code int, err error) bool {
|
|||
|
||||
return err == nil
|
||||
}
|
||||
|
||||
func isCurrentUser(ctx *gin.Context, ID uint) bool {
|
||||
user := authentication.GetUser(ctx)
|
||||
|
||||
if user.ID != ID {
|
||||
ctx.AbortWithError(http.StatusForbidden, errors.New("only owner can delete application"))
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue