3pp-mirror/pushbits
1
0
Fork 0
mirror of https://github.com/pushbits/server.git synced 2025-06-09 06:01:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

Partially implement updates of models

Browse source
This commit is contained in:
eikendev 2020-08-02 02:46:38 +02:00
parent 6a77df8373
commit d621333b6e
No known key found for this signature in database
GPG key ID: A1BDB1B28C8EF694
9 changed files with 158 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

62
api/user.go
View file

@ -5,6 +5,7 @@ import (
"log"
"net/http"
"github.com/eikendev/pushbits/authentication"
"github.com/eikendev/pushbits/model"
"github.com/gin-gonic/gin"
@ -14,6 +15,7 @@ import (
type UserDatabase interface {
CreateUser(user model.ExternalUserWithCredentials) (*model.User, error)
DeleteUser(user *model.User) error
UpdateUser(user *model.User) error
GetUserByID(ID uint) (*model.User, error)
GetUserByName(name string) (*model.User, error)
GetApplications(user *model.User) ([]model.Application, error)
@ -36,6 +38,16 @@ func (h *UserHandler) userExists(name string) bool {
return user != nil
}
func (h *UserHandler) ensureIsNotLastAdmin(ctx *gin.Context) (int, error) {
if count, err := h.DB.AdminUserCount(); err != nil {
return http.StatusInternalServerError, err
} else if count == 1 {
return http.StatusBadRequest, errors.New("instance needs at least one privileged user")
}
return 0, nil
}
// CreateUser creates a new user.
func (h *UserHandler) CreateUser(ctx *gin.Context) {
var externalUser model.ExternalUserWithCredentials
@ -67,16 +79,14 @@ func (h *UserHandler) DeleteUser(ctx *gin.Context) {
}
user, err := h.DB.GetUserByID(deleteUser.ID)
if success := successOrAbort(ctx, http.StatusBadRequest, err); !success {
if success := successOrAbort(ctx, http.StatusNotFound, err); !success {
return
}
// Last privileged user must not be deleted.
if user.IsAdmin {
if count, err := h.DB.AdminUserCount(); err != nil {
ctx.AbortWithError(http.StatusInternalServerError, err)
return
} else if count == 1 {
ctx.AbortWithError(http.StatusBadRequest, errors.New("cannot delete last admin user"))
if status, err := h.ensureIsNotLastAdmin(ctx); err != nil {
ctx.AbortWithError(status, err)
return
}
}
@ -100,3 +110,43 @@ func (h *UserHandler) DeleteUser(ctx *gin.Context) {
ctx.JSON(http.StatusOK, gin.H{})
}
// UpdateUser updates a user with a certain ID.
func (h *UserHandler) UpdateUser(ctx *gin.Context) {
var updateUser model.UpdateUser
if success := successOrAbort(ctx, http.StatusBadRequest, ctx.BindUri(&updateUser)); !success {
return
}
user, err := h.DB.GetUserByID(updateUser.ID)
if success := successOrAbort(ctx, http.StatusNotFound, err); !success {
return
}
currentUser := authentication.GetUser(ctx)
// Last privileged user must not be taken privileges. Assumes that the current user has privileges.
if user.ID == currentUser.ID && !updateUser.IsAdmin {
if status, err := h.ensureIsNotLastAdmin(ctx); err != nil {
ctx.AbortWithError(status, err)
return
}
}
log.Printf("Updating user %s.\n", user.Name)
// If users can later update their own user, make sure they cannot give themselves privileges.
// TODO: Handle unbound members.
// TODO: Allow updating of password.
// TODO: Update rooms of applications when the user's MatrixID changes.
user.Name = updateUser.Name
user.MatrixID = updateUser.MatrixID
user.IsAdmin = updateUser.IsAdmin
if success := successOrAbort(ctx, http.StatusInternalServerError, h.DB.UpdateUser(user)); !success {
return
}
ctx.JSON(http.StatusOK, gin.H{})
}