From 0899b07d4777f9504222e04b901554b2f986734c Mon Sep 17 00:00:00 2001
From: Nathan Coad <nathan@thecoads.com>
Date: Wed, 10 Jan 2024 09:16:52 +1100
Subject: [PATCH] work on adding group support

---
 controllers/auth.go                           |  6 +--
 controllers/controlGroups.go                  | 34 +++++++++++++++++
 ...retrieve_secrets.go => retrieveSecrets.go} |  0
 .../{store_secrets.go => storeSecrets.go}     |  0
 main.go                                       | 18 +++++++--
 models/group.go                               | 37 ++++++++++++++++---
 6 files changed, 83 insertions(+), 12 deletions(-)
 create mode 100644 controllers/controlGroups.go
 rename controllers/{retrieve_secrets.go => retrieveSecrets.go} (100%)
 rename controllers/{store_secrets.go => storeSecrets.go} (100%)

diff --git a/controllers/auth.go b/controllers/auth.go
index 845d962..be15291 100644
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -15,7 +15,7 @@ import (
 	"golang.org/x/crypto/bcrypt"
 )
 
-type RegisterInput struct {
+type AddUserInput struct {
 	UserName  string `json:"userName" binding:"required"`
 	Password  string `json:"password" binding:"required"`
 	GroupId   int    `json:"groupId"`
@@ -73,8 +73,8 @@ func DeleteUser(c *gin.Context) {
 	}
 }
 
-func RegisterUser(c *gin.Context) {
-	var input RegisterInput
+func AddUser(c *gin.Context) {
+	var input AddUserInput
 
 	if err := c.ShouldBindJSON(&input); err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
diff --git a/controllers/controlGroups.go b/controllers/controlGroups.go
new file mode 100644
index 0000000..487380f
--- /dev/null
+++ b/controllers/controlGroups.go
@@ -0,0 +1,34 @@
+package controllers
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"smt/models"
+
+	"github.com/gin-gonic/gin"
+)
+
+type AddGroupInput struct {
+	GroupName string `db:"GroupName" json:"groupName"`
+	LdapGroup bool   `db:"LdapGroup" json:"ldapGroup"`
+	LdapDn    string `db:"LdapDN" json:"ldapDn"`
+	Admin     bool   `db:"Admin" json:"admin"`
+}
+
+func GetGroups(c *gin.Context) {
+	groups, err := models.GroupList()
+
+	if err != nil {
+		errString := fmt.Sprintf("error retrieving groups : '%s'", err)
+		log.Printf("GetGroups %s\n", errString)
+		c.JSON(http.StatusBadRequest, gin.H{"error": errString})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "success", "data": groups})
+}
+
+func AddGroup(c *gin.Context) {
+
+}
diff --git a/controllers/retrieve_secrets.go b/controllers/retrieveSecrets.go
similarity index 100%
rename from controllers/retrieve_secrets.go
rename to controllers/retrieveSecrets.go
diff --git a/controllers/store_secrets.go b/controllers/storeSecrets.go
similarity index 100%
rename from controllers/store_secrets.go
rename to controllers/storeSecrets.go
diff --git a/main.go b/main.go
index 88e78a8..a6f03a1 100644
--- a/main.go
+++ b/main.go
@@ -241,13 +241,23 @@ func main() {
 	// API calls that only an administrator can make
 	adminOnly := router.Group("/api/admin")
 	adminOnly.Use(middlewares.JwtAuthAdminMiddleware())
+
+	// User functions for admin
 	adminOnly.POST("/user/delete", controllers.DeleteUser)
-	adminOnly.POST("/user/register", controllers.RegisterUser) // TODO deprecate
-	adminOnly.POST("/user/add", controllers.RegisterUser)
+	adminOnly.POST("/user/register", controllers.AddUser) // TODO deprecate
+	adminOnly.POST("/user/add", controllers.AddUser)
+	adminOnly.GET("/users", controllers.GetUsers)
 	// TODO
 	//adminOnly.POST("/user/update", controllers.UpdateUser)
-	//adminOnly.GET("/groups/list", controllers.ListGroups)
-	adminOnly.GET("/users", controllers.GetUsers)
+
+	// Group functions for admin
+	adminOnly.GET("/groups", controllers.GetGroups)
+	adminOnly.GET("/group/add", controllers.AddGroup)
+	// TODO
+	//adminOnly.GET("/group/update", controllers.UpdateGroup)
+	//adminOnly.GET("/group/delete", controllers.DeleteGroup)
+
+	// Other functions for admin
 	adminOnly.POST("/unlock", controllers.Unlock)
 
 	// Deprecated
diff --git a/models/group.go b/models/group.go
index f8a4314..61fd723 100644
--- a/models/group.go
+++ b/models/group.go
@@ -6,11 +6,11 @@ import (
 )
 
 type Group struct {
-	GroupId   int    `db:"GroupId"`
-	GroupName string `db:"GroupName"`
-	LdapGroup bool   `db:"LdapGroup"`
-	LdapDn    string `db:"LdapDN"`
-	Admin     bool   `db:"Admin"`
+	GroupId   int    `db:"GroupId" json:"groupId"`
+	GroupName string `db:"GroupName" json:"groupName"`
+	LdapGroup bool   `db:"LdapGroup" json:"ldapGroup"`
+	LdapDn    string `db:"LdapDN" json:"ldapDn"`
+	Admin     bool   `db:"Admin" json:"admin"`
 }
 
 // GroupGetByName queries the database for the specified group name
@@ -53,3 +53,30 @@ func GroupList() ([]Group, error) {
 
 	return results, nil
 }
+
+// GroupAdd adds a new group definition to the database
+func (g *Group) GroupAdd() (*Group, error) {
+	var err error
+
+	// Validate role not already in use
+	_, err = GroupGetByName(g.GroupName)
+
+	if err != nil && err.Error() == "group not found" {
+		log.Printf("GroupAdd confirmed no existing group, continuing with creation of group '%s'\n", g.GroupName)
+
+		result, err := db.NamedExec(("INSERT INTO groups (GroupName, LdapGroup, LdapDn, Admin) VALUES (:GroupName, :LdapGroup, :LdapDn, :Admin);"), g)
+
+		if err != nil {
+			log.Printf("GroupAdd error executing sql record : '%s'\n", err)
+			return &Group{}, err
+		} else {
+			affected, _ := result.RowsAffected()
+			id, _ := result.LastInsertId()
+			log.Printf("GroupAdd insert returned result id '%d' affecting %d row(s).\n", id, affected)
+		}
+	} else {
+		log.Printf("GroupAdd group name already exists : '%v'\n", err)
+	}
+
+	return g, nil
+}