From 526161f6b4ccff445f26726fea2a81927349755e Mon Sep 17 00:00:00 2001
From: Nathan Coad <nathan@thecoads.com>
Date: Wed, 3 Apr 2024 11:10:36 +1100
Subject: [PATCH] bugfix permission delete when only permissionId specified

---
 controllers/controlPermissions.go | 54 +++++++++++++++++++------------
 1 file changed, 34 insertions(+), 20 deletions(-)

diff --git a/controllers/controlPermissions.go b/controllers/controlPermissions.go
index 715da32..75554c8 100644
--- a/controllers/controlPermissions.go
+++ b/controllers/controlPermissions.go
@@ -146,33 +146,47 @@ func DeletePermissionHandler(c *gin.Context) {
 	p.Description = html.EscapeString(strings.TrimSpace(p.Description))
 
 	// Check if permission definition already exists
-	testPermission, _ := models.PermissionGetByDesc(p.Description)
-	log.Printf("DeletePermissionHandler confirming permission with description '%s' exists\n", p.Description)
-	if (models.Permission{} == testPermission) {
-		errString := fmt.Sprintf("attempt to delete non-existing permission with description '%s'", p.Description)
-		log.Printf("DeletePermissionHandler %s\n", errString)
-		c.JSON(http.StatusBadRequest, gin.H{"error": errString})
-		return
-	} else {
-		err := p.PermissionDelete()
+	if len(p.Description) > 0 {
+		log.Printf("DeletePermissionHandler confirming permission with description '%s' exists\n", p.Description)
+		testPermission, _ := models.PermissionGetByDesc(p.Description)
 
-		// Create audit record
-		a := models.Audit{
-			UserId:    RequestingUserId,
-			IpAddress: c.ClientIP(),
-			EventText: fmt.Sprintf("Deleted Permission '%s' with id %d", p.Description, p.PermissionId),
-		}
-		a.AuditLogAdd()
-
-		if err != nil {
-			errString := fmt.Sprintf("error deleting permission : '%s'", err)
+		if (models.Permission{} == testPermission) {
+			errString := fmt.Sprintf("attempt to delete non-existing permission with description '%s'", p.Description)
 			log.Printf("DeletePermissionHandler %s\n", errString)
 			c.JSON(http.StatusBadRequest, gin.H{"error": errString})
 			return
 		}
+	} else {
+		log.Printf("DeletePermissionHandler confirming permission with id '%d' exists\n", p.PermissionId)
+		testPermission, _ := models.PermissionGetById(p.PermissionId)
 
-		c.JSON(http.StatusOK, gin.H{"message": "permission deletion success"})
+		if (models.Permission{} == testPermission) {
+			errString := fmt.Sprintf("attempt to delete non-existing permission with id '%d'", p.PermissionId)
+			log.Printf("DeletePermissionHandler %s\n", errString)
+			c.JSON(http.StatusBadRequest, gin.H{"error": errString})
+			return
+		}
 	}
+
+	err := p.PermissionDelete()
+
+	// Create audit record
+	a := models.Audit{
+		UserId:    RequestingUserId,
+		IpAddress: c.ClientIP(),
+		EventText: fmt.Sprintf("Deleted Permission '%s' with id %d", p.Description, p.PermissionId),
+	}
+	a.AuditLogAdd()
+
+	if err != nil {
+		errString := fmt.Sprintf("error deleting permission : '%s'", err)
+		log.Printf("DeletePermissionHandler %s\n", errString)
+		c.JSON(http.StatusBadRequest, gin.H{"error": errString})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "permission deletion success"})
+
 }
 
 func UpdatePermissionHandler(c *gin.Context) {