add permission definition

2024-01-11 14:32:50 +11:00
parent 1ffa19d225
commit afec665759
6 changed files with 99 additions and 7 deletions
--- a/controllers/controlPermissions.go
+++ b/controllers/controlPermissions.go
@@ -64,10 +64,10 @@ func AddPermissionHandler(c *gin.Context) {
 		GroupId:      input.GroupId,
 	}

-	//remove leading/trailing spaces in groupname
+	//remove leading/trailing spaces in permission description
 	p.Description = html.EscapeString(strings.TrimSpace(p.Description))

-	// Check if role already exists
+	// Check if permission definition already exists
 	testPermission, _ := models.PermissionGetByDesc(p.Description)
 	log.Printf("AddPermissionHandler checking if permissions with description '%s' already exists\n", p.Description)

@@ -91,3 +91,53 @@ func AddPermissionHandler(c *gin.Context) {

 	c.JSON(http.StatusOK, gin.H{"message": "permission creation success", "data": p})
 }
+
+func DeletePermissionHandler(c *gin.Context) {
+	var input PermissionInput
+
+	if err := c.ShouldBindJSON(&input); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// Input validation
+	if input.PermissionId == 0 && len(input.Description) == 0 {
+		errString := "no permission description or id specified"
+		log.Printf("DeletePermissionHandler %s\n", errString)
+		c.JSON(http.StatusBadRequest, gin.H{"error": errString})
+		return
+	}
+
+	p := models.Permission{
+		PermissionId: input.PermissionId,
+		Description:  input.Description,
+		ReadOnly:     input.ReadOnly,
+		SafeId:       input.SafeId,
+		UserId:       input.UserId,
+		GroupId:      input.GroupId,
+	}
+
+	//remove leading/trailing spaces in permission description
+	p.Description = html.EscapeString(strings.TrimSpace(p.Description))
+
+	// Check if permission definition already exists
+	testPermission, _ := models.PermissionGetByDesc(p.Description)
+	log.Printf("DeletePermissionHandler confirming permission with description '%s' exists\n", p.Description)
+	if (models.Permission{} == testPermission) {
+		errString := fmt.Sprintf("attempt to delete non-existing permission with description '%s'", p.Description)
+		log.Printf("DeletePermissionHandler %s\n", errString)
+		c.JSON(http.StatusBadRequest, gin.H{"error": errString})
+		return
+	} else {
+		err := p.PermissionDelete()
+
+		if err != nil {
+			errString := fmt.Sprintf("error deleting permission : '%s'", err)
+			log.Printf("DeletePermissionHandler %s\n", errString)
+			c.JSON(http.StatusBadRequest, gin.H{"error": errString})
+			return
+		}
+
+		c.JSON(http.StatusOK, gin.H{"message": "permission deletion success"})
+	}
+}
--- a/main.go
+++ b/main.go
@@ -260,6 +260,7 @@ func main() {
 	// Permission functions for admin
 	adminOnly.GET("/permissions", controllers.GetPermissionsHandler)
 	adminOnly.POST("/permission/add", controllers.AddPermissionHandler)
+	adminOnly.POST("/permission/delete", controllers.DeletePermissionHandler)

 	// Safe functions for admin
 	adminOnly.GET("/safe/listall", controllers.GetAllSafesHandler)
--- a/models/group.go
+++ b/models/group.go
@@ -84,7 +84,7 @@ func (g *Group) GroupAdd() (*Group, error) {
 	return g, nil
 }

-// GroupDelete removes a group definition to the database
+// GroupDelete removes a group definition from the database
 func (g *Group) GroupDelete() error {
 	var err error

--- a/models/permissions.go
+++ b/models/permissions.go
@@ -100,3 +100,45 @@ func (p *Permission) PermissionAdd() (*Permission, error) {

 	return p, nil
 }
+
+// PermissionDelete removes a permission definition from the database
+func (p *Permission) PermissionDelete() error {
+	var err error
+	var permission Permission
+
+	// Validate permission exists
+	if p.PermissionId > 0 {
+		permission, err = PermissionGetById(p.PermissionId)
+	} else if len(p.Description) > 0 {
+		permission, err = PermissionGetByDesc(p.Description)
+	} else {
+		errString := "unable to identify permission with supplied parameters"
+		log.Printf("PermissionDelete %s\n", errString)
+		return errors.New(errString)
+	}
+
+	if err != nil && err.Error() == "permission not found" {
+		log.Printf("PermissionDelete unable to validate group exists : '%s'\n", err)
+		return err
+	}
+
+	// Make sure we have a group ID
+	if p.PermissionId == 0 {
+		p.PermissionId = permission.PermissionId
+	}
+
+	// Delete the group
+	log.Printf("PermissionDelete confirmed group exists, continuing with deletion of permission id %d, '%s'\n", p.PermissionId, p.Description)
+	result, err := db.NamedExec((`DELETE FROM permissions WHERE PermissionId = :PermissionId`), p)
+
+	if err != nil {
+		log.Printf("PermissionDelete error executing sql delete : '%s'\n", err)
+		return err
+	} else {
+		affected, _ := result.RowsAffected()
+		id, _ := result.LastInsertId()
+		log.Printf("PermissionDelete returned result id '%d' affecting %d row(s).\n", id, affected)
+	}
+
+	return nil
+}
--- a/models/setup.go
+++ b/models/setup.go
@@ -37,8 +37,7 @@ const createUsers string = `
 		UserName VARCHAR,
 		Password VARCHAR,
 		Admin BOOLEAN DEFAULT 0,
-		LdapUser BOOLEAN DEFAULT 0,
-		FOREIGN KEY (GroupId) REFERENCES groups(GroupId)
+		LdapUser BOOLEAN DEFAULT 0
 	);
 `

@@ -279,7 +278,6 @@ func CreateTables() {
 			Password VARCHAR,
 			Admin BOOLEAN DEFAULT 0,
 			LdapUser BOOLEAN DEFAULT 0
-			FOREIGN KEY (GroupId) REFERENCES groups(GroupId)
 		);
 		INSERT INTO users SELECT * FROM _users_old;
 		COMMIT;
--- a/models/user.go
+++ b/models/user.go
@@ -116,7 +116,8 @@ func LoginCheck(username string, password string) (string, error) {
 	u := User{}

 	// Query database for matching user object
-	err = db.QueryRowx("SELECT * FROM Users WHERE Username=?", username).StructScan(&u)
+	// Use IFNULL to handle situation where a user might not be a member of a group
+	err = db.QueryRowx("SELECT UserId, IFNULL(GroupId, 0) GroupId, UserName, Password, LdapUser, Admin FROM Users WHERE Username=?", username).StructScan(&u)

 	if err != nil {
 		if err == sql.ErrNoRows {