From b8284168110b8d1f672e1360474529e4e7a16bd4 Mon Sep 17 00:00:00 2001
From: Nathan Coad <nathan@thecoads.com>
Date: Wed, 10 Jan 2024 10:43:38 +1100
Subject: [PATCH] implement group delete

---
 controllers/controlGroups.go | 57 +++++++++++++++++++++++++++++++++---
 main.go                      |  4 +--
 models/group.go              | 34 ++++++++++++++++++++-
 3 files changed, 88 insertions(+), 7 deletions(-)

diff --git a/controllers/controlGroups.go b/controllers/controlGroups.go
index 3224fd3..29b6db0 100644
--- a/controllers/controlGroups.go
+++ b/controllers/controlGroups.go
@@ -2,21 +2,24 @@ package controllers
 
 import (
 	"fmt"
+	"html"
 	"log"
 	"net/http"
 	"smt/models"
+	"strings"
 
 	"github.com/gin-gonic/gin"
 )
 
-type AddGroupInput struct {
+type GroupInput struct {
+	GroupId   int    `db:"GroupId" json:"groupId"`
 	GroupName string `db:"GroupName" json:"groupName"`
 	LdapGroup bool   `db:"LdapGroup" json:"ldapGroup"`
 	LdapDn    string `db:"LdapDn" json:"ldapDn"`
 	Admin     bool   `db:"Admin" json:"admin"`
 }
 
-func GetGroups(c *gin.Context) {
+func GetGroupsHandler(c *gin.Context) {
 	groups, err := models.GroupList()
 
 	if err != nil {
@@ -29,8 +32,8 @@ func GetGroups(c *gin.Context) {
 	c.JSON(http.StatusOK, gin.H{"message": "success", "data": groups})
 }
 
-func AddGroup(c *gin.Context) {
-	var input AddGroupInput
+func AddGroupHandler(c *gin.Context) {
+	var input GroupInput
 
 	if err := c.ShouldBindJSON(&input); err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
@@ -53,6 +56,9 @@ func AddGroup(c *gin.Context) {
 	g.LdapDn = input.LdapDn
 	g.Admin = input.Admin
 
+	//remove leading/trailing spaces in groupname
+	g.GroupName = html.EscapeString(strings.TrimSpace(g.GroupName))
+
 	// Check if role already exists
 	testGroup, _ := models.GroupGetByName(g.GroupName)
 	log.Printf("AddGroup checking if group '%s' already exists\n", g.GroupName)
@@ -77,3 +83,46 @@ func AddGroup(c *gin.Context) {
 
 	c.JSON(http.StatusOK, gin.H{"message": "group creation success"})
 }
+
+func DeleteGroupHandler(c *gin.Context) {
+	var input GroupInput
+
+	if err := c.ShouldBindJSON(&input); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// Input validation
+	if input.GroupId == 0 && len(input.GroupName) == 0 {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "no group name or id specified"})
+		return
+	}
+
+	g := models.Group{}
+	g.GroupId = input.GroupId
+	g.GroupName = input.GroupName
+
+	//remove leading/trailing spaces in groupname
+	g.GroupName = html.EscapeString(strings.TrimSpace(g.GroupName))
+
+	// Confirm user account exists
+	testGroup, _ := models.GroupGetByName(g.GroupName)
+	log.Printf("DeleteGroupHandler confirming group '%s' exists\n", g.GroupName)
+	if (models.Group{} == testGroup) {
+		errString := fmt.Sprintf("attempt to delete non-existing group '%s'", g.GroupName)
+		log.Printf("DeleteGroupHandler %s\n", errString)
+		c.JSON(http.StatusBadRequest, gin.H{"error": errString})
+		return
+	} else {
+		err := g.GroupDelete()
+
+		if err != nil {
+			errString := fmt.Sprintf("error deleting group : '%s'", err)
+			log.Printf("DeleteGroupHandler %s\n", errString)
+			c.JSON(http.StatusBadRequest, gin.H{"error": errString})
+			return
+		}
+
+		c.JSON(http.StatusOK, gin.H{"message": "group deletion success"})
+	}
+}
diff --git a/main.go b/main.go
index f05b035..3cf1241 100644
--- a/main.go
+++ b/main.go
@@ -251,8 +251,8 @@ func main() {
 	//adminOnly.POST("/user/update", controllers.UpdateUser)
 
 	// Group functions for admin
-	adminOnly.GET("/groups", controllers.GetGroups)
-	adminOnly.POST("/group/add", controllers.AddGroup)
+	adminOnly.GET("/groups", controllers.GetGroupsHandler)
+	adminOnly.POST("/group/add", controllers.AddGroupHandler)
 	// TODO
 	//adminOnly.POST("/group/update", controllers.UpdateGroup)
 	//adminOnly.POST("/group/delete", controllers.DeleteGroup)
diff --git a/models/group.go b/models/group.go
index 9cdb5fd..df3f803 100644
--- a/models/group.go
+++ b/models/group.go
@@ -58,7 +58,7 @@ func GroupList() ([]Group, error) {
 func (g *Group) GroupAdd() (*Group, error) {
 	var err error
 
-	// Validate role not already in use
+	// Validate group not already in use
 	_, err = GroupGetByName(g.GroupName)
 
 	if err != nil && err.Error() == "group not found" {
@@ -80,3 +80,35 @@ func (g *Group) GroupAdd() (*Group, error) {
 
 	return g, nil
 }
+
+// GroupDelete removes a group definition to the database
+func (g *Group) GroupDelete() error {
+	var err error
+
+	// Validate group exists
+	group, err := GroupGetByName(g.GroupName)
+	if err != nil && err.Error() == "group not found" {
+		log.Printf("GroupDelete unable to validate group exists : '%s'\n", err)
+		return err
+	}
+
+	// Make sure we have a group ID
+	if g.GroupId == 0 {
+		g.GroupId = group.GroupId
+	}
+
+	// Delete the group
+	log.Printf("GroupDelete confirmed group exists, continuing with deletion of group '%s'\n", g.GroupName)
+	result, err := db.NamedExec((`DELETE FROM group WHERE GroupId = :GroupId`), g)
+
+	if err != nil {
+		log.Printf("GroupDelete error executing sql delete : '%s'\n", err)
+		return err
+	} else {
+		affected, _ := result.RowsAffected()
+		id, _ := result.LastInsertId()
+		log.Printf("GroupDelete returned result id '%d' affecting %d row(s).\n", id, affected)
+	}
+
+	return nil
+}