new schema initial commit
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
146
models/user.go
146
models/user.go
@@ -5,20 +5,19 @@ import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"smt/utils/token"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
|
||||
type User struct {
|
||||
UserId int `db:"UserId" json:"userId"`
|
||||
RoleId int `db:"RoleId" json:"roleId"`
|
||||
GroupId int `db:"GroupId" json:"groupId"`
|
||||
UserName string `db:"UserName" json:"userName"`
|
||||
Password string `db:"Password" json:"-"`
|
||||
LdapUser bool `db:"LdapUser" json:"ldapUser"`
|
||||
LdapDn string `db:"LdapDN" json:"ldapDn"`
|
||||
Admin bool `db:"Admin"`
|
||||
//LdapDn string `db:"LdapDN" json:"ldapDn"`
|
||||
}
|
||||
|
||||
type UserRole struct {
|
||||
@@ -28,15 +27,32 @@ type UserRole struct {
|
||||
Admin bool `db:"Admin"`
|
||||
}
|
||||
|
||||
type UserGroup struct {
|
||||
User
|
||||
GroupName string `db:"GroupName"`
|
||||
LdapGroup bool `db:"LdapGroup"`
|
||||
LdapDn string `db:"LdapDN"`
|
||||
Admin bool `db:"Admin"`
|
||||
}
|
||||
|
||||
type UserSafe struct {
|
||||
User
|
||||
AdminUser bool `db:"AdminUser"`
|
||||
AdminGroup bool `db:"AdminGroup"`
|
||||
SafeId int `db:"SafeId"`
|
||||
SafeName string `db:"SafeName"`
|
||||
GroupId int `db:"GroupId"`
|
||||
}
|
||||
|
||||
func (u *User) SaveUser() (*User, error) {
|
||||
|
||||
var err error
|
||||
|
||||
// Validate username not already in use
|
||||
_, err = GetUserByName(u.UserName)
|
||||
_, err = UserGetByName(u.UserName)
|
||||
if err != nil && err.Error() == "user not found" {
|
||||
log.Printf("SaveUser confirmed no existing user, continuing with creation of user '%s'\n", u.UserName)
|
||||
result, err := db.NamedExec((`INSERT INTO users (RoleId, UserName, Password, LdapUser, LdapDn) VALUES (:RoleId, :UserName, :Password, :LdapUser, :LdapDN)`), u)
|
||||
result, err := db.NamedExec((`INSERT INTO users (GroupId, UserName, Password, LdapUser) VALUES (:GroupId, :UserName, :Password, :LdapUser`), u)
|
||||
|
||||
if err != nil {
|
||||
log.Printf("SaveUser error executing sql record : '%s'\n", err)
|
||||
@@ -56,7 +72,7 @@ func (u *User) SaveUser() (*User, error) {
|
||||
func (u *User) DeleteUser() error {
|
||||
|
||||
// Validate username exists
|
||||
_, err := GetUserByName(u.UserName)
|
||||
_, err := UserGetByName(u.UserName)
|
||||
if err != nil {
|
||||
log.Printf("DeleteUser error finding user account to remove : '%s'\n", err)
|
||||
return err
|
||||
@@ -180,7 +196,7 @@ func LdapLoginCheck(username string, password string) (User, error) {
|
||||
u.UserName = username
|
||||
|
||||
// try to get LDAP group membership
|
||||
groups, err := GetLdapGroupMembership(username, password)
|
||||
ldapGroups, err := LdapGetGroupMembership(username, password)
|
||||
if err != nil {
|
||||
if err.Error() == "invalid user credentials" {
|
||||
return u, nil
|
||||
@@ -190,22 +206,37 @@ func LdapLoginCheck(username string, password string) (User, error) {
|
||||
}
|
||||
|
||||
// Compare all roles against the list of user's group membership
|
||||
roleList, err := QueryRoles()
|
||||
//roleList, err := QueryRoles()
|
||||
groupList, err := GroupList()
|
||||
if err != nil {
|
||||
return u, err
|
||||
}
|
||||
|
||||
matchFound := false
|
||||
for _, role := range roleList {
|
||||
for _, group := range groups {
|
||||
if role.LdapGroup == group {
|
||||
log.Printf("Found match with role '%s' and LDAP group '%s', user is allowed role ID '%d'\n", role.RoleName, role.LdapGroup, role.RoleId)
|
||||
u.RoleId = role.RoleId
|
||||
/*
|
||||
for _, role := range roleList {
|
||||
for _, group := range groups {
|
||||
if role.LdapGroup == group {
|
||||
log.Printf("Found match with role '%s' and LDAP group '%s', user is allowed role ID '%d'\n", role.RoleName, role.LdapGroup, role.RoleId)
|
||||
u.RoleId = role.RoleId
|
||||
matchFound = true
|
||||
break
|
||||
} //else {
|
||||
//log.Printf("Role '%s' with LDAP group '%s' not match user group '%s'\n", role.RoleName, role.LdapGroup, group)
|
||||
//}
|
||||
}
|
||||
}
|
||||
*/
|
||||
for _, group := range groupList {
|
||||
for _, lg := range ldapGroups {
|
||||
if group.LdapDn == lg {
|
||||
log.Printf("Found match with groupname '%s' and LDAP group DN '%s', user is a member of group ID '%d'\n", group.GroupName, group.LdapDn, group.GroupId)
|
||||
u.GroupId = group.GroupId
|
||||
matchFound = true
|
||||
break
|
||||
} //else {
|
||||
//log.Printf("Role '%s' with LDAP group '%s' not match user group '%s'\n", role.RoleName, role.LdapGroup, group)
|
||||
//}
|
||||
} else {
|
||||
log.Printf("Groupname '%s' with LDAP group '%s' not match user group '%s'\n", group.GroupName, group.LdapDn, lg)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -226,7 +257,7 @@ func StoreLdapUser(u *User) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func GetUserByID(uid uint) (User, error) {
|
||||
func UserGetByID(uid uint) (User, error) {
|
||||
|
||||
var u User
|
||||
|
||||
@@ -246,7 +277,7 @@ func GetUserByID(uid uint) (User, error) {
|
||||
|
||||
}
|
||||
|
||||
func GetUserByName(username string) (User, error) {
|
||||
func UserGetByName(username string) (User, error) {
|
||||
|
||||
var u User
|
||||
|
||||
@@ -259,6 +290,7 @@ func GetUserByName(username string) (User, error) {
|
||||
return u, nil
|
||||
}
|
||||
|
||||
/*
|
||||
func GetUserRoleByID(uid uint) (UserRole, error) {
|
||||
|
||||
var ur UserRole
|
||||
@@ -273,8 +305,26 @@ func GetUserRoleByID(uid uint) (UserRole, error) {
|
||||
|
||||
return ur, nil
|
||||
}
|
||||
*/
|
||||
|
||||
func GetUserRoleFromToken(c *gin.Context) (UserRole, error) {
|
||||
func UserGetGroupByID(uid uint) (UserGroup, error) {
|
||||
|
||||
var ug UserGroup
|
||||
|
||||
// Query database for matching user object
|
||||
log.Printf("UserGetGroupByID querying for userid '%d'\n", uid)
|
||||
|
||||
err := db.QueryRowx("SELECT users.UserId, users.GroupId, users.UserName, users.Password, users.LdapUser, groups.GroupName, groups.LdapGroup, groups.LdapDN, groups.Admin FROM users INNER JOIN groups ON users.GroupId = groups.GroupId WHERE users.UserId=?", uid).StructScan(&ug)
|
||||
if err != nil {
|
||||
log.Printf("UserGetGroupByID received error when querying database : '%s'\n", err)
|
||||
return ug, errors.New("UserGetGroupByID user id not found")
|
||||
}
|
||||
|
||||
return ug, nil
|
||||
}
|
||||
|
||||
/*
|
||||
func UserGetRoleFromToken(c *gin.Context) (UserRole, error) {
|
||||
|
||||
var ur UserRole
|
||||
|
||||
@@ -286,17 +336,45 @@ func GetUserRoleFromToken(c *gin.Context) (UserRole, error) {
|
||||
}
|
||||
|
||||
// Query database for matching user object
|
||||
log.Printf("GetUserRoleFromToken querying for userid '%d'\n", user_id)
|
||||
log.Printf("UserGetRoleFromToken querying for userid '%d'\n", user_id)
|
||||
err = db.QueryRowx("SELECT users.UserId, users.RoleId, users.UserName, users.Password, users.LdapUser, users.LdapDN, roles.RoleName, roles.ReadOnly, roles.Admin FROM users INNER JOIN roles ON users.RoleId = roles.RoleId WHERE users.UserId=?", user_id).StructScan(&ur)
|
||||
if err != nil {
|
||||
log.Printf("GetUserRoleFromToken received error when querying database : '%s'\n", err)
|
||||
return ur, errors.New("GetUserRoleFromToken user not found")
|
||||
log.Printf("UserGetRoleFromToken received error when querying database : '%s'\n", err)
|
||||
return ur, errors.New("UserGetRoleFromToken user not found")
|
||||
}
|
||||
|
||||
return ur, nil
|
||||
}
|
||||
*/
|
||||
|
||||
func QueryUsers() ([]User, error) {
|
||||
func UserGetSafesAllowed(userId int) ([]UserSafe, error) {
|
||||
|
||||
var results []UserSafe
|
||||
|
||||
// join users, groups and permissions
|
||||
rows, err := db.Queryx("SELECT users.UserId, users.GroupId, users.Admin as AdminUser, groups.Admin as AdminGroup, permissions.SafeId, safe.SafeName FROM users INNER JOIN groups ON users.GroupId = groups.GroupId INNER JOIN permissions ON groups.GroupId = permissions.GroupId INNER JOIN safes on permissions.SafeId = safes.SafeId WHERE users.UserId=?", userId)
|
||||
if err != nil {
|
||||
log.Printf("UserGetSafesAllowed error executing sql record : '%s'\n", err)
|
||||
return results, err
|
||||
} else {
|
||||
// parse all the results into a slice
|
||||
for rows.Next() {
|
||||
var us UserSafe
|
||||
err = rows.StructScan(&us)
|
||||
if err != nil {
|
||||
log.Printf("UserGetSafesAllowed error parsing sql record : '%s'\n", err)
|
||||
return results, err
|
||||
}
|
||||
results = append(results, us)
|
||||
|
||||
}
|
||||
log.Printf("UserGetSafesAllowed retrieved '%d' results\n", len(results))
|
||||
}
|
||||
|
||||
return results, nil
|
||||
}
|
||||
|
||||
func UserList() ([]User, error) {
|
||||
var results []User
|
||||
|
||||
// Query database for role definitions
|
||||
@@ -322,3 +400,23 @@ func QueryUsers() ([]User, error) {
|
||||
|
||||
return results, nil
|
||||
}
|
||||
|
||||
func UserCheckIfAdmin(userId int) bool {
|
||||
// TODO
|
||||
|
||||
u, err := UserGetByID(uint(userId))
|
||||
if err != nil {
|
||||
log.Printf("UserCheckIfAdmin received error : '%s'\n", err)
|
||||
return false
|
||||
}
|
||||
|
||||
return u.Admin
|
||||
}
|
||||
|
||||
func UserGetSafe() {
|
||||
|
||||
}
|
||||
|
||||
// need a way of checking what safe a user has access to
|
||||
// if they only have access to one then that is easy
|
||||
// if they are an admin then they have access to everything
|
||||
|
||||
Reference in New Issue
Block a user