add support to update permissions
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@@ -6,6 +6,7 @@ import (
|
||||
"log"
|
||||
"net/http"
|
||||
"smt/models"
|
||||
"smt/utils"
|
||||
"strings"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
@@ -173,3 +174,80 @@ func DeletePermissionHandler(c *gin.Context) {
|
||||
c.JSON(http.StatusOK, gin.H{"message": "permission deletion success"})
|
||||
}
|
||||
}
|
||||
|
||||
func UpdatePermissionHandler(c *gin.Context) {
|
||||
var input PermissionInput
|
||||
var RequestingUserId int
|
||||
|
||||
if err := c.ShouldBindJSON(&input); err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
// Input validation
|
||||
if input.PermissionId == 0 {
|
||||
errString := "must specify permission id"
|
||||
log.Printf("UpdatePermissionHandler %s\n", errString)
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
||||
return
|
||||
}
|
||||
|
||||
if val, ok := c.Get("user-id"); !ok {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
|
||||
return
|
||||
} else {
|
||||
RequestingUserId = val.(int)
|
||||
}
|
||||
|
||||
// Check specified permission currently exists
|
||||
currentPermission, err := models.PermissionGetById(input.PermissionId)
|
||||
|
||||
if err != nil {
|
||||
errString := fmt.Sprintf("error querying existing permission : '%s'", err)
|
||||
log.Printf("UpdatePermissionHandler %s\n", errString)
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
||||
return
|
||||
}
|
||||
if (models.Permission{} == currentPermission) {
|
||||
errString := fmt.Sprintf("no permission id '%d' found", input.PermissionId)
|
||||
log.Printf("UpdatePermissionHandler %s\n", errString)
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
||||
return
|
||||
}
|
||||
|
||||
// create new struct with values supplied by user
|
||||
newPermission := models.Permission{
|
||||
PermissionId: input.PermissionId,
|
||||
Description: input.Description,
|
||||
ReadOnly: input.ReadOnly,
|
||||
SafeId: input.SafeId,
|
||||
UserId: input.UserId,
|
||||
GroupId: input.GroupId,
|
||||
}
|
||||
|
||||
//remove leading/trailing spaces in permission description
|
||||
newPermission.Description = html.EscapeString(strings.TrimSpace(newPermission.Description))
|
||||
|
||||
// Copy newPermission into currentPermission
|
||||
utils.UpdateStruct(¤tPermission, &newPermission)
|
||||
|
||||
// run the database update
|
||||
_, err = currentPermission.PermissionUpdate()
|
||||
|
||||
if err != nil {
|
||||
errString := fmt.Sprintf("error updating permission : '%s'", err)
|
||||
log.Printf("UpdatePermissionHandler %s\n", errString)
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
||||
return
|
||||
}
|
||||
|
||||
//create audit record
|
||||
a := models.Audit{
|
||||
UserId: RequestingUserId,
|
||||
IpAddress: c.ClientIP(),
|
||||
EventText: fmt.Sprintf("Updated Permission '%s' with id %d", currentPermission.Description, currentPermission.PermissionId),
|
||||
}
|
||||
a.AuditLogAdd()
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{"message": "permission update success"})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user