nathan/smt
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases 2 Wiki Activity
Files
968bcf1b7a6518028316f5a6f8af8223ad869b42
smt/controllers/controlPermissions.go
Nathan Coad b5c9b5ce19
All checks were successful
continuous-integration/drone/push Build is passing
Details
more audit logs
2024-01-22 19:05:26 +11:00

176 lines
5.3 KiB
Go
Raw Blame History

package controllers
import (
"fmt"
"html"
"log"
"net/http"
"smt/models"
"strings"
"github.com/gin-gonic/gin"
)
type PermissionInput struct {
PermissionId int `db:"PermissionId" json:"permissionId"`
Description string `db:"Description" json:"description"`
ReadOnly bool `db:"ReadOnly" json:"readOnly"`
SafeId int `db:"SafeId" json:"safeId"`
UserId int `db:"UserId" json:"userId"`
GroupId int `db:"GroupId" json:"groupId"`
}
func GetPermissionsHandler(c *gin.Context) {
permissions, err := models.PermissionList()
if err != nil {
errString := fmt.Sprintf("error retrieving permissions : '%s'", err)
log.Printf("GetPermissionsHandler %s\n", errString)
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
return
}
c.JSON(http.StatusOK, gin.H{"message": "success", "data": permissions})
}
func AddPermissionHandler(c *gin.Context) {
var input PermissionInput
var RequestingUserId int
if err := c.ShouldBindJSON(&input); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
// Validate input
if len(input.Description) == 0 && input.PermissionId == 0 {
c.JSON(http.StatusBadRequest, gin.H{"error": "no permission id or description specified"})
return
}
if input.SafeId == 0 {
c.JSON(http.StatusBadRequest, gin.H{"error": "no safe id specified"})
return
}
if input.UserId == 0 && input.GroupId == 0 {
c.JSON(http.StatusBadRequest, gin.H{"error": "no user id or group id specified"})
return
}
if val, ok := c.Get("user-id"); !ok {
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
return
} else {
RequestingUserId = val.(int)
}
p := models.Permission{
PermissionId: input.PermissionId,
Description: input.Description,
ReadOnly: input.ReadOnly,
SafeId: input.SafeId,
UserId: input.UserId,
GroupId: input.GroupId,
}
//remove leading/trailing spaces in permission description
p.Description = html.EscapeString(strings.TrimSpace(p.Description))
// Check if permission definition already exists
testPermission, _ := models.PermissionGetByDesc(p.Description)
log.Printf("AddPermissionHandler checking if permissions with description '%s' already exists\n", p.Description)
if (models.Permission{} == testPermission) {
log.Printf("AddPermissionHandler confirmed no permission with same description\n")
} else {
errorString := fmt.Sprintf("attempt to register permissions with description '%s' but id '%d' already exists", p.Description, testPermission.PermissionId)
log.Printf("Register error : '%s'\n", errorString)
c.JSON(http.StatusBadRequest, gin.H{"error": errorString})
return
}
_, err := p.PermissionAdd()
// Create audit record
a := models.Audit{
UserId: RequestingUserId,
IpAddress: c.ClientIP(),
EventText: fmt.Sprintf("Created Permission '%s' with id %d on safe id %d for group id %d or user id %d", p.Description, p.PermissionId, p.SafeId, p.GroupId, p.UserId),
}
a.AuditLogAdd()
if err != nil {
errString := fmt.Sprintf("error creating permission : '%s'", err)
log.Printf("AddPermissionHandler %s\n", errString)
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
return
}
c.JSON(http.StatusOK, gin.H{"message": "permission creation success", "data": p})
}
func DeletePermissionHandler(c *gin.Context) {
var input PermissionInput
var RequestingUserId int
if err := c.ShouldBindJSON(&input); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
// Input validation
if input.PermissionId == 0 && len(input.Description) == 0 {
errString := "no permission description or id specified"
log.Printf("DeletePermissionHandler %s\n", errString)
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
return
}
if val, ok := c.Get("user-id"); !ok {
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
return
} else {
RequestingUserId = val.(int)
}
p := models.Permission{
PermissionId: input.PermissionId,
Description: input.Description,
ReadOnly: input.ReadOnly,
SafeId: input.SafeId,
UserId: input.UserId,
GroupId: input.GroupId,
}
//remove leading/trailing spaces in permission description
p.Description = html.EscapeString(strings.TrimSpace(p.Description))
// Check if permission definition already exists
testPermission, _ := models.PermissionGetByDesc(p.Description)
log.Printf("DeletePermissionHandler confirming permission with description '%s' exists\n", p.Description)
if (models.Permission{} == testPermission) {
errString := fmt.Sprintf("attempt to delete non-existing permission with description '%s'", p.Description)
log.Printf("DeletePermissionHandler %s\n", errString)
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
return
} else {
err := p.PermissionDelete()
// Create audit record
a := models.Audit{
UserId: RequestingUserId,
IpAddress: c.ClientIP(),
EventText: fmt.Sprintf("Deleted Permission '%s' with id %d", p.Description, p.PermissionId),
}
a.AuditLogAdd()
if err != nil {
errString := fmt.Sprintf("error deleting permission : '%s'", err)
log.Printf("DeletePermissionHandler %s\n", errString)
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
return
}
c.JSON(http.StatusOK, gin.H{"message": "permission deletion success"})
}
}
Reference in New Issue View Git Blame Copy Permalink