smt/controllers/controlGroups.go

package controllers

import (
	"fmt"
	"html"
	"log"
	"net/http"
	"smt/models"
	"strings"

	"github.com/gin-gonic/gin"
)

type GroupInput struct {
	GroupId   int    `db:"GroupId" json:"groupId"`
	GroupName string `db:"GroupName" json:"groupName"`
	LdapGroup bool   `db:"LdapGroup" json:"ldapGroup"`
	LdapDn    string `db:"LdapDn" json:"ldapDn"`
	Admin     bool   `db:"Admin" json:"admin"`
}

func GetGroupsHandler(c *gin.Context) {
	groups, err := models.GroupList()

	if err != nil {
		errString := fmt.Sprintf("error retrieving groups : '%s'", err)
		log.Printf("GetGroups %s\n", errString)
		c.JSON(http.StatusBadRequest, gin.H{"error": errString})
		return
	}

	c.JSON(http.StatusOK, gin.H{"message": "success", "data": groups})
}

func AddGroupHandler(c *gin.Context) {
	var input GroupInput
	var RequestingUserId int

	if err := c.ShouldBindJSON(&input); err != nil {
		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
		return
	}

	if len(input.GroupName) == 0 {
		c.JSON(http.StatusBadRequest, gin.H{"error": "no group name specified"})
		return
	}

	if input.LdapGroup && len(input.LdapDn) == 0 {
		c.JSON(http.StatusBadRequest, gin.H{"error": "ldapGroup is true but no ldapDn specified"})
		return
	}

	if val, ok := c.Get("user-id"); !ok {
		c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
		return
	} else {
		RequestingUserId = val.(int)
	}

	g := models.Group{}
	g.GroupName = input.GroupName
	g.LdapGroup = input.LdapGroup
	g.LdapDn = input.LdapDn
	g.Admin = input.Admin

	//remove leading/trailing spaces in groupname
	g.GroupName = html.EscapeString(strings.TrimSpace(g.GroupName))

	// Check if there is already an LDAP group with the same Dn
	if g.LdapGroup {
		// TODO check for existing LDAP group
		testLdapGroup, _ := models.GroupGetByLdapDn(g.LdapDn)

		if (models.Group{} == testLdapGroup) {
			log.Printf("AddGroupHandler confirmed no existing group for same LDAP DN\n")
		} else {
			errorString := fmt.Sprintf("attempt to register group with same ldap DN as existing group '%s'", g.GroupName)
			log.Printf("AddGroupHandler error : '%s'\n", errorString)
			c.JSON(http.StatusBadRequest, gin.H{"error": errorString})
			return
		}
	}

	// Check if group already exists with same name
	testGroup, _ := models.GroupGetByName(g.GroupName)
	log.Printf("AddGroupHandler checking if group '%s' already exists\n", g.GroupName)

	if (models.Group{} == testGroup) {
		log.Printf("AddGroupHandler confirmed no existing group name\n")
	} else {
		errorString := fmt.Sprintf("attempt to register conflicting groupname '%s'", g.GroupName)
		log.Printf("AddGroupHandler error : '%s'\n", errorString)
		c.JSON(http.StatusBadRequest, gin.H{"error": errorString})
		return
	}

	// Verification checks passed, return group
	group, err := g.GroupAdd()

	// Create audit record
	a := models.Audit{
		UserId:    RequestingUserId,
		IpAddress: c.ClientIP(),
		EventText: fmt.Sprintf("Created Group '%s' with id %d", g.GroupName, g.GroupId),
	}
	a.AuditLogAdd()

	if err != nil {
		errString := fmt.Sprintf("error creating group : '%s'", err)
		log.Printf("AddGroupHandler %s\n", errString)
		c.JSON(http.StatusBadRequest, gin.H{"error": errString})
		return
	}

	c.JSON(http.StatusOK, gin.H{"message": "group creation success", "data": group})
}

func DeleteGroupHandler(c *gin.Context) {
	var input GroupInput
	var RequestingUserId int

	if err := c.ShouldBindJSON(&input); err != nil {
		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
		return
	}

	// Input validation
	if input.GroupId == 0 && len(input.GroupName) == 0 {
		c.JSON(http.StatusBadRequest, gin.H{"error": "no group name or id specified"})
		return
	}

	if val, ok := c.Get("user-id"); !ok {
		c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
		return
	} else {
		RequestingUserId = val.(int)
	}

	g := models.Group{}
	g.GroupId = input.GroupId
	g.GroupName = input.GroupName

	if g.GroupId > 0 { // Group Id was specified
		// Confirm group exists
		testGroup, _ := models.GroupGetById(g.GroupId)
		log.Printf("DeleteGroupHandler confirming group id '%d' exists\n", g.GroupId)

		if (models.Group{} == testGroup) {
			errString := fmt.Sprintf("attempt to delete non-existing group id '%d'", g.GroupId)
			log.Printf("DeleteGroupHandler %s\n", errString)
			c.JSON(http.StatusBadRequest, gin.H{"error": errString})
			return
		}
		g.GroupName = testGroup.GroupName
	} else if len(g.GroupName) > 0 { // Group name was specified
		//remove leading/trailing spaces in groupname
		g.GroupName = html.EscapeString(strings.TrimSpace(g.GroupName))

		// Confirm group exists
		testGroup, _ := models.GroupGetByName(g.GroupName)
		log.Printf("DeleteGroupHandler confirming group '%s' exists\n", g.GroupName)

		if (models.Group{} == testGroup) {
			errString := fmt.Sprintf("attempt to delete non-existing group '%s'", g.GroupName)
			log.Printf("DeleteGroupHandler %s\n", errString)
			c.JSON(http.StatusBadRequest, gin.H{"error": errString})
			return
		}

		g.GroupId = testGroup.GroupId
	}

	// TODO verify no permissions refer to this group still

	err := g.GroupDelete()

	// Create audit record
	a := models.Audit{
		UserId:    RequestingUserId,
		IpAddress: c.ClientIP(),
		EventText: fmt.Sprintf("Deleted Group '%s' with id %d", g.GroupName, g.GroupId),
	}
	a.AuditLogAdd()

	if err != nil {
		errString := fmt.Sprintf("error deleting group : '%s'", err)
		log.Printf("DeleteGroupHandler %s\n", errString)
		c.JSON(http.StatusBadRequest, gin.H{"error": errString})
		return
	}

	c.JSON(http.StatusOK, gin.H{"message": "group deletion success"})

}