Nathan Coad
66a1917e6f
All checks were successful
continuous-integration/drone/push Build is passing
268 lines
8.1 KiB
Go
268 lines
8.1 KiB
Go
package controllers
|
|
|
|
import (
|
|
"fmt"
|
|
"html"
|
|
"log"
|
|
"net/http"
|
|
"smt/models"
|
|
"smt/utils"
|
|
"strings"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
type PermissionInput struct {
|
|
PermissionId int `db:"PermissionId" json:"permissionId"`
|
|
Description string `db:"Description" json:"description"`
|
|
ReadOnly bool `db:"ReadOnly" json:"readOnly"`
|
|
SafeId int `db:"SafeId" json:"safeId"`
|
|
UserId int `db:"UserId" json:"userId"`
|
|
GroupId int `db:"GroupId" json:"groupId"`
|
|
}
|
|
|
|
func GetPermissionsHandler(c *gin.Context) {
|
|
permissions, err := models.PermissionList()
|
|
|
|
if err != nil {
|
|
errString := fmt.Sprintf("error retrieving permissions : '%s'", err)
|
|
log.Printf("GetPermissionsHandler %s\n", errString)
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
|
return
|
|
}
|
|
|
|
c.JSON(http.StatusOK, gin.H{"message": "success", "data": permissions})
|
|
}
|
|
|
|
func AddPermissionHandler(c *gin.Context) {
|
|
var input PermissionInput
|
|
var RequestingUserId int
|
|
|
|
if err := c.ShouldBindJSON(&input); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
// Validate input
|
|
if len(input.Description) == 0 && input.PermissionId == 0 {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "no permission id or description specified"})
|
|
return
|
|
}
|
|
if input.SafeId == 0 {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "no safe id specified"})
|
|
return
|
|
}
|
|
if input.UserId == 0 && input.GroupId == 0 {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "no user id or group id specified"})
|
|
return
|
|
}
|
|
|
|
if val, ok := c.Get("user-id"); !ok {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
|
|
return
|
|
} else {
|
|
RequestingUserId = val.(int)
|
|
}
|
|
|
|
p := models.Permission{
|
|
PermissionId: input.PermissionId,
|
|
Description: input.Description,
|
|
ReadOnly: input.ReadOnly,
|
|
SafeId: input.SafeId,
|
|
UserId: input.UserId,
|
|
GroupId: input.GroupId,
|
|
}
|
|
|
|
//remove leading/trailing spaces in permission description
|
|
p.Description = html.EscapeString(strings.TrimSpace(p.Description))
|
|
|
|
// Check if permission definition already exists
|
|
testPermission, _ := models.PermissionGetByDesc(p.Description)
|
|
log.Printf("AddPermissionHandler checking if permissions with description '%s' already exists\n", p.Description)
|
|
|
|
if (models.Permission{} == testPermission) {
|
|
log.Printf("AddPermissionHandler confirmed no permission with same description\n")
|
|
} else {
|
|
errorString := fmt.Sprintf("attempt to register permissions with description '%s' but id '%d' already exists", p.Description, testPermission.PermissionId)
|
|
log.Printf("Register error : '%s'\n", errorString)
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": errorString})
|
|
return
|
|
}
|
|
|
|
_, err := p.PermissionAdd()
|
|
|
|
// Create audit record
|
|
a := models.Audit{
|
|
UserId: RequestingUserId,
|
|
IpAddress: c.ClientIP(),
|
|
EventText: fmt.Sprintf("Created Permission '%s' with id %d on safe id %d for group id %d or user id %d", p.Description, p.PermissionId, p.SafeId, p.GroupId, p.UserId),
|
|
}
|
|
a.AuditLogAdd()
|
|
|
|
if err != nil {
|
|
errString := fmt.Sprintf("error creating permission : '%s'", err)
|
|
log.Printf("AddPermissionHandler %s\n", errString)
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
|
return
|
|
}
|
|
|
|
c.JSON(http.StatusOK, gin.H{"message": "permission creation success", "data": p})
|
|
}
|
|
|
|
func DeletePermissionHandler(c *gin.Context) {
|
|
var input PermissionInput
|
|
var RequestingUserId int
|
|
|
|
if err := c.ShouldBindJSON(&input); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
// Input validation
|
|
if input.PermissionId == 0 && len(input.Description) == 0 {
|
|
errString := "no permission description or id specified"
|
|
log.Printf("DeletePermissionHandler %s\n", errString)
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
|
return
|
|
}
|
|
|
|
if val, ok := c.Get("user-id"); !ok {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
|
|
return
|
|
} else {
|
|
RequestingUserId = val.(int)
|
|
}
|
|
|
|
p := models.Permission{
|
|
PermissionId: input.PermissionId,
|
|
Description: input.Description,
|
|
ReadOnly: input.ReadOnly,
|
|
SafeId: input.SafeId,
|
|
UserId: input.UserId,
|
|
GroupId: input.GroupId,
|
|
}
|
|
|
|
//remove leading/trailing spaces in permission description
|
|
p.Description = html.EscapeString(strings.TrimSpace(p.Description))
|
|
|
|
// Check if permission definition already exists
|
|
if len(p.Description) > 0 {
|
|
log.Printf("DeletePermissionHandler confirming permission with description '%s' exists\n", p.Description)
|
|
testPermission, _ := models.PermissionGetByDesc(p.Description)
|
|
|
|
if (models.Permission{} == testPermission) {
|
|
errString := fmt.Sprintf("attempt to delete non-existing permission with description '%s'", p.Description)
|
|
log.Printf("DeletePermissionHandler %s\n", errString)
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
|
return
|
|
}
|
|
} else {
|
|
log.Printf("DeletePermissionHandler confirming permission with id '%d' exists\n", p.PermissionId)
|
|
testPermission, _ := models.PermissionGetById(p.PermissionId)
|
|
|
|
if (models.Permission{} == testPermission) {
|
|
errString := fmt.Sprintf("attempt to delete non-existing permission with id '%d'", p.PermissionId)
|
|
log.Printf("DeletePermissionHandler %s\n", errString)
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
|
return
|
|
}
|
|
}
|
|
|
|
err := p.PermissionDelete()
|
|
|
|
// Create audit record
|
|
a := models.Audit{
|
|
UserId: RequestingUserId,
|
|
IpAddress: c.ClientIP(),
|
|
EventText: fmt.Sprintf("Deleted Permission '%s' with id %d", p.Description, p.PermissionId),
|
|
}
|
|
a.AuditLogAdd()
|
|
|
|
if err != nil {
|
|
errString := fmt.Sprintf("error deleting permission : '%s'", err)
|
|
log.Printf("DeletePermissionHandler %s\n", errString)
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
|
return
|
|
}
|
|
|
|
c.JSON(http.StatusOK, gin.H{"message": "permission deletion success"})
|
|
|
|
}
|
|
|
|
func UpdatePermissionHandler(c *gin.Context) {
|
|
var input PermissionInput
|
|
var RequestingUserId int
|
|
|
|
if err := c.ShouldBindJSON(&input); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
|
|
// Input validation
|
|
if input.PermissionId == 0 {
|
|
errString := "must specify permission id"
|
|
log.Printf("UpdatePermissionHandler %s\n", errString)
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
|
return
|
|
}
|
|
|
|
if val, ok := c.Get("user-id"); !ok {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
|
|
return
|
|
} else {
|
|
RequestingUserId = val.(int)
|
|
}
|
|
|
|
// Check specified permission currently exists
|
|
currentPermission, err := models.PermissionGetById(input.PermissionId)
|
|
|
|
if err != nil {
|
|
errString := fmt.Sprintf("error querying existing permission : '%s'", err)
|
|
log.Printf("UpdatePermissionHandler %s\n", errString)
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
|
return
|
|
}
|
|
if (models.Permission{} == currentPermission) {
|
|
errString := fmt.Sprintf("no permission id '%d' found", input.PermissionId)
|
|
log.Printf("UpdatePermissionHandler %s\n", errString)
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
|
return
|
|
}
|
|
|
|
// create new struct with values supplied by user
|
|
newPermission := models.Permission{
|
|
PermissionId: input.PermissionId,
|
|
Description: input.Description,
|
|
ReadOnly: input.ReadOnly,
|
|
SafeId: input.SafeId,
|
|
UserId: input.UserId,
|
|
GroupId: input.GroupId,
|
|
}
|
|
|
|
//remove leading/trailing spaces in permission description
|
|
newPermission.Description = html.EscapeString(strings.TrimSpace(newPermission.Description))
|
|
|
|
// Copy newPermission into currentPermission
|
|
utils.UpdateStruct(¤tPermission, &newPermission)
|
|
|
|
// run the database update
|
|
_, err = currentPermission.PermissionUpdate()
|
|
|
|
if err != nil {
|
|
errString := fmt.Sprintf("error updating permission : '%s'", err)
|
|
log.Printf("UpdatePermissionHandler %s\n", errString)
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
|
return
|
|
}
|
|
|
|
//create audit record
|
|
a := models.Audit{
|
|
UserId: RequestingUserId,
|
|
IpAddress: c.ClientIP(),
|
|
EventText: fmt.Sprintf("Updated Permission '%s' with id %d", currentPermission.Description, currentPermission.PermissionId),
|
|
}
|
|
a.AuditLogAdd()
|
|
|
|
c.JSON(http.StatusOK, gin.H{"message": "permission update success", "data": currentPermission})
|
|
}
|