Mercurial > gemma
comparison pkg/controllers/user.go @ 414:c1047fd04a3a
Moved project specific Go packages to new pkg folder.
| author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|---|---|
| date | Wed, 15 Aug 2018 17:30:50 +0200 |
| parents | controllers/user.go@5b03f420957d |
| children | c70ddc6eb168 |
comparison
equal
deleted
inserted
replaced
| 413:a9440a4826aa | 414:c1047fd04a3a |
|---|---|
| 1 package controllers | |
| 2 | |
| 3 import ( | |
| 4 "database/sql" | |
| 5 "fmt" | |
| 6 "net/http" | |
| 7 | |
| 8 "github.com/gorilla/mux" | |
| 9 | |
| 10 "gemma.intevation.de/gemma/pkg/auth" | |
| 11 ) | |
| 12 | |
| 13 const ( | |
| 14 createUserSQL = `INSERT INTO users.list_users | |
| 15 VALUES ($1, $2, $3, $4, NULL, $5)` | |
| 16 createUserExtentSQL = `INSERT INTO users.list_users | |
| 17 VALUES ($1, $2, $3, $4, | |
| 18 ST_MakeBox2D(ST_Point($5, $6), ST_Point($7, $8)), $9)` | |
| 19 | |
| 20 updateUserUnprivSQL = `UPDATE users.list_users | |
| 21 SET (pw, map_extent, email_address) | |
| 22 = ($2, ST_MakeBox2D(ST_Point($3, $4), ST_Point($5, $6)), $7) | |
| 23 WHERE username = $1` | |
| 24 updateUserSQL = `UPDATE users.list_users | |
| 25 SET (rolname, username, pw, country, map_extent, email_address) | |
| 26 = ($2, $3, $4, $5, NULL, $6) | |
| 27 WHERE username = $1` | |
| 28 updateUserExtentSQL = `UPDATE users.list_users | |
| 29 SET (rolname, username, pw, country, map_extent, email_address) | |
| 30 = ($2, $3, $4, $5, ST_MakeBox2D(ST_Point($6, $7), ST_Point($8, $9)), $10) | |
| 31 WHERE username = $1` | |
| 32 | |
| 33 deleteUserSQL = `DELETE FROM users.list_users WHERE username = $1` | |
| 34 | |
| 35 listUsersSQL = `SELECT | |
| 36 rolname, | |
| 37 username, | |
| 38 country, | |
| 39 email_address, | |
| 40 ST_XMin(map_extent), ST_YMin(map_extent), | |
| 41 ST_XMax(map_extent), ST_YMax(map_extent) | |
| 42 FROM users.list_users` | |
| 43 | |
| 44 listUserSQL = `SELECT | |
| 45 rolname, | |
| 46 country, | |
| 47 email_address, | |
| 48 ST_XMin(map_extent), ST_YMin(map_extent), | |
| 49 ST_XMax(map_extent), ST_YMax(map_extent) | |
| 50 FROM users.list_users | |
| 51 WHERE username = $1` | |
| 52 ) | |
| 53 | |
| 54 func deleteUser( | |
| 55 _ interface{}, req *http.Request, | |
| 56 db *sql.DB, | |
| 57 ) (jr JSONResult, err error) { | |
| 58 | |
| 59 user := mux.Vars(req)["user"] | |
| 60 if user == "" { | |
| 61 err = JSONError{http.StatusBadRequest, "error: user empty"} | |
| 62 return | |
| 63 } | |
| 64 | |
| 65 session, _ := auth.GetSession(req) | |
| 66 if session.User == user { | |
| 67 err = JSONError{http.StatusBadRequest, "error: cannot delete yourself"} | |
| 68 return | |
| 69 } | |
| 70 | |
| 71 var res sql.Result | |
| 72 | |
| 73 if res, err = db.Exec(deleteUserSQL, user); err != nil { | |
| 74 return | |
| 75 } | |
| 76 | |
| 77 if n, err2 := res.RowsAffected(); err2 == nil && n == 0 { | |
| 78 err = JSONError{ | |
| 79 Code: http.StatusNotFound, | |
| 80 Message: fmt.Sprintf("Cannot find user %s.", user), | |
| 81 } | |
| 82 return | |
| 83 } | |
| 84 | |
| 85 // Running in a go routine should not be necessary. | |
| 86 go func() { auth.ConnPool.Logout(user) }() | |
| 87 | |
| 88 jr = JSONResult{Code: http.StatusNoContent} | |
| 89 return | |
| 90 } | |
| 91 | |
| 92 func updateUser( | |
| 93 input interface{}, req *http.Request, | |
| 94 db *sql.DB, | |
| 95 ) (jr JSONResult, err error) { | |
| 96 | |
| 97 user := mux.Vars(req)["user"] | |
| 98 if user == "" { | |
| 99 err = JSONError{http.StatusBadRequest, "error: user empty"} | |
| 100 return | |
| 101 } | |
| 102 | |
| 103 newUser := input.(*User) | |
| 104 var res sql.Result | |
| 105 | |
| 106 if s, _ := auth.GetSession(req); s.Roles.Has("sys_admin") { | |
| 107 if newUser.Extent == nil { | |
| 108 res, err = db.Exec( | |
| 109 updateUserSQL, | |
| 110 user, | |
| 111 newUser.Role, | |
| 112 newUser.User, | |
| 113 newUser.Password, | |
| 114 newUser.Country, | |
| 115 newUser.Email, | |
| 116 ) | |
| 117 } else { | |
| 118 res, err = db.Exec( | |
| 119 updateUserExtentSQL, | |
| 120 user, | |
| 121 newUser.Role, | |
| 122 newUser.User, | |
| 123 newUser.Password, | |
| 124 newUser.Country, | |
| 125 newUser.Extent.X1, newUser.Extent.Y1, | |
| 126 newUser.Extent.X2, newUser.Extent.Y2, | |
| 127 newUser.Email, | |
| 128 ) | |
| 129 } | |
| 130 } else { | |
| 131 if newUser.Extent == nil { | |
| 132 err = JSONError{http.StatusBadRequest, "extent is mandatory"} | |
| 133 return | |
| 134 } | |
| 135 res, err = db.Exec( | |
| 136 updateUserUnprivSQL, | |
| 137 user, | |
| 138 newUser.Password, | |
| 139 newUser.Extent.X1, newUser.Extent.Y1, | |
| 140 newUser.Extent.X2, newUser.Extent.Y2, | |
| 141 newUser.Email, | |
| 142 ) | |
| 143 } | |
| 144 | |
| 145 if err != nil { | |
| 146 return | |
| 147 } | |
| 148 | |
| 149 if n, err2 := res.RowsAffected(); err2 == nil && n == 0 { | |
| 150 err = JSONError{ | |
| 151 Code: http.StatusNotFound, | |
| 152 Message: fmt.Sprintf("Cannot find user %s.", user), | |
| 153 } | |
| 154 return | |
| 155 } | |
| 156 | |
| 157 if user != newUser.User { | |
| 158 // Running in a go routine should not be necessary. | |
| 159 go func() { auth.ConnPool.Logout(user) }() | |
| 160 } | |
| 161 | |
| 162 jr = JSONResult{ | |
| 163 Code: http.StatusCreated, | |
| 164 Result: struct { | |
| 165 Result string `json:"result"` | |
| 166 }{"success"}, | |
| 167 } | |
| 168 return | |
| 169 } | |
| 170 | |
| 171 func createUser( | |
| 172 input interface{}, req *http.Request, | |
| 173 db *sql.DB, | |
| 174 ) (jr JSONResult, err error) { | |
| 175 | |
| 176 user := input.(*User) | |
| 177 | |
| 178 if user.Extent == nil { | |
| 179 _, err = db.Exec( | |
| 180 createUserSQL, | |
| 181 user.Role, | |
| 182 user.User, | |
| 183 user.Password, | |
| 184 user.Country, | |
| 185 user.Email, | |
| 186 ) | |
| 187 } else { | |
| 188 _, err = db.Exec( | |
| 189 createUserExtentSQL, | |
| 190 user.Role, | |
| 191 user.User, | |
| 192 user.Password, | |
| 193 user.Country, | |
| 194 user.Extent.X1, user.Extent.Y1, | |
| 195 user.Extent.X2, user.Extent.Y2, | |
| 196 user.Email, | |
| 197 ) | |
| 198 } | |
| 199 | |
| 200 if err != nil { | |
| 201 return | |
| 202 } | |
| 203 | |
| 204 jr = JSONResult{ | |
| 205 Code: http.StatusCreated, | |
| 206 Result: struct { | |
| 207 Result string `json:"result"` | |
| 208 }{"success"}, | |
| 209 } | |
| 210 return | |
| 211 } | |
| 212 | |
| 213 func listUsers( | |
| 214 _ interface{}, req *http.Request, | |
| 215 db *sql.DB, | |
| 216 ) (jr JSONResult, err error) { | |
| 217 | |
| 218 var rows *sql.Rows | |
| 219 | |
| 220 rows, err = db.Query(listUsersSQL) | |
| 221 if err != nil { | |
| 222 return | |
| 223 } | |
| 224 defer rows.Close() | |
| 225 | |
| 226 var users []*User | |
| 227 | |
| 228 for rows.Next() { | |
| 229 user := &User{Extent: &BoundingBox{}} | |
| 230 if err = rows.Scan( | |
| 231 &user.Role, | |
| 232 &user.User, | |
| 233 &user.Country, | |
| 234 &user.Email, | |
| 235 &user.Extent.X1, &user.Extent.Y1, | |
| 236 &user.Extent.X2, &user.Extent.Y2, | |
| 237 ); err != nil { | |
| 238 return | |
| 239 } | |
| 240 users = append(users, user) | |
| 241 } | |
| 242 | |
| 243 jr = JSONResult{ | |
| 244 Result: struct { | |
| 245 Users []*User `json:"users"` | |
| 246 }{users}, | |
| 247 } | |
| 248 return | |
| 249 } | |
| 250 | |
| 251 func listUser( | |
| 252 _ interface{}, req *http.Request, | |
| 253 db *sql.DB, | |
| 254 ) (jr JSONResult, err error) { | |
| 255 | |
| 256 user := mux.Vars(req)["user"] | |
| 257 if user == "" { | |
| 258 err = JSONError{http.StatusBadRequest, "error: user empty"} | |
| 259 return | |
| 260 } | |
| 261 | |
| 262 result := &User{ | |
| 263 User: user, | |
| 264 Extent: &BoundingBox{}, | |
| 265 } | |
| 266 | |
| 267 err = db.QueryRow(listUserSQL, user).Scan( | |
| 268 &result.Role, | |
| 269 &result.Country, | |
| 270 &result.Email, | |
| 271 &result.Extent.X1, &result.Extent.Y1, | |
| 272 &result.Extent.X2, &result.Extent.Y2, | |
| 273 ) | |
| 274 | |
| 275 switch { | |
| 276 case err == sql.ErrNoRows: | |
| 277 err = JSONError{ | |
| 278 Code: http.StatusNotFound, | |
| 279 Message: fmt.Sprintf("Cannot find user %s.", user), | |
| 280 } | |
| 281 return | |
| 282 case err != nil: | |
| 283 return | |
| 284 } | |
| 285 | |
| 286 jr.Result = result | |
| 287 return | |
| 288 } |