Mercurial > gemma
diff controllers/user.go @ 307:750a9c9cd965
Use SQL UPDATE to update users
This implies it's not a database error anymore to try to update a
non-existent user. Thus, handle this as a HTTP-404 in the backend,
which is in line with what GET does.
Using UPDATE here will allow to GRANT column-wise privileges. The password
has become part of the view to be updatable as well.
| author | Tom Gottfried <tom@intevation.de> |
|---|---|
| date | Wed, 01 Aug 2018 15:49:38 +0200 |
| parents | 4befc5868ea6 |
| children | 74559e12a59f |
line wrap: on
line diff
--- a/controllers/user.go Wed Aug 01 15:18:26 2018 +0200 +++ b/controllers/user.go Wed Aug 01 15:49:38 2018 +0200 @@ -15,9 +15,14 @@ createUserExtentSQL = `SELECT sys_admin.create_user($1, $2, $3, $4, ST_MakeBox2D(ST_Point($5, $6), ST_Point($7, $8)), $9)` - updateUserSQL = `SELECT sys_admin.update_user($1, $2, $3, $4, $5, NULL, $6)` - updateUserExtentSQL = `SELECT sys_admin.update_user($1, $2, $3, $4, $5, - ST_MakeBox2D(ST_Point($6, $7), ST_Point($8, $9)), $10)` + updateUserSQL = `UPDATE users.list_users + SET (rolname, username, pw, country, map_extent, email_address) + = ($2, $3, $4, $5, NULL, $6) + WHERE username = $1` + updateUserExtentSQL = `UPDATE users.list_users + SET (rolname, username, pw, country, map_extent, email_address) + = ($2, $3, $4, $5, ST_MakeBox2D(ST_Point($6, $7), ST_Point($8, $9)), $10) + WHERE username = $1` deleteUserSQL = `SELECT sys_admin.delete_user($1)` @@ -80,9 +85,10 @@ } newUser := input.(*User) + var res sql.Result if newUser.Extent == nil { - _, err = db.Exec( + res, err = db.Exec( updateUserSQL, user, newUser.Role, @@ -92,7 +98,7 @@ newUser.Email, ) } else { - _, err = db.Exec( + res, err = db.Exec( updateUserExtentSQL, user, newUser.Role, @@ -105,6 +111,13 @@ ) } + if n, _ := res.RowsAffected(); n == 0 { + err = JSONError{ + Code: http.StatusNotFound, + Message: fmt.Sprintf("Cannot find user %s.", user), + } + return + } if err != nil { return }