Mercurial > gemma
view pkg/controllers/user.go @ 493:8a0737aa6ab6 metamorph-for-all
The connection pool is now only a session store.
| author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|---|---|
| date | Fri, 24 Aug 2018 14:25:05 +0200 |
| parents | b2dc9c2f69e0 |
| children | 8926c413db21 |
line wrap: on
line source
package controllers import ( "database/sql" "fmt" "net/http" "github.com/gorilla/mux" "gemma.intevation.de/gemma/pkg/auth" "gemma.intevation.de/gemma/pkg/models" ) const ( createUserSQL = `INSERT INTO users.list_users VALUES ($1, $2, $3, $4, NULL, $5)` createUserExtentSQL = `INSERT INTO users.list_users VALUES ($1, $2, $3, $4, ST_MakeBox2D(ST_Point($5, $6), ST_Point($7, $8)), $9)` updateUserUnprivSQL = `UPDATE users.list_users SET (pw, map_extent, email_address) = ($2, ST_MakeBox2D(ST_Point($3, $4), ST_Point($5, $6)), $7) WHERE username = $1` updateUserSQL = `UPDATE users.list_users SET (rolname, username, pw, country, map_extent, email_address) = ($2, $3, $4, $5, NULL, $6) WHERE username = $1` updateUserExtentSQL = `UPDATE users.list_users SET (rolname, username, pw, country, map_extent, email_address) = ($2, $3, $4, $5, ST_MakeBox2D(ST_Point($6, $7), ST_Point($8, $9)), $10) WHERE username = $1` deleteUserSQL = `DELETE FROM users.list_users WHERE username = $1` listUsersSQL = `SELECT rolname, username, country, email_address, ST_XMin(map_extent), ST_YMin(map_extent), ST_XMax(map_extent), ST_YMax(map_extent) FROM users.list_users` listUserSQL = `SELECT rolname, country, email_address, ST_XMin(map_extent), ST_YMin(map_extent), ST_XMax(map_extent), ST_YMax(map_extent) FROM users.list_users WHERE username = $1` ) func deleteUser( _ interface{}, req *http.Request, db *sql.Conn, ) (jr JSONResult, err error) { user := mux.Vars(req)["user"] if !models.UserName(user).IsValid() { err = JSONError{http.StatusBadRequest, "error: user invalid"} return } session, _ := auth.GetSession(req) if session.User == user { err = JSONError{http.StatusBadRequest, "error: cannot delete yourself"} return } var res sql.Result if res, err = db.ExecContext(req.Context(), deleteUserSQL, user); err != nil { return } if n, err2 := res.RowsAffected(); err2 == nil && n == 0 { err = JSONError{ Code: http.StatusNotFound, Message: fmt.Sprintf("Cannot find user %s.", user), } return } // Running in a go routine should not be necessary. go func() { auth.Sessions.Logout(user) }() jr = JSONResult{Code: http.StatusNoContent} return } func updateUser( input interface{}, req *http.Request, db *sql.Conn, ) (jr JSONResult, err error) { user := models.UserName(mux.Vars(req)["user"]) if !user.IsValid() { err = JSONError{http.StatusBadRequest, "error: user invalid"} return } newUser := input.(*models.User) var res sql.Result if s, _ := auth.GetSession(req); s.Roles.Has("sys_admin") { if newUser.Extent == nil { res, err = db.ExecContext( req.Context(), updateUserSQL, user, newUser.Role, newUser.User, newUser.Password, newUser.Country, newUser.Email, ) } else { res, err = db.ExecContext( req.Context(), updateUserExtentSQL, user, newUser.Role, newUser.User, newUser.Password, newUser.Country, newUser.Extent.X1, newUser.Extent.Y1, newUser.Extent.X2, newUser.Extent.Y2, newUser.Email, ) } } else { if newUser.Extent == nil { err = JSONError{http.StatusBadRequest, "extent is mandatory"} return } res, err = db.ExecContext( req.Context(), updateUserUnprivSQL, user, newUser.Password, newUser.Extent.X1, newUser.Extent.Y1, newUser.Extent.X2, newUser.Extent.Y2, newUser.Email, ) } if err != nil { return } if n, err2 := res.RowsAffected(); err2 == nil && n == 0 { err = JSONError{ Code: http.StatusNotFound, Message: fmt.Sprintf("Cannot find user %s.", user), } return } if user != newUser.User { // Running in a go routine should not be necessary. go func() { auth.Sessions.Logout(string(user)) }() } jr = JSONResult{ Code: http.StatusCreated, Result: struct { Result string `json:"result"` }{"success"}, } return } func createUser( input interface{}, req *http.Request, db *sql.Conn, ) (jr JSONResult, err error) { user := input.(*models.User) if user.Extent == nil { _, err = db.ExecContext( req.Context(), createUserSQL, user.Role, user.User, user.Password, user.Country, user.Email, ) } else { _, err = db.ExecContext( req.Context(), createUserExtentSQL, user.Role, user.User, user.Password, user.Country, user.Extent.X1, user.Extent.Y1, user.Extent.X2, user.Extent.Y2, user.Email, ) } if err != nil { return } jr = JSONResult{ Code: http.StatusCreated, Result: struct { Result string `json:"result"` }{"success"}, } return } func listUsers( _ interface{}, req *http.Request, db *sql.Conn, ) (jr JSONResult, err error) { var rows *sql.Rows rows, err = db.QueryContext(req.Context(), listUsersSQL) if err != nil { return } defer rows.Close() var users []*models.User for rows.Next() { user := &models.User{Extent: &models.BoundingBox{}} if err = rows.Scan( &user.Role, &user.User, &user.Country, &user.Email, &user.Extent.X1, &user.Extent.Y1, &user.Extent.X2, &user.Extent.Y2, ); err != nil { return } users = append(users, user) } jr = JSONResult{ Result: struct { Users []*models.User `json:"users"` }{users}, } return } func listUser( _ interface{}, req *http.Request, db *sql.Conn, ) (jr JSONResult, err error) { user := models.UserName(mux.Vars(req)["user"]) if !user.IsValid() { err = JSONError{http.StatusBadRequest, "error: user invalid"} return } result := &models.User{ User: user, Extent: &models.BoundingBox{}, } err = db.QueryRowContext(req.Context(), listUserSQL, user).Scan( &result.Role, &result.Country, &result.Email, &result.Extent.X1, &result.Extent.Y1, &result.Extent.X2, &result.Extent.Y2, ) switch { case err == sql.ErrNoRows: err = JSONError{ Code: http.StatusNotFound, Message: fmt.Sprintf("Cannot find user %s.", user), } return case err != nil: return } jr.Result = result return }