Mercurial > gemma

changeset 240:9012e4045da4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Implemented /user delete controller.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Thu, 26 Jul 2018 17:56:02 +0200
parents 713234a04a87
children 3b688fe04c39
files auth/pool.go controllers/json.go controllers/routes.go controllers/user.go
diffstat 4 files changed, 59 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/auth/pool.go	Thu Jul 26 17:15:22 2018 +0200
+++ b/auth/pool.go	Thu Jul 26 17:56:02 2018 +0200
@@ -296,6 +296,21 @@
 	return <-res
 }
 
+func (pcp *ConnectionPool) Logout(user string) {
+	pcp.cmds <- func(pcp *ConnectionPool) {
+		for token, con := range pcp.conns {
+			if con.session.User == user {
+				if db := con.db; db != nil {
+					con.db = nil
+					db.Close()
+				}
+				delete(pcp.conns, token)
+				pcp.remove(token)
+			}
+		}
+	}
+}
+
 func (pcp *ConnectionPool) Shutdown() error {
 	if db := pcp.storage; db != nil {
 		log.Println("info: shutdown persistent connection pool.")
--- a/controllers/json.go	Thu Jul 26 17:15:22 2018 +0200
+++ b/controllers/json.go	Thu Jul 26 17:56:02 2018 +0200
@@ -90,9 +90,13 @@
 		jr.Code = http.StatusOK
 	}
 
-	rw.Header().Set("Content-Type", "application/json")
+	if jr.Code != http.StatusNoContent {
+		rw.Header().Set("Content-Type", "application/json")
+	}
 	rw.WriteHeader(jr.Code)
-	if err := json.NewEncoder(rw).Encode(jr.Result); err != nil {
-		log.Printf("error: %v\n", err)
+	if jr.Code != http.StatusNoContent {
+		if err := json.NewEncoder(rw).Encode(jr.Result); err != nil {
+			log.Printf("error: %v\n", err)
+		}
 	}
 }
--- a/controllers/routes.go	Thu Jul 26 17:15:22 2018 +0200
+++ b/controllers/routes.go	Thu Jul 26 17:56:02 2018 +0200
@@ -24,6 +24,10 @@
 		Handle: updateUser,
 	})).Methods(http.MethodPut)
 
+	api.Handle("/users/{user}", sysAdmin(&JSONHandler{
+		Handle: deleteUser,
+	})).Methods(http.MethodPut)
+
 	api.HandleFunc("/login", login).
 		Methods(http.MethodGet, http.MethodPost)
 	api.Handle("/logout", auth.SessionMiddleware(http.HandlerFunc(logout))).
--- a/controllers/user.go	Thu Jul 26 17:15:22 2018 +0200
+++ b/controllers/user.go	Thu Jul 26 17:56:02 2018 +0200
@@ -8,6 +8,7 @@
 	"regexp"
 	"strings"
 
+	"gemma.intevation.de/gemma/auth"
 	"github.com/gorilla/mux"
 )
 
@@ -41,6 +42,8 @@
 	updateUserSQL       = `SELECT sys_admin.update_user($1, $2, $3, $4, $5, NULL, $6)`
 	updateUserExtentSQL = `SELECT sys_admin.update_user($1, $2, $3, $4, $5,
   ST_MakeBox2D(ST_Point($6, $7), ST_Point($8, $9)), $10)`
+
+	deleteUserSQL = `SELECT sys_admin.delete_user($1)`
 )
 
 var (
@@ -117,10 +120,37 @@
 	return errNoValidRole
 }
 
+func deleteUser(
+	rw http.ResponseWriter, req *http.Request,
+	input interface{}, db *sql.DB,
+) (jr JSONResult, err error) {
+
+	user := mux.Vars(req)["user"]
+	if user == "" {
+		err = JSONError{http.StatusBadRequest, "error: user empty"}
+		return
+	}
+
+	session, _ := auth.GetSession(req)
+	if session.User == user {
+		err = JSONError{http.StatusBadRequest, "error: cannot delete yourself"}
+		return
+	}
+
+	if _, err = db.Exec(deleteUserSQL, user); err != nil {
+		return
+	}
+
+	// Running in a go routine should not be necessary.
+	go func() { auth.ConnPool.Logout(user) }()
+
+	jr = JSONResult{Code: http.StatusNoContent}
+	return
+}
+
 func updateUser(
 	rw http.ResponseWriter, req *http.Request,
-	input interface{},
-	db *sql.DB,
+	input interface{}, db *sql.DB,
 ) (jr JSONResult, err error) {
 
 	user := mux.Vars(req)["user"]
@@ -172,8 +202,7 @@
 
 func createUser(
 	rw http.ResponseWriter, req *http.Request,
-	input interface{},
-	db *sql.DB,
+	input interface{}, db *sql.DB,
 ) (jr JSONResult, err error) {
 
 	user := input.(*User)