Mercurial > gemma

changeset 5500:f0c668bc4082 deactivate-users

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Wed, 22 Sep 2021 12:02:03 +0200
parents a30b6c6541e0
children 2ce85b6fcb76
files pkg/controllers/user.go pkg/models/user.go schema/manage_users.sql
diffstat 3 files changed, 30 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/pkg/controllers/user.go	Tue Sep 21 22:06:43 2021 +0200
+++ b/pkg/controllers/user.go	Wed Sep 22 12:02:03 2021 +0200
@@ -330,6 +330,9 @@
 	if patch.Reports != nil && priv {
 		update("report_reciever", *patch.Reports)
 	}
+	if patch.Active != nil && priv {
+		update("active", *patch.Active)
+	}
 	if patch.Extent != nil {
 		updateBox("map_extent", patch.Extent)
 	}
--- a/pkg/models/user.go	Tue Sep 21 22:06:43 2021 +0200
+++ b/pkg/models/user.go	Wed Sep 22 12:02:03 2021 +0200
@@ -59,6 +59,7 @@
 		Email    *Email       `json:"email,omitempty"`
 		Country  *Country     `json:"country,omitempty"`
 		Reports  *bool        `json:"reports,omitempty"`
+		Active   *bool        `json:"active,omitempty"`
 		Extent   *BoundingBox `json:"extent,omitempty"`
 	}
 
--- a/schema/manage_users.sql	Tue Sep 21 22:06:43 2021 +0200
+++ b/schema/manage_users.sql	Wed Sep 22 12:02:03 2021 +0200
@@ -82,8 +82,18 @@
     END IF;
 
     INSERT INTO internal.user_profiles (
-        username, country, map_extent, email_address)
-        VALUES (NEW.username, NEW.country, NEW.map_extent, NEW.email_address);
+        username, country, map_extent, email_address,
+        report_reciever, active)
+        VALUES (NEW.username, NEW.country, NEW.map_extent, NEW.email_address,
+                NEW.report_reciever, NEW.active);
+
+    IF NEW.active THEN
+        EXECUTE format(
+            'ALTER ROLE %I LOGIN', NEW.username);
+    ELSE
+        EXECUTE format(
+            'ALTER ROLE %I NOLOGIN', NEW.username);
+    END IF;
 
     -- Do not leak new password
     NEW.pw = '';
@@ -152,8 +162,10 @@
     END IF;
 
     UPDATE internal.user_profiles p
-        SET (username, country, map_extent, email_address)
-        = (NEW.username, NEW.country, NEW.map_extent, NEW.email_address)
+        SET (username, country, map_extent, email_address,
+             report_reciever, active)
+        = (NEW.username, NEW.country, NEW.map_extent, NEW.email_address,
+           NEW.report_reciever, NEW.active)
         WHERE p.username = cur_username;
 
     IF NEW.rolname <> OLD.rolname
@@ -172,6 +184,16 @@
             internal.check_password(NEW.pw));
     END IF;
 
+    IF NEW.active <> OLD.active THEN
+        IF NEW.active THEN
+            EXECUTE format(
+                'ALTER ROLE %I LOGIN', cur_username);
+        ELSE
+            EXECUTE format(
+                'ALTER ROLE %I NOLOGIN', cur_username);
+        END IF;
+    END IF;
+
     -- Do not leak new password
     NEW.pw = '';
     RETURN NEW;
@@ -260,10 +282,6 @@
             ('nomail@example.com', false, false)
         WHERE username = rolename;
 
-    -- Do not allow to login any more.
-    EXECUTE format(
-        'ALTER ROLE %I NOLOGIN', rolename);
-
     RETURN 2;
 END;
 $$