Mercurial > gemma
changeset 5500:f0c668bc4082 deactivate-users
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Wed, 22 Sep 2021 12:02:03 +0200 |
parents | a30b6c6541e0 |
children | 2ce85b6fcb76 |
files | pkg/controllers/user.go pkg/models/user.go schema/manage_users.sql |
diffstat | 3 files changed, 30 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/pkg/controllers/user.go Tue Sep 21 22:06:43 2021 +0200 +++ b/pkg/controllers/user.go Wed Sep 22 12:02:03 2021 +0200 @@ -330,6 +330,9 @@ if patch.Reports != nil && priv { update("report_reciever", *patch.Reports) } + if patch.Active != nil && priv { + update("active", *patch.Active) + } if patch.Extent != nil { updateBox("map_extent", patch.Extent) }
--- a/pkg/models/user.go Tue Sep 21 22:06:43 2021 +0200 +++ b/pkg/models/user.go Wed Sep 22 12:02:03 2021 +0200 @@ -59,6 +59,7 @@ Email *Email `json:"email,omitempty"` Country *Country `json:"country,omitempty"` Reports *bool `json:"reports,omitempty"` + Active *bool `json:"active,omitempty"` Extent *BoundingBox `json:"extent,omitempty"` }
--- a/schema/manage_users.sql Tue Sep 21 22:06:43 2021 +0200 +++ b/schema/manage_users.sql Wed Sep 22 12:02:03 2021 +0200 @@ -82,8 +82,18 @@ END IF; INSERT INTO internal.user_profiles ( - username, country, map_extent, email_address) - VALUES (NEW.username, NEW.country, NEW.map_extent, NEW.email_address); + username, country, map_extent, email_address, + report_reciever, active) + VALUES (NEW.username, NEW.country, NEW.map_extent, NEW.email_address, + NEW.report_reciever, NEW.active); + + IF NEW.active THEN + EXECUTE format( + 'ALTER ROLE %I LOGIN', NEW.username); + ELSE + EXECUTE format( + 'ALTER ROLE %I NOLOGIN', NEW.username); + END IF; -- Do not leak new password NEW.pw = ''; @@ -152,8 +162,10 @@ END IF; UPDATE internal.user_profiles p - SET (username, country, map_extent, email_address) - = (NEW.username, NEW.country, NEW.map_extent, NEW.email_address) + SET (username, country, map_extent, email_address, + report_reciever, active) + = (NEW.username, NEW.country, NEW.map_extent, NEW.email_address, + NEW.report_reciever, NEW.active) WHERE p.username = cur_username; IF NEW.rolname <> OLD.rolname @@ -172,6 +184,16 @@ internal.check_password(NEW.pw)); END IF; + IF NEW.active <> OLD.active THEN + IF NEW.active THEN + EXECUTE format( + 'ALTER ROLE %I LOGIN', cur_username); + ELSE + EXECUTE format( + 'ALTER ROLE %I NOLOGIN', cur_username); + END IF; + END IF; + -- Do not leak new password NEW.pw = ''; RETURN NEW; @@ -260,10 +282,6 @@ ('nomail@example.com', false, false) WHERE username = rolename; - -- Do not allow to login any more. - EXECUTE format( - 'ALTER ROLE %I NOLOGIN', rolename); - RETURN 2; END; $$