app/auth/api_grp.go

188 lines
4.0 KiB
Go
Raw Permalink Normal View History

2021-12-16 04:11:33 +00:00
package auth
import (
"strings"
"github.com/gin-gonic/gin"
"gorm.io/gorm"
"kumoly.io/kumoly/app/errors"
"kumoly.io/kumoly/app/server"
)
func ApiGrps(c *gin.Context) {
grps := []Group{}
var result *gorm.DB
if ACHas(c, SYSTEM) {
result = DB.Find(&grps)
} else {
result = DB.Where("name not like ?", SYS_AUTH_PREFIX+"%").Find(&grps)
}
if result.Error != nil {
panic(result.Error)
}
server.Res(c, &server.Response{Data: grps})
}
type apiGrpNewReq struct {
Name string `json:"name" example:"user" binding:"required"`
DisplayName string `json:"display_name"`
Description string `json:"description"`
}
func ApiGrpNew(c *gin.Context) {
var data apiGrpNewReq
if err := c.ShouldBindJSON(&data); err != nil {
panic(err)
}
if strings.HasPrefix(data.Name, SYS_AUTH_PREFIX) && !ACHas(c, ADMIN) {
panic(errors.ErrorForbidden)
}
grp := &Group{
Name: data.Name,
Description: data.Description,
DisplayName: data.DisplayName,
}
if err := DB.Create(grp).Error; err != nil {
panic(err)
}
server.Res(c, &server.Response{Data: grp})
}
type apiGrpUpdateReq struct {
ID uint `json:"id" binding:"required"`
Name string `json:"name" binding:"required"`
DisplayName string `json:"display_name"`
Description string `json:"description"`
}
func ApiGrpUpdate(c *gin.Context) {
fetch := c.Query("fetch")
var data apiGrpUpdateReq
if err := c.ShouldBindJSON(&data); err != nil {
panic(err)
}
grp := &Group{}
err := DB.First(grp, data.ID).Error
if err != nil {
panic(errors.NewError(404, err))
}
if strings.HasPrefix(grp.Name, SYS_AUTH_PREFIX) {
panic(errors.ErrorForbidden)
}
if !ACHas(c, ADMIN, grp.Name) {
panic(errors.ErrorForbidden)
}
result := DB.Model(&grp).Updates(map[string]interface{}{
"name": data.Name,
"display_name": data.DisplayName,
"description": data.Description,
})
if result.Error != nil {
panic(result.Error)
}
if fetch != "" {
DB.Preload("Users").First(grp, data.ID)
}
server.Res(c, &server.Response{Data: grp})
}
func ApiGrpDel(c *gin.Context) {
id := c.Param("id")
if id == "" {
panic(errors.ErrorBadRequest)
}
grp := &Group{}
err := DB.First(grp, id).Error
if err != nil {
panic(errors.NewError(404, err))
}
if strings.HasPrefix(grp.Name, SYS_AUTH_PREFIX) && !ACHas(c, ADMIN) {
panic(errors.ErrorForbidden)
}
err = DB.Transaction(func(tx *gorm.DB) error {
err = tx.Model(&grp).Association("Users").Clear()
if err != nil {
return err
}
err = tx.Delete(grp).Error
if err != nil {
return err
}
return nil
})
if err != nil {
panic(err)
}
server.Res(c, &server.Response{Data: "ok"})
}
func ApiGrpAssign(c *gin.Context) {
uid := c.Param("uid")
gid := c.Param("gid")
if uid == "" || gid == "" {
panic(errors.ErrorBadRequest)
}
usr := &User{}
err := DB.Where("id = ?", uid).First(usr).Error
if err != nil {
panic(errors.NewError(404, err))
}
grp := &Group{}
err = DB.First(grp, gid).Error
if err != nil {
panic(errors.NewError(404, err))
}
// deny access
if !ACHas(c, grp.Name, ADMIN, SYSTEM) {
panic(errors.ErrorForbidden)
}
// only sys can add sys
if grp.Name == SYSTEM {
if !ACHas(c, SYSTEM) {
panic(errors.ErrorForbidden)
}
}
err = DB.Transaction(func(tx *gorm.DB) error {
return tx.Model(usr).Association("Groups").Append(grp)
})
if err != nil {
panic(err)
}
server.Res(c, &server.Response{Data: "ok"})
}
func ApiGrpRemove(c *gin.Context) {
uid := c.Param("uid")
gid := c.Param("gid")
if uid == "" || gid == "" {
panic(errors.ErrorBadRequest)
}
usr := &User{}
err := DB.Where("id = ?", uid).First(usr).Error
if err != nil {
panic(errors.NewError(404, err))
}
grp := &Group{}
err = DB.First(grp, gid).Error
if err != nil {
panic(errors.NewError(404, err))
}
if grp.Name == SYSTEM {
if !ACHas(c, SYSTEM) {
panic(errors.ErrorForbidden)
}
}
if grp.Name == ADMIN && IsLastAdmin() {
panic(ErrorDelLastAdmin)
}
err = DB.Transaction(func(tx *gorm.DB) error {
return tx.Model(usr).Association("Groups").Delete(grp)
})
if err != nil {
panic(err)
}
server.Res(c, &server.Response{Data: "ok"})
}