lavender/server/manage-users.go

131 lines
3.5 KiB
Go
Raw Normal View History

2024-02-07 01:18:17 +00:00
package server
import (
auth2 "github.com/1f349/lavender/auth"
2024-02-07 01:18:17 +00:00
"github.com/1f349/lavender/database"
"github.com/1f349/lavender/pages"
2024-09-13 15:31:40 +01:00
"github.com/1f349/lavender/role"
2024-02-07 01:18:17 +00:00
"github.com/julienschmidt/httprouter"
"golang.org/x/sync/errgroup"
2024-02-07 01:18:17 +00:00
"net/http"
"net/url"
"strconv"
)
func SetupManageUsers(r *httprouter.Router, hs *httpServer) {
r.GET("/manage/users", hs.RequireAdminAuthentication(hs.ManageUsersGet))
r.POST("/manage/users", hs.RequireAdminAuthentication(hs.ManageUsersPost))
}
func (h *httpServer) ManageUsersGet(rw http.ResponseWriter, req *http.Request, _ httprouter.Params, auth auth2.UserAuth) {
2024-02-07 01:18:17 +00:00
q := req.URL.Query()
2024-07-25 22:15:37 +01:00
offset, _ := strconv.Atoi(q.Get("offset"))
2024-02-07 01:18:17 +00:00
var roles []string
var userList []database.GetUserListRow
if h.DbTx(rw, func(tx *database.Queries) (err error) {
roles, err = tx.GetUserRoles(req.Context(), auth.Subject)
2024-02-07 01:18:17 +00:00
if err != nil {
return
}
userList, err = tx.GetUserList(req.Context(), int64(offset))
2024-02-07 01:18:17 +00:00
return
}) {
return
}
2024-09-13 15:31:40 +01:00
if !HasRole(roles, role.LavenderAdmin) {
2024-02-07 01:18:17 +00:00
http.Error(rw, "403 Forbidden", http.StatusForbidden)
return
}
m := map[string]any{
"ServiceName": h.conf.ServiceName,
"Users": userList,
"Offset": offset,
"EmailShow": req.URL.Query().Has("show-email"),
"CurrentAdmin": auth.Subject,
2024-02-07 01:18:17 +00:00
}
if q.Has("edit") {
for _, i := range userList {
if i.Subject == q.Get("edit") {
m["EditUser"] = i
rw.Header().Set("Content-Type", "text/html")
rw.WriteHeader(http.StatusOK)
pages.RenderPageTemplate(rw, "manage-users-edit", m)
return
2024-02-07 01:18:17 +00:00
}
}
http.Error(rw, "400 Bad Request: Invalid user to edit", http.StatusBadRequest)
return
}
rw.Header().Set("Content-Type", "text/html")
rw.WriteHeader(http.StatusOK)
pages.RenderPageTemplate(rw, "manage-users", m)
}
func (h *httpServer) ManageUsersPost(rw http.ResponseWriter, req *http.Request, _ httprouter.Params, auth auth2.UserAuth) {
2024-02-07 01:18:17 +00:00
err := req.ParseForm()
if err != nil {
http.Error(rw, "400 Bad Request: Failed to parse form", http.StatusBadRequest)
return
}
var roles []string
if h.DbTx(rw, func(tx *database.Queries) (err error) {
roles, err = tx.GetUserRoles(req.Context(), auth.Subject)
2024-02-07 01:18:17 +00:00
return
}) {
return
}
2024-02-08 01:25:14 +00:00
if !HasRole(roles, "lavender:admin") {
2024-02-07 01:18:17 +00:00
http.Error(rw, "400 Bad Request: Only admin users can manage users", http.StatusBadRequest)
return
}
offset := req.Form.Get("offset")
action := req.Form.Get("action")
newRoles := req.Form["roles"]
2024-02-07 01:18:17 +00:00
active := req.Form.Has("active")
switch action {
case "edit":
if h.DbTx(rw, func(tx *database.Queries) error {
2024-02-07 01:18:17 +00:00
sub := req.Form.Get("subject")
return tx.UseTx(req.Context(), func(tx *database.Queries) (err error) {
err = tx.ChangeUserActive(req.Context(), database.ChangeUserActiveParams{Column1: active, Subject: sub})
if err != nil {
return err
}
err = tx.RemoveUserRoles(req.Context(), sub)
if err != nil {
return err
}
errGrp := new(errgroup.Group)
errGrp.SetLimit(3)
for _, roleName := range newRoles {
errGrp.Go(func() error {
roleId, err := strconv.ParseInt(roleName, 10, 64)
if err != nil {
return err
}
return tx.AddUserRole(req.Context(), database.AddUserRoleParams{
RoleID: roleId,
Subject: sub,
})
})
}
return errGrp.Wait()
})
2024-02-07 01:18:17 +00:00
}) {
return
}
default:
http.Error(rw, "400 Bad Request: Invalid action", http.StatusBadRequest)
return
}
redirectUrl := url.URL{Path: "/manage/users", RawQuery: url.Values{"offset": []string{offset}}.Encode()}
http.Redirect(rw, req, redirectUrl.String(), http.StatusFound)
}