This repository has been archived by the owner on May 16, 2024. It is now read-only.
/
request_admin.go
108 lines (95 loc) · 2.67 KB
/
request_admin.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
package api
import (
"errors"
"net/http"
"github.com/common-fate/apikit/apio"
"github.com/common-fate/common-fate/pkg/access"
"github.com/common-fate/common-fate/pkg/auth"
"github.com/common-fate/common-fate/pkg/storage"
"github.com/common-fate/common-fate/pkg/types"
"github.com/common-fate/ddb"
)
// "/api/v1/admin/requests"
func (a *API) AdminListRequests(w http.ResponseWriter, r *http.Request, params types.AdminListRequestsParams) {
ctx := r.Context()
var err error
var dbRes []access.Request
var qR *ddb.QueryResult
var next *string
queryOpts := []func(*ddb.QueryOpts){ddb.Limit(50)}
if params.NextToken != nil {
queryOpts = append(queryOpts, ddb.Page(*params.NextToken))
}
if params.Status != nil {
q := storage.ListRequestsForStatus{Status: access.Status(*params.Status)}
qR, err := a.DB.Query(ctx, &q, queryOpts...)
if err == ddb.ErrNoItems {
apio.Error(ctx, w, apio.NewRequestError(err, http.StatusNotFound))
return
}
if err != nil {
apio.Error(ctx, w, err)
return
}
if qR.NextPage != "" {
next = &qR.NextPage
}
dbRes = q.Result
} else {
q := storage.ListRequests{}
qR, err = a.DB.Query(ctx, &q, queryOpts...)
if err == ddb.ErrNoItems {
apio.Error(ctx, w, apio.NewRequestError(err, http.StatusNotFound))
return
}
if err != nil {
apio.Error(ctx, w, err)
return
}
if qR.NextPage != "" {
next = &qR.NextPage
}
dbRes = q.Result
}
// var endToken int
res := types.ListRequestsResponse{
Requests: make([]types.Request, len(dbRes)),
}
for i, r := range dbRes {
res.Requests[i] = r.ToAPI()
}
res.Next = next
apio.JSON(ctx, w, res, http.StatusOK)
}
// Get a request
// (GET /api/v1/admin/requests/{requestId})
func (a *API) AdminGetRequest(w http.ResponseWriter, r *http.Request, requestId string) {
ctx := r.Context()
u := auth.UserFromContext(ctx)
q := storage.GetRequest{ID: requestId}
_, err := a.DB.Query(ctx, &q)
if err == ddb.ErrNoItems {
apio.Error(ctx, w, apio.NewRequestError(err, http.StatusNotFound))
return
} else if err != nil {
apio.Error(ctx, w, err)
return
}
qr := storage.GetAccessRuleVersion{ID: q.Result.Rule, VersionID: q.Result.RuleVersion}
_, err = a.DB.Query(ctx, &qr)
// Any error fetching the access rule is an internal server error because it should exist if the request exists
if err != nil {
apio.Error(ctx, w, err)
return
}
if qr.Result == nil {
apio.Error(ctx, w, errors.New("access rule result was nil"))
return
}
requestArguments, err := a.Rules.RequestArguments(ctx, qr.Result.Target)
if err != nil {
apio.Error(ctx, w, err)
return
}
apio.JSON(ctx, w, q.Result.ToAPIDetail(*qr.Result, q.Result.RequestedBy != u.ID, requestArguments), http.StatusOK)
}