From 1c7deec9e0ef7b50f5e9dbf4ce8496a5d49421ab Mon Sep 17 00:00:00 2001
From: motatoes <moe.habib9@gmail.com>
Date: Thu, 11 Jan 2024 14:10:03 +0000
Subject: [PATCH] support org level policies

---
 backend/controllers/policies.go   | 25 +------------
 backend/controllers/web.go        | 62 ++++++++++++++++++-------------
 backend/models/setup.go           |  1 -
 backend/models/storage.go         | 26 +++++++++++++
 backend/templates/policy_add.tmpl |  4 ++
 5 files changed, 69 insertions(+), 49 deletions(-)

diff --git a/backend/controllers/policies.go b/backend/controllers/policies.go
index 65ed02b3..cf8a13ab 100644
--- a/backend/controllers/policies.go
+++ b/backend/controllers/policies.go
@@ -151,29 +151,8 @@ func upsertPolicyForOrg(c *gin.Context, policyType string) {
 		return
 	}
 
-	policy := models.Policy{}
-
-	policyResult := models.DB.GormDB.Where("organisation_id = ? AND (repo_id IS NULL AND project_id IS NULL) AND type = ?", org.ID, policyType).Take(&policy)
-
-	if policyResult.RowsAffected == 0 {
-		err := models.DB.GormDB.Create(&models.Policy{
-			OrganisationID: org.ID,
-			Type:           policyType,
-			Policy:         string(policyData),
-		}).Error
-
-		if err != nil {
-			log.Printf("Error creating policy: %v", err)
-			c.String(http.StatusInternalServerError, "Error creating policy")
-			return
-		}
-	} else {
-		err := policyResult.Update("policy", string(policyData)).Error
-		if err != nil {
-			log.Printf("Error updating policy: %v", err)
-			c.String(http.StatusInternalServerError, "Error updating policy")
-			return
-		}
+	if err = models.DB.UpsertPolicyForOrg(policyType, org, string(policyData)); err != nil {
+		c.String(http.StatusInternalServerError, "Error creating policy for organisation: %v", org)
 	}
 
 	c.JSON(http.StatusOK, gin.H{"success": true})
diff --git a/backend/controllers/web.go b/backend/controllers/web.go
index 0a3b8219..d016dcde 100644
--- a/backend/controllers/web.go
+++ b/backend/controllers/web.go
@@ -109,6 +109,12 @@ func (web *WebController) PoliciesPage(c *gin.Context) {
 }
 
 func (web *WebController) AddPolicyPage(c *gin.Context) {
+	organisationId, exists := c.Get(middleware.ORGANISATION_ID_KEY)
+	if !exists {
+		c.String(http.StatusForbidden, "Not allowed to access this resource")
+		return
+	}
+
 	if c.Request.Method == "GET" {
 		message := ""
 		projects, done := models.DB.GetProjectsFromContext(c, middleware.ORGANISATION_ID_KEY)
@@ -137,32 +143,38 @@ func (web *WebController) AddPolicyPage(c *gin.Context) {
 
 		policyType := c.PostForm("policytype")
 		projectIdStr := c.PostForm("projectid")
-		projectId64, err := strconv.ParseUint(projectIdStr, 10, 32)
-		if err != nil {
-			c.String(http.StatusInternalServerError, "Failed to parse policy id")
-			return
-		}
-		projectId := uint(projectId64)
-		project, ok := models.DB.GetProjectByProjectId(c, projectId, middleware.ORGANISATION_ID_KEY)
-		if !ok {
-			log.Printf("Failed to fetch specified project by id: %v, %v\n", projectIdStr, err)
-			message := "Failed to create a policy"
-			services.AddError(c, message)
-			pageContext := services.GetMessages(c)
-			c.HTML(http.StatusOK, "policy_add.tmpl", pageContext)
-		}
-
-		log.Printf("repo: %v\n", project.Repo)
-
-		policy := models.Policy{Project: project, Policy: policyText, Type: policyType, Organisation: project.Organisation, Repo: project.Repo}
+		if projectIdStr != "" {
+			projectId64, err := strconv.ParseUint(projectIdStr, 10, 32)
+			if err != nil {
+				c.String(http.StatusInternalServerError, "Failed to parse project id")
+				return
+			}
+			projectIdPtr := uint(projectId64)
+			projectId := &projectIdPtr
+			project, ok := models.DB.GetProjectByProjectId(c, *projectId, middleware.ORGANISATION_ID_KEY)
+			if !ok {
+				log.Printf("Failed to fetch specified project by id: %v, %v\n", projectIdStr, err)
+				message := "Failed to create a policy"
+				services.AddError(c, message)
+				pageContext := services.GetMessages(c)
+				c.HTML(http.StatusOK, "policy_add.tmpl", pageContext)
+			}
+			log.Printf("repo: %v\n", project.Repo)
+			policy := models.Policy{ProjectID: projectId, Policy: policyText, Type: policyType, Organisation: project.Organisation, Repo: project.Repo}
+			err = models.DB.GormDB.Create(&policy).Error
+			if err != nil {
+				log.Printf("Failed to create a new policy, %v\n", err)
+				message := "Failed to create a policy"
+				services.AddError(c, message)
+				pageContext := services.GetMessages(c)
+				c.HTML(http.StatusOK, "policy_add.tmpl", pageContext)
+			}
 
-		err = models.DB.GormDB.Create(&policy).Error
-		if err != nil {
-			log.Printf("Failed to create a new policy, %v\n", err)
-			message := "Failed to create a policy"
-			services.AddError(c, message)
-			pageContext := services.GetMessages(c)
-			c.HTML(http.StatusOK, "policy_add.tmpl", pageContext)
+		} else {
+			org, err := models.DB.GetOrganisationById(organisationId)
+			if err = models.DB.UpsertPolicyForOrg(policyType, *org, policyText); err != nil {
+				c.String(http.StatusInternalServerError, "Error creating policy for organisation: %v", org)
+			}
 		}
 
 		c.Redirect(http.StatusFound, "/policies")
diff --git a/backend/models/setup.go b/backend/models/setup.go
index 4a7ceff9..37236546 100644
--- a/backend/models/setup.go
+++ b/backend/models/setup.go
@@ -19,7 +19,6 @@ var DEFAULT_ORG_NAME = "digger"
 var DB *Database
 
 func ConnectDatabase() {
-
 	database, err := gorm.Open(postgres.Open(os.Getenv("DATABASE_URL")), &gorm.Config{
 		Logger: logger.Default.LogMode(logger.Info),
 	})
diff --git a/backend/models/storage.go b/backend/models/storage.go
index 7f77f527..c1e86c0c 100644
--- a/backend/models/storage.go
+++ b/backend/models/storage.go
@@ -64,6 +64,32 @@ func (db *Database) GetReposFromContext(c *gin.Context, orgIdKey string) ([]Repo
 	return repos, true
 }
 
+func (db *Database) UpsertPolicyForOrg(policyType string, org Organisation, policyContent string) error {
+	policy := Policy{}
+
+	policyResult := db.GormDB.Where("organisation_id = ? AND (repo_id IS NULL AND project_id IS NULL) AND type = ?", org.ID, policyType).Take(&policy)
+
+	if policyResult.RowsAffected == 0 {
+		err := db.GormDB.Create(&Policy{
+			OrganisationID: org.ID,
+			Type:           policyType,
+			Policy:         policyContent,
+		}).Error
+
+		if err != nil {
+			log.Printf("Error creating policy: %v", err)
+			return fmt.Errorf("error creating policy: %v", err)
+		}
+	} else {
+		err := policyResult.Update("policy", policyContent).Error
+		if err != nil {
+			log.Printf("Error updating policy: %v", err)
+			return fmt.Errorf("error updating policy: %v", err)
+		}
+	}
+	return nil
+}
+
 func (db *Database) GetPoliciesFromContext(c *gin.Context, orgIdKey string) ([]Policy, bool) {
 	loggedInOrganisationId, exists := c.Get(orgIdKey)
 
diff --git a/backend/templates/policy_add.tmpl b/backend/templates/policy_add.tmpl
index 5c78df4c..f56cf383 100644
--- a/backend/templates/policy_add.tmpl
+++ b/backend/templates/policy_add.tmpl
@@ -9,6 +9,10 @@
 
             {{template "notifications" . }}
 
+                <div class="alert alert-info" role="alert">
+                  Leave project field empty to add organisation level policies
+                </div>
+
                 <form method="POST">
                     <div class="row">
                         <div class="col">