-
Notifications
You must be signed in to change notification settings - Fork 0
/
handle_members.go
142 lines (124 loc) · 3.69 KB
/
handle_members.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
package api
import (
"net/http"
"github.com/thomasfady/xsstower/models"
"github.com/gin-gonic/gin"
)
type HandlerMemberCreateForm struct {
Role models.PermisionType `json:"role" binding:"required"`
Email string `json:"email" binding:"required"`
}
type HandlerMemberEditForm struct {
Role models.PermisionType `json:"role" binding:"required"`
Id int `json:"user_id" binding:"required"`
}
type HandlerMemberDeleteForm struct {
Id int `json:"user_id" binding:"required"`
}
// @BasePath /api/
// @Summary Update Handler Member Role
// @Description Update Handler Member Role
// @Produce json
// @Router /handler/{handler_id}/members [put]
// @Tags Handlers
// @Param HandlerMemberEditForm body HandlerMemberEditForm true "HandleOptions"
func PutHandlerMembers(c *gin.Context) {
var form HandlerMemberEditForm
if err := c.Bind(&form); err != nil {
c.JSON(http.StatusNotAcceptable, err.Error())
return
}
user_id := c.GetInt("user_id")
var handler models.Handler
models.DB.Preload("Members.User").First(&handler, "owner_id = ? and id = ?", user_id, c.Param("key"))
if handler.ID == 0 {
c.JSON(http.StatusNotFound, "Handler does not exists")
return
}
if user_id == form.Id {
c.JSON(http.StatusForbidden, "You can't update your role")
return
}
for _, member := range handler.Members {
if member.UserID == form.Id {
member.Permission = models.PermisionType(form.Role)
models.DB.Save(&member)
c.JSON(http.StatusOK, "Member role updatated")
return
}
}
}
// @BasePath /api/
// @Summary Delete Handler Member
// @Description Delete Handler Member
// @Produce json
// @Router /handler/{handler_id}/members [delete]
// @Tags Handlers
// @Param HandlerMemberDeleteForm body HandlerMemberDeleteForm true "HandleOptions"
func DeleteHandlerMembers(c *gin.Context) {
var form HandlerMemberDeleteForm
if err := c.Bind(&form); err != nil {
c.JSON(http.StatusNotAcceptable, err.Error())
return
}
user_id := c.GetInt("user_id")
var handler models.Handler
models.DB.Preload("Members.User").First(&handler, "owner_id = ? and id = ?", user_id, c.Param("key"))
if handler.ID == 0 {
c.JSON(http.StatusNotFound, "Handler does not exists")
return
}
if user_id == form.Id {
c.JSON(http.StatusForbidden, "You can't delete yourself")
return
}
for _, member := range handler.Members {
if member.UserID == form.Id {
models.DB.Delete(&member)
c.JSON(http.StatusOK, "Member deleted")
return
}
}
}
// @BasePath /api/
// @Summary Create Handler Member
// @Description Create Handler Member
// @Produce json
// @Router /handler/{handler_id}/members [post]
// @Tags Handlers
// @Param HandlerMemberCreateForm body HandlerMemberCreateForm true "HandleOptions"
func PostHandlerMembers(c *gin.Context) {
var form HandlerMemberCreateForm
if err := c.Bind(&form); err != nil {
c.JSON(http.StatusNotAcceptable, err.Error())
return
}
user_id := c.GetInt("user_id")
var handler models.Handler
models.DB.Preload("Members.User").First(&handler, "owner_id = ? and id = ?", user_id, c.Param("key"))
var user models.User
models.DB.First(&user, "email = ?", form.Email)
if user.ID == 0 {
c.JSON(http.StatusNotFound, "User does not exists")
return
}
if user.ID == uint(user_id) {
c.JSON(http.StatusNotAcceptable, "Member already exists")
return
}
for _, member := range handler.Members {
if user.ID == member.User.ID {
c.JSON(http.StatusNotAcceptable, "Member already exists")
return
}
}
rbac := models.HandlerRbac{
User: user,
Permission: form.Role,
}
handler.Members = append(handler.Members, rbac)
tx := models.DB.Save(handler)
if tx.Error != nil {
c.JSON(http.StatusNotAcceptable, "Error during Handler Member creation")
}
}