Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
golang
/
netmaker
zrkadlo https://github.com/gravitl/netmaker
2
0
Fork 0
Súbory Issues 0 Wiki
Prechádzať zdrojové kódy

feat(go): add checks for disable and enable user api;

Vishal Dalwadi 3 týždňov pred
rodič
05b2263350
commit
87f550d027
1 zmenil súbory, kde vykonal 91 pridanie a 6 odobranie
Rozdelené zobrazenie Ukázať štatistiku rozdielnych dát
  1. 91 6
      controllers/user.go

+ 91 - 6
controllers/user.go
Zobraziť súbor 

@@ -6,13 +6,14 @@ import (
 
 	"encoding/json"
 
 	"errors"
 
 	"fmt"
 
-	"github.com/pquerna/otp"
 
-	"golang.org/x/crypto/bcrypt"
 
 	"image/png"
 
 	"net/http"
 
 	"reflect"
 
 	"time"
 
 
+	"github.com/pquerna/otp"
 
+	"golang.org/x/crypto/bcrypt"
 
+
 
 	"github.com/google/uuid"
 
 	"github.com/gorilla/mux"
 
 	"github.com/gorilla/websocket"
 
@@ -776,6 +777,52 @@ func enableUserAccount(w http.ResponseWriter, r *http.Request) {
 
 		return
 
 	}
 
 
+	var caller *models.User
 
+	var isMaster bool
 
+	if r.Header.Get("user") == logic.MasterUser {
 
+		isMaster = true
 
+	} else {
 
+		caller, err = logic.GetUser(r.Header.Get("user"))
 
+		if err != nil {
 
+			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 
+			return
 
+		}
 
+	}
 
+
 
+	if !isMaster && caller.UserName == user.UserName {
 
+		// This implies that a user is trying to enable themselves.
 
+		// This can never happen, since a disabled user cannot be
 
+		// authenticated.
 
+		err := fmt.Errorf("cannot enable self")
 
+		logger.Log(0, err.Error())
 
+		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
 
+		return
 
+	}
 
+
 
+	switch user.PlatformRoleID {
 
+	case models.SuperAdminRole:
 
+		// This can never happen, since a superadmin user cannot
 
+		// be disabled.
 
+	case models.AdminRole:
 
+		if !isMaster && caller.PlatformRoleID != models.SuperAdminRole {
 
+			err = fmt.Errorf("%s cannot enable an admin", caller.PlatformRoleID)
 
+			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
 
+			return
 
+		}
 
+	case models.PlatformUser:
 
+		if !isMaster && caller.PlatformRoleID != models.SuperAdminRole && caller.PlatformRoleID != models.AdminRole {
 
+			err = fmt.Errorf("%s cannot enable a platform-user", caller.PlatformRoleID)
 
+			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
 
+			return
 
+		}
 
+	case models.ServiceUser:
 
+		if !isMaster && caller.PlatformRoleID != models.SuperAdminRole && caller.PlatformRoleID != models.AdminRole {
 
+			err = fmt.Errorf("%s cannot enable a service-user", caller.PlatformRoleID)
 
+			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
 
+			return
 
+		}
 
+	}
 
+
 
 	user.AccountDisabled = false
 
 	err = logic.UpsertUser(*user)
 
 	if err != nil {
 
@@ -802,13 +849,51 @@ func disableUserAccount(w http.ResponseWriter, r *http.Request) {
 
 		return
 
 	}
 
 
-	if user.PlatformRoleID == models.SuperAdminRole {
 
-		err = errors.New("cannot disable super-admin user account")
 
-		logger.Log(0, err.Error())
 
-		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
 
+	var caller *models.User
 
+	var isMaster bool
 
+	if r.Header.Get("user") == logic.MasterUser {
 
+		isMaster = true
 
+	} else {
 
+		caller, err = logic.GetUser(r.Header.Get("user"))
 
+		if err != nil {
 
+			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 
+			return
 
+		}
 
+	}
 
+
 
+	if !isMaster && caller.UserName == user.UserName {
 
+		// This implies that a user is trying to disable themselves.
 
+		// This should not be allowed.
 
+		err = fmt.Errorf("cannot disable self")
 
+		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
 
 		return
 
 	}
 
 
+	switch user.PlatformRoleID {
 
+	case models.SuperAdminRole:
 
+		err = errors.New("cannot disable a super-admin")
 
+		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
 
+		return
 
+	case models.AdminRole:
 
+		if !isMaster && caller.PlatformRoleID != models.SuperAdminRole {
 
+			err = fmt.Errorf("%s cannot disable an admin", caller.PlatformRoleID)
 
+			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
 
+			return
 
+		}
 
+	case models.PlatformUser:
 
+		if !isMaster && caller.PlatformRoleID != models.SuperAdminRole && caller.PlatformRoleID != models.AdminRole {
 
+			err = fmt.Errorf("%s cannot disable a platform-user", caller.PlatformRoleID)
 
+			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
 
+			return
 
+		}
 
+	case models.ServiceUser:
 
+		if !isMaster && caller.PlatformRoleID != models.SuperAdminRole && caller.PlatformRoleID != models.AdminRole {
 
+			err = fmt.Errorf("%s cannot disable a service-user", caller.PlatformRoleID)
 
+			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
 
+			return
 
+		}
 
+	}
 
+
 
 	user.AccountDisabled = true
 
 	err = logic.UpsertUser(*user)
 
 	if err != nil {