From 56e3b24d7d5ead9dbc9aecb4f9e45341887993d3 Mon Sep 17 00:00:00 2001 From: leandrofars Date: Tue, 2 Jul 2024 13:30:19 -0300 Subject: [PATCH] fix(controller): oktopus support user enterprise use cases --- .../services/controller/internal/api/user.go | 68 +++++++++++++++---- 1 file changed, 53 insertions(+), 15 deletions(-) diff --git a/backend/services/controller/internal/api/user.go b/backend/services/controller/internal/api/user.go index e6b3c7e..ee2792a 100644 --- a/backend/services/controller/internal/api/user.go +++ b/backend/services/controller/internal/api/user.go @@ -51,7 +51,7 @@ func (a *Api) registerUser(w http.ResponseWriter, r *http.Request) { //Check if user which is requesting creation has the necessary privileges rUser, err := a.db.FindUser(email) - if rUser.Level != db.AdminUser && rUser.Level != db.OktopusUser { + if rUser.Level != db.AdminUser { w.WriteHeader(http.StatusForbidden) return } @@ -112,7 +112,7 @@ func (a *Api) deleteUser(w http.ResponseWriter, r *http.Request) { userEmail := mux.Vars(r)["user"] - if rUser.Email == userEmail || ((rUser.Level == db.AdminUser || rUser.Level == db.OktopusUser) && rUser.Email != userEmail) { //Admin can delete any account, but admin account can never be deleted + if rUser.Email == userEmail || (rUser.Level == db.AdminUser) { //Admin can delete any account if err := a.db.DeleteUser(userEmail); err != nil { w.WriteHeader(http.StatusInternalServerError) json.NewEncoder(w).Encode(err) @@ -138,7 +138,7 @@ func (a *Api) changePassword(w http.ResponseWriter, r *http.Request) { userToChangePasswd := mux.Vars(r)["user"] if userToChangePasswd != "" && userToChangePasswd != email { rUser, _ := a.db.FindUser(email) - if rUser.Level != db.AdminUser && rUser.Level != db.OktopusUser { + if rUser.Level != db.AdminUser { w.WriteHeader(http.StatusForbidden) return } @@ -168,24 +168,57 @@ func (a *Api) changePassword(w http.ResponseWriter, r *http.Request) { func (a *Api) registerAdminUser(w http.ResponseWriter, r *http.Request) { - var user db.User - err := json.NewDecoder(r.Body).Decode(&user) - if err != nil { - w.WriteHeader(http.StatusBadRequest) + tokenString := r.Header.Get("Authorization") + if tokenString == "" { + users, err := a.db.FindAllUsers() + if err != nil { + w.WriteHeader(http.StatusInternalServerError) + utils.MarshallEncoder(err, w) + } + + if !adminUserExists(users) { + var user db.User + err = json.NewDecoder(r.Body).Decode(&user) + if err != nil { + w.WriteHeader(http.StatusBadRequest) + return + } + + user.Level = db.AdminUser + + if err := user.HashPassword(user.Password); err != nil { + w.WriteHeader(http.StatusInternalServerError) + return + } + + if err := a.db.RegisterUser(user); err != nil { + w.WriteHeader(http.StatusInternalServerError) + return + } + } else { + w.WriteHeader(http.StatusForbidden) + } + return } - users, err := a.db.FindAllUsers() + email, err := auth.ValidateToken(tokenString) if err != nil { - log.Println(err) - w.WriteHeader(http.StatusInternalServerError) + w.WriteHeader(http.StatusUnauthorized) return } - adminExists := adminUserExists(users) - if adminExists { - log.Println("There might exist only one admin") + + //Check if user which is requesting creation has the necessary privileges + rUser, err := a.db.FindUser(email) + if rUser.Level != db.AdminUser { + w.WriteHeader(http.StatusForbidden) + return + } + + var user db.User + err = json.NewDecoder(r.Body).Decode(&user) + if err != nil { w.WriteHeader(http.StatusBadRequest) - json.NewEncoder(w).Encode("There might exist only one admin") return } @@ -203,8 +236,13 @@ func (a *Api) registerAdminUser(w http.ResponseWriter, r *http.Request) { } func adminUserExists(users []map[string]interface{}) bool { + + if len(users) == 0 { + return false + } + for _, x := range users { - if db.UserLevels(x["level"].(int32)) == db.AdminUser { + if x["level"].(db.UserLevels) == db.AdminUser && x["email"].(string) != "support@oktopus.app.br" { log.Println("Admin exists") return true }