fix(controller): oktopus support user enterprise use cases

2024-07-02 13:30:19 -03:00 · 2024-07-02 13:30:19 -03:00 · 56e3b24d7d
commit 56e3b24d7d
parent fd79e7f352
1 changed files with 53 additions and 15 deletions
--- a/backend/services/controller/internal/api/user.go
+++ b/backend/services/controller/internal/api/user.go
@ -51,7 +51,7 @@ func (a *Api) registerUser(w http.ResponseWriter, r *http.Request) {
 	//Check if user which is requesting creation has the necessary privileges
 	rUser, err := a.db.FindUser(email)
-	if rUser.Level != db.AdminUser && rUser.Level != db.OktopusUser {
+	if rUser.Level != db.AdminUser {
 		w.WriteHeader(http.StatusForbidden)
 		return
 	}
@ -112,7 +112,7 @@ func (a *Api) deleteUser(w http.ResponseWriter, r *http.Request) {
 	userEmail := mux.Vars(r)["user"]
-	if rUser.Email == userEmail || ((rUser.Level == db.AdminUser || rUser.Level == db.OktopusUser) && rUser.Email != userEmail) { //Admin can delete any account, but admin account can never be deleted
+	if rUser.Email == userEmail || (rUser.Level == db.AdminUser) { //Admin can delete any account
 		if err := a.db.DeleteUser(userEmail); err != nil {
 			w.WriteHeader(http.StatusInternalServerError)
 			json.NewEncoder(w).Encode(err)
@ -138,7 +138,7 @@ func (a *Api) changePassword(w http.ResponseWriter, r *http.Request) {
 	userToChangePasswd := mux.Vars(r)["user"]
 	if userToChangePasswd != "" && userToChangePasswd != email {
 		rUser, _ := a.db.FindUser(email)
-		if rUser.Level != db.AdminUser && rUser.Level != db.OktopusUser {
+		if rUser.Level != db.AdminUser {
 			w.WriteHeader(http.StatusForbidden)
 			return
 		}
@ -168,24 +168,57 @@ func (a *Api) changePassword(w http.ResponseWriter, r *http.Request) {
 func (a *Api) registerAdminUser(w http.ResponseWriter, r *http.Request) {
-	var user db.User
+	tokenString := r.Header.Get("Authorization")
-	err := json.NewDecoder(r.Body).Decode(&user)
+	if tokenString == "" {
-	if err != nil {
+		users, err := a.db.FindAllUsers()
-		w.WriteHeader(http.StatusBadRequest)
+		if err != nil {
 			w.WriteHeader(http.StatusInternalServerError)
 			utils.MarshallEncoder(err, w)
 		}
 		if !adminUserExists(users) {
 			var user db.User
 			err = json.NewDecoder(r.Body).Decode(&user)
 			if err != nil {
 				w.WriteHeader(http.StatusBadRequest)
 				return
 			}
 			user.Level = db.AdminUser
 			if err := user.HashPassword(user.Password); err != nil {
 				w.WriteHeader(http.StatusInternalServerError)
 				return
 			}
 			if err := a.db.RegisterUser(user); err != nil {
 				w.WriteHeader(http.StatusInternalServerError)
 				return
 			}
 		} else {
 			w.WriteHeader(http.StatusForbidden)
 		}
 		return
 	}
-	users, err := a.db.FindAllUsers()
+	email, err := auth.ValidateToken(tokenString)
 	if err != nil {
-		log.Println(err)
+		w.WriteHeader(http.StatusUnauthorized)
 		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}
-	adminExists := adminUserExists(users)
+
-	if adminExists {
+	//Check if user which is requesting creation has the necessary privileges
-		log.Println("There might exist only one admin")
+	rUser, err := a.db.FindUser(email)
 	if rUser.Level != db.AdminUser {
 		w.WriteHeader(http.StatusForbidden)
 		return
 	}
 	var user db.User
 	err = json.NewDecoder(r.Body).Decode(&user)
 	if err != nil {
 		w.WriteHeader(http.StatusBadRequest)
 		json.NewEncoder(w).Encode("There might exist only one admin")
 		return
 	}
@ -203,8 +236,13 @@ func (a *Api) registerAdminUser(w http.ResponseWriter, r *http.Request) {
 }
 func adminUserExists(users []map[string]interface{}) bool {
 	if len(users) == 0 {
 		return false
 	}
 	for _, x := range users {
-		if db.UserLevels(x["level"].(int32)) == db.AdminUser {
+		if x["level"].(db.UserLevels) == db.AdminUser && x["email"].(string) != "support@oktopus.app.br" {
 			log.Println("Admin exists")
 			return true
 		}