fix(controller): oktopus support user enterprise use cases

2024-07-02 13:30:19 -03:00 · 2024-07-02 13:30:19 -03:00 · 56e3b24d7d
commit 56e3b24d7d
parent fd79e7f352
1 changed files with 53 additions and 15 deletions
--- a/backend/services/controller/internal/api/user.go
+++ b/backend/services/controller/internal/api/user.go
@ -51,7 +51,7 @@ func (a *Api) registerUser(w http.ResponseWriter, r *http.Request) {

 	//Check if user which is requesting creation has the necessary privileges
 	rUser, err := a.db.FindUser(email)
-	if rUser.Level != db.AdminUser && rUser.Level != db.OktopusUser {
+	if rUser.Level != db.AdminUser {
 		w.WriteHeader(http.StatusForbidden)
 		return
 	}
@ -112,7 +112,7 @@ func (a *Api) deleteUser(w http.ResponseWriter, r *http.Request) {

 	userEmail := mux.Vars(r)["user"]

-	if rUser.Email == userEmail || ((rUser.Level == db.AdminUser || rUser.Level == db.OktopusUser) && rUser.Email != userEmail) { //Admin can delete any account, but admin account can never be deleted
+	if rUser.Email == userEmail || (rUser.Level == db.AdminUser) { //Admin can delete any account
 		if err := a.db.DeleteUser(userEmail); err != nil {
 			w.WriteHeader(http.StatusInternalServerError)
 			json.NewEncoder(w).Encode(err)
@ -138,7 +138,7 @@ func (a *Api) changePassword(w http.ResponseWriter, r *http.Request) {
 	userToChangePasswd := mux.Vars(r)["user"]
 	if userToChangePasswd != "" && userToChangePasswd != email {
 		rUser, _ := a.db.FindUser(email)
-		if rUser.Level != db.AdminUser && rUser.Level != db.OktopusUser {
+		if rUser.Level != db.AdminUser {
 			w.WriteHeader(http.StatusForbidden)
 			return
 		}
@ -168,24 +168,57 @@ func (a *Api) changePassword(w http.ResponseWriter, r *http.Request) {

 func (a *Api) registerAdminUser(w http.ResponseWriter, r *http.Request) {

-	var user db.User
-	err := json.NewDecoder(r.Body).Decode(&user)
-	if err != nil {
-		w.WriteHeader(http.StatusBadRequest)
+	tokenString := r.Header.Get("Authorization")
+	if tokenString == "" {
+		users, err := a.db.FindAllUsers()
+		if err != nil {
+			w.WriteHeader(http.StatusInternalServerError)
+			utils.MarshallEncoder(err, w)
+		}
+
+		if !adminUserExists(users) {
+			var user db.User
+			err = json.NewDecoder(r.Body).Decode(&user)
+			if err != nil {
+				w.WriteHeader(http.StatusBadRequest)
+				return
+			}
+
+			user.Level = db.AdminUser
+
+			if err := user.HashPassword(user.Password); err != nil {
+				w.WriteHeader(http.StatusInternalServerError)
+				return
+			}
+
+			if err := a.db.RegisterUser(user); err != nil {
+				w.WriteHeader(http.StatusInternalServerError)
+				return
+			}
+		} else {
+			w.WriteHeader(http.StatusForbidden)
+		}
+
 		return
 	}

-	users, err := a.db.FindAllUsers()
+	email, err := auth.ValidateToken(tokenString)
 	if err != nil {
-		log.Println(err)
-		w.WriteHeader(http.StatusInternalServerError)
+		w.WriteHeader(http.StatusUnauthorized)
 		return
 	}
-	adminExists := adminUserExists(users)
-	if adminExists {
-		log.Println("There might exist only one admin")
+
+	//Check if user which is requesting creation has the necessary privileges
+	rUser, err := a.db.FindUser(email)
+	if rUser.Level != db.AdminUser {
+		w.WriteHeader(http.StatusForbidden)
+		return
+	}
+
+	var user db.User
+	err = json.NewDecoder(r.Body).Decode(&user)
+	if err != nil {
 		w.WriteHeader(http.StatusBadRequest)
-		json.NewEncoder(w).Encode("There might exist only one admin")
 		return
 	}

@ -203,8 +236,13 @@ func (a *Api) registerAdminUser(w http.ResponseWriter, r *http.Request) {
 }

 func adminUserExists(users []map[string]interface{}) bool {
+
+	if len(users) == 0 {
+		return false
+	}
+
 	for _, x := range users {
-		if db.UserLevels(x["level"].(int32)) == db.AdminUser {
+		if x["level"].(db.UserLevels) == db.AdminUser && x["email"].(string) != "support@oktopus.app.br" {
 			log.Println("Admin exists")
 			return true
 		}