Various little improvements. More work on permissions

2025-12-10 21:48:52 +00:00 · 2019-02-14 22:04:00 -05:00
parent c3e5bd77f7
commit 8fe41b8fbb
31 changed files with 434 additions and 96 deletions
--- a/api/auth.go
+++ b/api/auth.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"github.com/Sirupsen/logrus"
 	"github.com/simon987/task_tracker/storage"
+	"strconv"
 )

 const MinPasswordLength = 8
@@ -31,6 +32,12 @@ type AccountDetails struct {
 	Manager  *storage.Manager `json:"manager,omitempty"`
 }

+type GetAllManagersResponse struct {
+	Ok       bool               `json:"ok"`
+	Message  string             `json:"message,omitempty"`
+	Managers *[]storage.Manager `json:"managers"`
+}
+
 func (r *RegisterRequest) isValid() bool {
 	return MinUsernameLength <= len(r.Username) &&
 		len(r.Username) <= MaxUsernameLength &&
@@ -158,3 +165,100 @@ func (api *WebAPI) AccountDetails(r *Request) {
 		})
 	}
 }
+
+func (api *WebAPI) GetAllManagers(r *Request) {
+
+	sess := api.Session.StartFasthttp(r.Ctx)
+	manager := sess.Get("manager")
+
+	if manager == nil {
+		r.Json(GetAllManagersResponse{
+			Ok:      false,
+			Message: "Unauthorized",
+		}, 401)
+		return
+	}
+
+	managers := api.Database.GetAllManagers()
+
+	r.OkJson(GetAllManagersResponse{
+		Ok:       true,
+		Managers: managers,
+	})
+}
+
+func (api *WebAPI) PromoteManager(r *Request) {
+
+	id, err := strconv.ParseInt(r.Ctx.UserValue("id").(string), 10, 64)
+	if err != nil || id <= 0 {
+		r.Json(CreateProjectResponse{
+			Ok:      false,
+			Message: "Invalid manager id",
+		}, 400)
+		return
+	}
+
+	sess := api.Session.StartFasthttp(r.Ctx)
+	manager := sess.Get("manager")
+
+	if !manager.(*storage.Manager).WebsiteAdmin || manager.(*storage.Manager).Id == id {
+		r.Json(GetAllManagersResponse{
+			Ok:      false,
+			Message: "Unauthorized",
+		}, 401)
+		return
+	}
+
+	if !manager.(*storage.Manager).WebsiteAdmin {
+		r.Json(GetAllManagersResponse{
+			Ok:      false,
+			Message: "Unauthorized",
+		}, 403)
+		return
+	}
+
+	api.Database.UpdateManager(&storage.Manager{
+		Id:           id,
+		WebsiteAdmin: true,
+	})
+
+	r.Ctx.Response.SetStatusCode(204)
+}
+
+func (api *WebAPI) DemoteManager(r *Request) {
+
+	id, err := strconv.ParseInt(r.Ctx.UserValue("id").(string), 10, 64)
+	if err != nil || id <= 0 {
+		r.Json(CreateProjectResponse{
+			Ok:      false,
+			Message: "Invalid manager id",
+		}, 400)
+		return
+	}
+
+	sess := api.Session.StartFasthttp(r.Ctx)
+	manager := sess.Get("manager")
+
+	if manager == nil {
+		r.Json(GetAllManagersResponse{
+			Ok:      false,
+			Message: "Unauthorized",
+		}, 401)
+		return
+	}
+
+	if !manager.(*storage.Manager).WebsiteAdmin || manager.(*storage.Manager).Id == id {
+		r.Json(GetAllManagersResponse{
+			Ok:      false,
+			Message: "Unauthorized",
+		}, 403)
+		return
+	}
+
+	api.Database.UpdateManager(&storage.Manager{
+		Id:           id,
+		WebsiteAdmin: false,
+	})
+
+	r.Ctx.Response.SetStatusCode(204)
+}
--- a/api/main.go
+++ b/api/main.go
@@ -106,6 +106,9 @@ func New() *WebAPI {
 	api.router.POST("/login", LogRequestMiddleware(api.Login))
 	api.router.GET("/logout", LogRequestMiddleware(api.Logout))
 	api.router.GET("/account", LogRequestMiddleware(api.AccountDetails))
+	api.router.GET("/manager/list", LogRequestMiddleware(api.GetAllManagers))
+	api.router.GET("/manager/promote/:id", LogRequestMiddleware(api.PromoteManager))
+	api.router.GET("/manager/demote/:id", LogRequestMiddleware(api.DemoteManager))

 	api.router.NotFound = func(ctx *fasthttp.RequestCtx) {