Merge pull request #511 from traPtitech/fix/issue-275

grant priviledge API
traPtitech · Jan 5, 2024 · 1bf18fe · 1bf18fe
2 parents 8715875 + de153b6
commit 1bf18fe
Show file tree

Hide file tree

Showing 6 changed files with 55 additions and 0 deletions.
diff --git a/docs/swagger.yaml b/docs/swagger.yaml
@@ -486,6 +486,23 @@ paths:
       responses:
         '200':
           $ref: '#/components/responses/icalSecret'
+  /users/{userID}/privileged:
+    parameters:
+      - $ref: '#/components/parameters/userID'
+    patch:
+      tags:
+        - users
+      operationId: grantPrivilege
+      description: 管理者権限を付与したいuserのuserIDをパラメータに入れる. APIを叩く本人が管理者権限を持っている必要がある.
+      responses:
+        '204':
+          $ref: '#/components/responses/Nocontent'
+        '400':
+          description: Bad Request
+        '403':
+          description: Forbidden
+        '404':
+          description: Not Found
 
   /tags:
     get:

diff --git a/domain/user.go b/domain/user.go
@@ -25,5 +25,6 @@ type UserRepository interface {
 	GetMyiCalSecret(info *ConInfo) (string, error)
 
 	IsPrevilege(info *ConInfo) bool
+	GrantPrivilege(userID uuid.UUID) error
 	SyncUsers(info *ConInfo) error
 }
diff --git a/infra/db/user.go b/infra/db/user.go
@@ -109,3 +109,13 @@ func getAllUsers(db *gorm.DB, onlyActive bool) ([]*User, error) {
 	err := db.Find(&users).Error
 	return users, err
 }
+
+func (repo *GormRepository) GrantPrivilege(userID uuid.UUID) error {
+	err := grantPrivilege(repo.db, userID)
+	return defaultErrorHandling(err)
+}
+
+func grantPrivilege(db *gorm.DB, userID uuid.UUID) error {
+	err := db.Model(&User{ID: userID}).Update("privilege", true).Error
+	return err
+}
diff --git a/repository/user.go b/repository/user.go
@@ -2,6 +2,7 @@ package repository
 
 import (
 	"errors"
+	"fmt"
 
 	"github.com/gofrs/uuid"
 	"github.com/traPtitech/go-traq"
@@ -206,3 +207,15 @@ func (repo *Repository) mergeUser(userMeta *db.User, userBody *traq.User) (*doma
 		State:       userMeta.State,
 	}, nil
 }
+
+func (repo *Repository) GrantPrivilege(userID uuid.UUID) error {
+	user, err := repo.GormRepo.GetUser(userID)
+	if err != nil {
+		return defaultErrorHandling(err)
+	}
+	if user.Privilege {
+		return fmt.Errorf("%w: user has been already privileged", domain.ErrBadRequest)
+	}
+	err = repo.GormRepo.GrantPrivilege(userID)
+	return defaultErrorHandling(err)
+}
diff --git a/router/router.go b/router/router.go
@@ -134,6 +134,7 @@ func (h *Handlers) SetupRoute() *echo.Echo {
 			// サービス管理者権限が必要
 			usersAPIWithPrevilegeAuth := usersAPI.Group("", h.PrevilegeUserMiddleware)
 			{
+				usersAPIWithPrevilegeAuth.PATCH("/:userid/privileged", h.HandleGrantPrivilege)
 				usersAPIWithPrevilegeAuth.POST("/sync", h.HandleSyncUser)
 			}
 		}

diff --git a/router/users.go b/router/users.go
@@ -74,3 +74,16 @@ func (h *Handlers) HandleSyncUser(c echo.Context) error {
 
 	return c.NoContent(http.StatusCreated)
 }
+
+// 権限のあるユーザーがないユーザーに権限を付与
+func (h *Handlers) HandleGrantPrivilege(c echo.Context) error {
+	userID, err := getPathUserID(c)
+	if err != nil {
+		return notFound(err)
+	}
+	err = h.Repo.GrantPrivilege(userID)
+	if err != nil {
+		return judgeErrorResponse(err)
+	}
+	return c.NoContent(http.StatusCreated)
+}