From 7b99eac10462f8cf4d159fd44181ea1a2f73eb7c Mon Sep 17 00:00:00 2001 From: iChemy Date: Mon, 6 Mar 2023 20:17:25 +0900 Subject: [PATCH 1/6] issue275. make privileged API --- domain/user.go | 1 + infra/db/user.go | 19 +++++++++++++++++++ router/router.go | 3 +++ router/users.go | 13 +++++++++++++ usecase/production/user.go | 5 +++++ 5 files changed, 41 insertions(+) diff --git a/domain/user.go b/domain/user.go index 55c70803..75966c9b 100644 --- a/domain/user.go +++ b/domain/user.go @@ -25,4 +25,5 @@ type UserRepository interface { GetMyiCalSecret(info *ConInfo) (string, error) IsPrevilege(info *ConInfo) bool + GrantPrivilege(userID uuid.UUID) error } diff --git a/infra/db/user.go b/infra/db/user.go index 62533783..81e314e6 100644 --- a/infra/db/user.go +++ b/infra/db/user.go @@ -109,3 +109,22 @@ func getAllUsers(db *gorm.DB, onlyActive bool) ([]*User, error) { err := db.Find(&users).Error return users, err } + +func (repo *GormRepository) GrantPrivilege(userID uuid.UUID) error { + err := grantPrivilege(repo.db, userID) + return defaultErrorHandling(err) +} + +func grantPrivilege(db *gorm.DB, userID uuid.UUID) error { + u, err := getUser(db, userID) + if err != nil { + return err + } + if u.Privilege { + return errors.New("User has been already privileged") + } + u.Privilege = true + err = db.Session(&gorm.Session{FullSaveAssociations: true}). + Omit("CreatedAt").Save(u).Error + return err +} diff --git a/router/router.go b/router/router.go index 7d327c07..627d3ee5 100644 --- a/router/router.go +++ b/router/router.go @@ -126,7 +126,10 @@ func (h *Handlers) SetupRoute() *echo.Echo { { apiUser.GET("/events", h.HandleGetEventsByUserID) apiUser.GET("/groups", h.HandleGetGroupIDsByUserID) + // apiUser.PATCH("/privileged", h.HandleGrantPrivlige, previlegeMiddle) } + + apiUsers.PATCH("/privileged/:userid", h.HandleGrantPrivlege, previlegeMiddle) } apiTags := api.Group("/tags") diff --git a/router/users.go b/router/users.go index 5c1334be..7f75981c 100644 --- a/router/users.go +++ b/router/users.go @@ -79,3 +79,16 @@ func (h *Handlers) HandleSyncUser(c echo.Context) error { return c.NoContent(http.StatusCreated) } + +// 権限のあるユーザーがないユーザに権限を付与 +func (h *Handlers) HandleGrantPrivlege(c echo.Context) error { + userID, err := getPathUserID(c) + if err != nil { + return notFound(err) + } + err = h.Repo.GrantPrivilege(userID) + if err != nil { + return judgeErrorResponse(err) + } + return c.NoContent(http.StatusCreated) +} diff --git a/usecase/production/user.go b/usecase/production/user.go index c9191fa1..7d114f72 100644 --- a/usecase/production/user.go +++ b/usecase/production/user.go @@ -203,3 +203,8 @@ func (repo *Repository) mergeUser(userMeta *db.User, userBody *traQ.User) (*doma State: userMeta.State, }, nil } + +func (repo *Repository) GrantPrivilege(userID uuid.UUID) error { + err := repo.GormRepo.GrantPrivilege(userID) + return err +} From a35abc972d14faf5466955cfd9d57556fb129e90 Mon Sep 17 00:00:00 2001 From: iChemy Date: Mon, 6 Mar 2023 22:52:03 +0900 Subject: [PATCH 2/6] change path name and move logic --- docs/swagger.yaml | 15 +++++++++++++++ infra/db/user.go | 11 +---------- router/router.go | 4 +--- usecase/production/user.go | 9 ++++++++- 4 files changed, 25 insertions(+), 14 deletions(-) diff --git a/docs/swagger.yaml b/docs/swagger.yaml index 8f7689e2..c9fa8443 100644 --- a/docs/swagger.yaml +++ b/docs/swagger.yaml @@ -486,6 +486,21 @@ paths: responses: '200': $ref: '#/components/responses/icalSecret' + /users/{userID}/privileged: + parameters: + - $ref: '#/components/parameters/userID' + patch: + tags: + - users + operationId: grantPrivilege + description: 管理者権限を付与したいuserのuserIDをパラメータに入れる. APIを叩く本人が管理者権限を持っている必要がある. + responses: + '204': + $ref: '#/components/responses/Nocontent' + '403': + description: Forbidden + '404': + description: Not Found /tags: get: diff --git a/infra/db/user.go b/infra/db/user.go index 81e314e6..00501fc1 100644 --- a/infra/db/user.go +++ b/infra/db/user.go @@ -116,15 +116,6 @@ func (repo *GormRepository) GrantPrivilege(userID uuid.UUID) error { } func grantPrivilege(db *gorm.DB, userID uuid.UUID) error { - u, err := getUser(db, userID) - if err != nil { - return err - } - if u.Privilege { - return errors.New("User has been already privileged") - } - u.Privilege = true - err = db.Session(&gorm.Session{FullSaveAssociations: true}). - Omit("CreatedAt").Save(u).Error + err := db.Model(&User{ID: userID}).Update("privilege", true).Error return err } diff --git a/router/router.go b/router/router.go index 627d3ee5..df2c33e0 100644 --- a/router/router.go +++ b/router/router.go @@ -126,10 +126,8 @@ func (h *Handlers) SetupRoute() *echo.Echo { { apiUser.GET("/events", h.HandleGetEventsByUserID) apiUser.GET("/groups", h.HandleGetGroupIDsByUserID) - // apiUser.PATCH("/privileged", h.HandleGrantPrivlige, previlegeMiddle) + apiUser.PATCH("/privileged", h.HandleGrantPrivlege, previlegeMiddle) } - - apiUsers.PATCH("/privileged/:userid", h.HandleGrantPrivlege, previlegeMiddle) } apiTags := api.Group("/tags") diff --git a/usecase/production/user.go b/usecase/production/user.go index 7d114f72..066f7f37 100644 --- a/usecase/production/user.go +++ b/usecase/production/user.go @@ -205,6 +205,13 @@ func (repo *Repository) mergeUser(userMeta *db.User, userBody *traQ.User) (*doma } func (repo *Repository) GrantPrivilege(userID uuid.UUID) error { - err := repo.GormRepo.GrantPrivilege(userID) + user, err := repo.GormRepo.GetUser(userID) + if err != nil { + return err + } + if user.Privilege { + return errors.New("user has been already privileged") + } + err = repo.GormRepo.GrantPrivilege(userID) return err } From 95dc052723d9df6b9b8da99625e80b3b35789af2 Mon Sep 17 00:00:00 2001 From: iChemy Date: Mon, 13 Mar 2023 17:17:42 +0900 Subject: [PATCH 3/6] fix error format --- usecase/production/user.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/usecase/production/user.go b/usecase/production/user.go index 066f7f37..ea300cee 100644 --- a/usecase/production/user.go +++ b/usecase/production/user.go @@ -2,6 +2,7 @@ package production import ( "errors" + "fmt" "github.com/gofrs/uuid" "github.com/traPtitech/knoQ/domain" @@ -207,11 +208,11 @@ func (repo *Repository) mergeUser(userMeta *db.User, userBody *traQ.User) (*doma func (repo *Repository) GrantPrivilege(userID uuid.UUID) error { user, err := repo.GormRepo.GetUser(userID) if err != nil { - return err + return defaultErrorHandling(err) } if user.Privilege { - return errors.New("user has been already privileged") + return fmt.Errorf("%w: user has been already privileged", domain.ErrBadRequest) } err = repo.GormRepo.GrantPrivilege(userID) - return err + return defaultErrorHandling(err) } From 984c05606f9418d31e654d8c47fc3d19125fce6d Mon Sep 17 00:00:00 2001 From: iChemy Date: Mon, 13 Mar 2023 17:33:56 +0900 Subject: [PATCH 4/6] Bad Requestgit add . --- docs/swagger.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/swagger.yaml b/docs/swagger.yaml index c9fa8443..a13d95c1 100644 --- a/docs/swagger.yaml +++ b/docs/swagger.yaml @@ -497,6 +497,8 @@ paths: responses: '204': $ref: '#/components/responses/Nocontent' + '400': + description: Bad Request '403': description: Forbidden '404': From e04f9b76d694837222b4de2cdbd303bf84dc9c52 Mon Sep 17 00:00:00 2001 From: iChemy Date: Mon, 13 Mar 2023 20:23:51 +0900 Subject: [PATCH 5/6] :pencil2: fix typo --- router/users.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/router/users.go b/router/users.go index 7f75981c..cc7b4f55 100644 --- a/router/users.go +++ b/router/users.go @@ -80,7 +80,7 @@ func (h *Handlers) HandleSyncUser(c echo.Context) error { return c.NoContent(http.StatusCreated) } -// 権限のあるユーザーがないユーザに権限を付与 +// 権限のあるユーザーがないユーザーに権限を付与 func (h *Handlers) HandleGrantPrivlege(c echo.Context) error { userID, err := getPathUserID(c) if err != nil { From de153b6928557b81ba2fbb0612311cbcce051b72 Mon Sep 17 00:00:00 2001 From: ras0q Date: Fri, 5 Jan 2024 20:37:46 +0900 Subject: [PATCH 6/6] :adhesive_bandage: typo --- router/router.go | 2 +- router/users.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/router/router.go b/router/router.go index ba9fd2f2..52a229dc 100644 --- a/router/router.go +++ b/router/router.go @@ -134,7 +134,7 @@ func (h *Handlers) SetupRoute() *echo.Echo { // サービス管理者権限が必要 usersAPIWithPrevilegeAuth := usersAPI.Group("", h.PrevilegeUserMiddleware) { - usersAPIWithPrevilegeAuth.PATCH("/:userid/privileged", h.HandleGrantPrivlege) + usersAPIWithPrevilegeAuth.PATCH("/:userid/privileged", h.HandleGrantPrivilege) usersAPIWithPrevilegeAuth.POST("/sync", h.HandleSyncUser) } } diff --git a/router/users.go b/router/users.go index 6a26ac3d..295dc394 100644 --- a/router/users.go +++ b/router/users.go @@ -76,7 +76,7 @@ func (h *Handlers) HandleSyncUser(c echo.Context) error { } // 権限のあるユーザーがないユーザーに権限を付与 -func (h *Handlers) HandleGrantPrivlege(c echo.Context) error { +func (h *Handlers) HandleGrantPrivilege(c echo.Context) error { userID, err := getPathUserID(c) if err != nil { return notFound(err)