Fixed creation of users + better frontend handling of permissions

backend/api/shortcodes/shortcodes.go

@@ -2,15 +2,21 @@ package shortcodes
 
 import (
 	"context"
+	"fmt"
 	"net/http"
+	"os"
 
 	"fr.latosa-escrima/core"
 	"fr.latosa-escrima/core/models"
+	"fr.latosa-escrima/utils"
 )
 
 func HandleShortcodes(w http.ResponseWriter, r *http.Request) {
 	var shortcodes []models.Shortcode
-	err := core.DB.NewSelect().Model(&shortcodes).Scan(context.Background())
+	err := core.DB.NewSelect().
+		Model(&shortcodes).
+		Relation("Media").
+		Scan(context.Background())
 	if err != nil {
 		core.JSONError{
 			Status:  core.Error,
@@ -19,6 +25,26 @@ func HandleShortcodes(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	scheme := "http"
+	if r.TLS != nil || os.Getenv("ENVIRONMENT") != "DEV" { // Check if the request is over HTTPS
+		scheme = "https"
+	}
+
+	// Extract the host
+	host := r.Host
+	baseURL := fmt.Sprintf("%s://%s", scheme, host)
+	if os.Getenv("ENVIRONMENT") != "DEV" {
+		baseURL += "/api"
+	}
+	shortcodes = utils.Map(shortcodes, func(s models.Shortcode) models.Shortcode {
+		if s.MediaID == nil {
+			return s
+		}
+		s.Media.Author = nil
+		s.Media.URL = fmt.Sprintf("%s/media/%s/file", baseURL, s.MediaID)
+		return s
+	})
+
 	core.JSONSuccess{
 		Status:  core.Success,
 		Message: "Shortcodes retrieved.",

backend/api/users/new.go

@@ -8,9 +8,11 @@ import (
 
 	core "fr.latosa-escrima/core"
 	"fr.latosa-escrima/core/models"
+	"fr.latosa-escrima/utils"
 )
 
 func HandleNew(w http.ResponseWriter, r *http.Request) {
+	ctx := context.Background()
 	var user models.User
 	err := json.NewDecoder(r.Body).Decode(&user)
 	if err != nil {
@@ -22,15 +24,8 @@ func HandleNew(w http.ResponseWriter, r *http.Request) {
 	}
 	log.Println("User : ", user)
 
-	res, err := user.Insert(core.DB, context.Background())
+	res, err := user.Insert(core.DB, ctx)
 	log.Println(res)
-	// if res == nil {
-	// 	core.JSONError{
-	// 		Status:  core.Error,
-	// 		Message: "The user couldn't be inserted.",
-	// 	}.Respond(w, http.StatusNotAcceptable)
-	// 	return
-	// }
 
 	if err != nil {
 		core.JSONError{
@@ -40,6 +35,24 @@ func HandleNew(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	userRoles := utils.Map(user.Roles, func(role models.Role) models.UserToRole {
+		return models.UserToRole{
+			UserID: user.UserID,
+			RoleID: role.ID,
+		}
+	})
+
+	for _, userRole := range userRoles {
+		_, err := core.DB.NewInsert().Model(&userRole).Ignore().Exec(ctx)
+		if err != nil {
+			core.JSONError{
+				Status:  core.Error,
+				Message: err.Error(),
+			}.Respond(w, http.StatusInternalServerError)
+			return
+		}
+	}
+
 	core.JSONSuccess{
 		Status:  core.Success,
 		Message: "User inserted successfully.",

backend/api/users/update.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"log"
 	"net/http"
 	"reflect"
 	"strings"
@@ -11,6 +12,9 @@ import (
 
 	"fr.latosa-escrima/core"
 	"fr.latosa-escrima/core/models"
+	"fr.latosa-escrima/utils"
+	"github.com/google/uuid"
+	"github.com/uptrace/bun"
 )
 
 type UpdateUserArgs struct {
@@ -20,9 +24,11 @@ type UpdateUserArgs struct {
 	Password   *string                `json:"password,omitempty"`
 	Phone      *string                `json:"phone,omitempty"`
 	Attributes *models.UserAttributes `json:"attributes"`
+	Roles      *[]models.Role         `json:"roles"`
 }
 
 func HandleUpdate(w http.ResponseWriter, r *http.Request) {
+	ctx := context.Background()
 	var updateArgs UpdateUserArgs
 	err := json.NewDecoder(r.Body).Decode(&updateArgs)
 	if err != nil {
@@ -33,13 +39,34 @@ func HandleUpdate(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	user_uuid := r.PathValue("user_uuid")
+	uid, err := uuid.Parse(user_uuid)
+	if err != nil {
+		return
+	}
 	var user models.User
+	err = core.DB.
+		NewSelect().
+		Model(&user).
+		Where("user_id = ?", user_uuid).
+		Relation("Roles").
+		Scan(ctx)
+	if err != nil {
+		core.JSONError{
+			Status:  core.Error,
+			Message: err.Error(),
+		}.Respond(w, http.StatusInternalServerError)
+		return
+	}
 	updateQuery := core.DB.NewUpdate().Model(&user)
 
+	rolesInsert := []*bun.InsertQuery{}
+	rolesRemoved := []*bun.DeleteQuery{}
+
 	val := reflect.ValueOf(updateArgs)
 	typ := reflect.TypeOf(updateArgs)
 
-	for i := 0; i < val.NumField(); i++ {
+	for i := range val.NumField() {
 		field := val.Field(i)
 		fieldname := typ.Field(i).Name
 
@@ -52,6 +79,37 @@ func HandleUpdate(w http.ResponseWriter, r *http.Request) {
 		if field.IsValid() && !field.IsNil() && !field.IsZero() {
 			if fieldname == "Password" {
 				updateQuery.Set(fmt.Sprintf("%s = crypt(?, gen_salt('bf'))", strings.Split(tag, ",")[0]), field.Interface())
+			} else if fieldname == "Roles" {
+				_roles := field.Interface().(*[]models.Role)
+				if _roles == nil {
+					continue
+				}
+
+				currentRoles := utils.Map(user.Roles, func(role models.Role) uuid.UUID {
+					return role.ID
+				})
+
+				roles := utils.Map(*_roles, func(role models.Role) uuid.UUID {
+					return role.ID
+				})
+
+				log.Println(user.Roles)
+				toAdd, toRemove := utils.GetDiff(currentRoles, roles)
+				fmt.Println(toAdd, toRemove)
+
+				rolesInsert = utils.Map(toAdd, func(id uuid.UUID) *bun.InsertQuery {
+					userRole := models.UserToRole{
+						UserID: uid,
+						RoleID: id,
+					}
+					return core.DB.NewInsert().Model(&userRole).Ignore()
+				})
+
+				rolesRemoved = utils.Map(toRemove, func(id uuid.UUID) *bun.DeleteQuery {
+					return core.DB.NewDelete().Model((*models.UserToRole)(nil)).
+						Where("user_id = ? AND role_id = ?", uid, id)
+				})
+
 			} else {
 				updateQuery.Set(fmt.Sprintf("%s = ?", strings.Split(tag, ",")[0]), field.Interface())
 			}
@@ -61,11 +119,9 @@ func HandleUpdate(w http.ResponseWriter, r *http.Request) {
 	// Always update the `updated_at` field
 	updateQuery.Set("updated_at = ?", time.Now())
 
-	uuid := r.PathValue("user_uuid")
 	_, err = updateQuery.
-		Where("user_id = ?", uuid).
-		Returning("*").
-		Exec(context.Background())
+		Where("user_id = ?", user_uuid).
+		Exec(ctx)
 
 	if err != nil {
 		core.JSONError{
@@ -75,6 +131,28 @@ func HandleUpdate(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	for _, insert := range rolesInsert {
+		_, err = insert.Exec(ctx)
+		if err != nil {
+			core.JSONError{
+				Status:  core.Error,
+				Message: err.Error(),
+			}.Respond(w, http.StatusInternalServerError)
+			return
+		}
+	}
+
+	for _, remove := range rolesRemoved {
+		_, err = remove.Exec(ctx)
+		if err != nil {
+			core.JSONError{
+				Status:  core.Error,
+				Message: err.Error(),
+			}.Respond(w, http.StatusInternalServerError)
+			return
+		}
+	}
+
 	user.Password = ""
 
 	core.JSONSuccess{

backend/api/users/users.go

@@ -13,6 +13,7 @@ func HandleUsers(w http.ResponseWriter, r *http.Request) {
 	var users []models.User
 	count, err := core.DB.NewSelect().
 		Model(&users).
+		Order("created_at ASC").
 		Relation("Roles").
 		ScanAndCount(context.Background())
 

backend/utils/get_diff.go

@@ -0,0 +1,42 @@
+package utils
+
+import (
+	"log"
+)
+
+// GetDiff returns two slices: elements to add and elements to remove
+func GetDiff[T comparable](current, newm []T) ([]T, []T) {
+	log.Println(current, newm)
+	// Use a single map with an int to track state:
+	// 1: only in current, 2: only in new, 3: in both
+	presence := make(map[T]int)
+
+	// Mark all items in current as 1
+	for _, item := range current {
+		presence[item] = 1
+	}
+
+	// Update map based on newm: add 2 if not present, set to 3 if present
+	for _, item := range newm {
+		if val, exists := presence[item]; exists {
+			presence[item] = val + 2 // 1 -> 3 (both)
+		} else {
+			presence[item] = 2 // only in new
+		}
+	}
+
+	var toAdd, toRemove []T
+
+	// Iterate once over the map to build results
+	for item, state := range presence {
+		switch state {
+		case 1: // Only in current -> remove
+			toRemove = append(toRemove, item)
+		case 2: // Only in new -> add
+			toAdd = append(toAdd, item)
+			// case 3: in both, do nothing
+		}
+	}
+
+	return toAdd, toRemove
+}