Fixed creation of users + better frontend handling of permissions

2025-03-06 17:34:52 +01:00
parent 3c6038bce1
commit 7cb633b4c6
46 changed files with 1511 additions and 909 deletions
--- a/backend/api/shortcodes/shortcodes.go
+++ b/backend/api/shortcodes/shortcodes.go
@@ -2,15 +2,21 @@ package shortcodes

 import (
 	"context"
+	"fmt"
 	"net/http"
+	"os"

 	"fr.latosa-escrima/core"
 	"fr.latosa-escrima/core/models"
+	"fr.latosa-escrima/utils"
 )

 func HandleShortcodes(w http.ResponseWriter, r *http.Request) {
 	var shortcodes []models.Shortcode
-	err := core.DB.NewSelect().Model(&shortcodes).Scan(context.Background())
+	err := core.DB.NewSelect().
+		Model(&shortcodes).
+		Relation("Media").
+		Scan(context.Background())
 	if err != nil {
 		core.JSONError{
 			Status:  core.Error,
@@ -19,6 +25,26 @@ func HandleShortcodes(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	scheme := "http"
+	if r.TLS != nil || os.Getenv("ENVIRONMENT") != "DEV" { // Check if the request is over HTTPS
+		scheme = "https"
+	}
+
+	// Extract the host
+	host := r.Host
+	baseURL := fmt.Sprintf("%s://%s", scheme, host)
+	if os.Getenv("ENVIRONMENT") != "DEV" {
+		baseURL += "/api"
+	}
+	shortcodes = utils.Map(shortcodes, func(s models.Shortcode) models.Shortcode {
+		if s.MediaID == nil {
+			return s
+		}
+		s.Media.Author = nil
+		s.Media.URL = fmt.Sprintf("%s/media/%s/file", baseURL, s.MediaID)
+		return s
+	})
+
 	core.JSONSuccess{
 		Status:  core.Success,
 		Message: "Shortcodes retrieved.",
--- a/backend/api/users/new.go
+++ b/backend/api/users/new.go
@@ -8,9 +8,11 @@ import (

 	core "fr.latosa-escrima/core"
 	"fr.latosa-escrima/core/models"
+	"fr.latosa-escrima/utils"
 )

 func HandleNew(w http.ResponseWriter, r *http.Request) {
+	ctx := context.Background()
 	var user models.User
 	err := json.NewDecoder(r.Body).Decode(&user)
 	if err != nil {
@@ -22,15 +24,8 @@ func HandleNew(w http.ResponseWriter, r *http.Request) {
 	}
 	log.Println("User : ", user)

-	res, err := user.Insert(core.DB, context.Background())
+	res, err := user.Insert(core.DB, ctx)
 	log.Println(res)
-	// if res == nil {
-	// 	core.JSONError{
-	// 		Status:  core.Error,
-	// 		Message: "The user couldn't be inserted.",
-	// 	}.Respond(w, http.StatusNotAcceptable)
-	// 	return
-	// }

 	if err != nil {
 		core.JSONError{
@@ -40,6 +35,24 @@ func HandleNew(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	userRoles := utils.Map(user.Roles, func(role models.Role) models.UserToRole {
+		return models.UserToRole{
+			UserID: user.UserID,
+			RoleID: role.ID,
+		}
+	})
+
+	for _, userRole := range userRoles {
+		_, err := core.DB.NewInsert().Model(&userRole).Ignore().Exec(ctx)
+		if err != nil {
+			core.JSONError{
+				Status:  core.Error,
+				Message: err.Error(),
+			}.Respond(w, http.StatusInternalServerError)
+			return
+		}
+	}
+
 	core.JSONSuccess{
 		Status:  core.Success,
 		Message: "User inserted successfully.",
--- a/backend/api/users/update.go
+++ b/backend/api/users/update.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"log"
 	"net/http"
 	"reflect"
 	"strings"
@@ -11,6 +12,9 @@ import (

 	"fr.latosa-escrima/core"
 	"fr.latosa-escrima/core/models"
+	"fr.latosa-escrima/utils"
+	"github.com/google/uuid"
+	"github.com/uptrace/bun"
 )

 type UpdateUserArgs struct {
@@ -20,9 +24,11 @@ type UpdateUserArgs struct {
 	Password   *string                `json:"password,omitempty"`
 	Phone      *string                `json:"phone,omitempty"`
 	Attributes *models.UserAttributes `json:"attributes"`
+	Roles      *[]models.Role         `json:"roles"`
 }

 func HandleUpdate(w http.ResponseWriter, r *http.Request) {
+	ctx := context.Background()
 	var updateArgs UpdateUserArgs
 	err := json.NewDecoder(r.Body).Decode(&updateArgs)
 	if err != nil {
@@ -33,13 +39,34 @@ func HandleUpdate(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	user_uuid := r.PathValue("user_uuid")
+	uid, err := uuid.Parse(user_uuid)
+	if err != nil {
+		return
+	}
 	var user models.User
+	err = core.DB.
+		NewSelect().
+		Model(&user).
+		Where("user_id = ?", user_uuid).
+		Relation("Roles").
+		Scan(ctx)
+	if err != nil {
+		core.JSONError{
+			Status:  core.Error,
+			Message: err.Error(),
+		}.Respond(w, http.StatusInternalServerError)
+		return
+	}
 	updateQuery := core.DB.NewUpdate().Model(&user)

+	rolesInsert := []*bun.InsertQuery{}
+	rolesRemoved := []*bun.DeleteQuery{}
+
 	val := reflect.ValueOf(updateArgs)
 	typ := reflect.TypeOf(updateArgs)

-	for i := 0; i < val.NumField(); i++ {
+	for i := range val.NumField() {
 		field := val.Field(i)
 		fieldname := typ.Field(i).Name

@@ -52,6 +79,37 @@ func HandleUpdate(w http.ResponseWriter, r *http.Request) {
 		if field.IsValid() && !field.IsNil() && !field.IsZero() {
 			if fieldname == "Password" {
 				updateQuery.Set(fmt.Sprintf("%s = crypt(?, gen_salt('bf'))", strings.Split(tag, ",")[0]), field.Interface())
+			} else if fieldname == "Roles" {
+				_roles := field.Interface().(*[]models.Role)
+				if _roles == nil {
+					continue
+				}
+
+				currentRoles := utils.Map(user.Roles, func(role models.Role) uuid.UUID {
+					return role.ID
+				})
+
+				roles := utils.Map(*_roles, func(role models.Role) uuid.UUID {
+					return role.ID
+				})
+
+				log.Println(user.Roles)
+				toAdd, toRemove := utils.GetDiff(currentRoles, roles)
+				fmt.Println(toAdd, toRemove)
+
+				rolesInsert = utils.Map(toAdd, func(id uuid.UUID) *bun.InsertQuery {
+					userRole := models.UserToRole{
+						UserID: uid,
+						RoleID: id,
+					}
+					return core.DB.NewInsert().Model(&userRole).Ignore()
+				})
+
+				rolesRemoved = utils.Map(toRemove, func(id uuid.UUID) *bun.DeleteQuery {
+					return core.DB.NewDelete().Model((*models.UserToRole)(nil)).
+						Where("user_id = ? AND role_id = ?", uid, id)
+				})
+
 			} else {
 				updateQuery.Set(fmt.Sprintf("%s = ?", strings.Split(tag, ",")[0]), field.Interface())
 			}
@@ -61,11 +119,9 @@ func HandleUpdate(w http.ResponseWriter, r *http.Request) {
 	// Always update the `updated_at` field
 	updateQuery.Set("updated_at = ?", time.Now())

-	uuid := r.PathValue("user_uuid")
 	_, err = updateQuery.
-		Where("user_id = ?", uuid).
-		Returning("*").
-		Exec(context.Background())
+		Where("user_id = ?", user_uuid).
+		Exec(ctx)

 	if err != nil {
 		core.JSONError{
@@ -75,6 +131,28 @@ func HandleUpdate(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	for _, insert := range rolesInsert {
+		_, err = insert.Exec(ctx)
+		if err != nil {
+			core.JSONError{
+				Status:  core.Error,
+				Message: err.Error(),
+			}.Respond(w, http.StatusInternalServerError)
+			return
+		}
+	}
+
+	for _, remove := range rolesRemoved {
+		_, err = remove.Exec(ctx)
+		if err != nil {
+			core.JSONError{
+				Status:  core.Error,
+				Message: err.Error(),
+			}.Respond(w, http.StatusInternalServerError)
+			return
+		}
+	}
+
 	user.Password = ""

 	core.JSONSuccess{
--- a/backend/api/users/users.go
+++ b/backend/api/users/users.go
@@ -13,6 +13,7 @@ func HandleUsers(w http.ResponseWriter, r *http.Request) {
 	var users []models.User
 	count, err := core.DB.NewSelect().
 		Model(&users).
+		Order("created_at ASC").
 		Relation("Roles").
 		ScanAndCount(context.Background())