Files
Курнат Андрей 2315f25754 Initial QSfera import
2026-06-07 10:20:04 +03:00

167 lines
5.8 KiB
Go

package svc
import (
"fmt"
"net/http"
"github.com/go-chi/chi/v5"
"github.com/go-chi/render"
settingsmsg "github.com/qsfera/server/protogen/gen/qsfera/messages/settings/v0"
settingssvc "github.com/qsfera/server/protogen/gen/qsfera/services/settings/v0"
"github.com/qsfera/server/services/graph/pkg/errorcode"
revactx "github.com/opencloud-eu/reva/v2/pkg/ctx"
"github.com/opencloud-eu/reva/v2/pkg/events"
"github.com/opencloud-eu/reva/v2/pkg/utils"
libregraph "github.com/opencloud-eu/libre-graph-api-go"
merrors "go-micro.dev/v4/errors"
)
const principalTypeUser = "User"
// ListAppRoleAssignments implements the Service interface.
func (g Graph) ListAppRoleAssignments(w http.ResponseWriter, r *http.Request) {
logger := g.logger.SubloggerWithRequestID(r.Context())
logger.Info().Interface("query", r.URL.Query()).Msg("calling list appRoleAssignments")
userID := chi.URLParam(r, "userID")
lrar, err := g.roleService.ListRoleAssignments(r.Context(), &settingssvc.ListRoleAssignmentsRequest{
AccountUuid: userID,
})
if err != nil {
// TODO check the error type and return proper error code
errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, err.Error())
return
}
values := make([]libregraph.AppRoleAssignment, 0, len(lrar.GetAssignments()))
for _, assignment := range lrar.GetAssignments() {
values = append(values, g.assignmentToAppRoleAssignment(assignment))
}
render.Status(r, http.StatusOK)
render.JSON(w, r, &ListResponse{Value: values})
}
// CreateAppRoleAssignment implements the Service interface.
func (g Graph) CreateAppRoleAssignment(w http.ResponseWriter, r *http.Request) {
logger := g.logger.SubloggerWithRequestID(r.Context())
logger.Info().Interface("query", r.URL.Query()).Msg("calling create appRoleAssignment")
appRoleAssignment := libregraph.NewAppRoleAssignmentWithDefaults()
err := StrictJSONUnmarshal(r.Body, appRoleAssignment)
if err != nil {
errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, fmt.Sprintf("invalid request body: %v", err.Error()))
return
}
userID := chi.URLParam(r, "userID")
// We can ignore the error, in the worst case the old role will be empty
oldRoles, _ := g.roleService.ListRoleAssignments(r.Context(), &settingssvc.ListRoleAssignmentsRequest{
AccountUuid: userID,
})
if appRoleAssignment.GetPrincipalId() != userID {
errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, fmt.Sprintf("user id %s does not match principal id %v", userID, appRoleAssignment.GetPrincipalId()))
return
}
if appRoleAssignment.GetResourceId() != g.config.Application.ID {
errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, fmt.Sprintf("resource id %s does not match expected application id %v", userID, g.config.Application.ID))
return
}
artur, err := g.roleService.AssignRoleToUser(r.Context(), &settingssvc.AssignRoleToUserRequest{
AccountUuid: userID,
RoleId: appRoleAssignment.AppRoleId,
})
if err != nil {
if merr, ok := merrors.As(err); ok && merr.Code == http.StatusForbidden {
errorcode.NotAllowed.Render(w, r, http.StatusForbidden, err.Error())
return
}
errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, err.Error())
return
}
var role string
roles := oldRoles.GetAssignments()
if len(roles) > 0 {
role = roles[0].GetRoleId()
}
e := events.UserFeatureChanged{
UserID: userID,
Features: []events.UserFeature{
{
Name: "roleChanged",
Value: appRoleAssignment.AppRoleId,
OldValue: &role,
},
},
Timestamp: utils.TSNow(),
}
if currentUser, ok := revactx.ContextGetUser(r.Context()); ok {
e.Executant = currentUser.GetId()
}
g.publishEvent(r.Context(), e)
render.Status(r, http.StatusCreated)
render.JSON(w, r, g.assignmentToAppRoleAssignment(artur.GetAssignment()))
}
// DeleteAppRoleAssignment implements the Service interface.
func (g Graph) DeleteAppRoleAssignment(w http.ResponseWriter, r *http.Request) {
logger := g.logger.SubloggerWithRequestID(r.Context())
logger.Info().Interface("body", r.Body).Msg("calling delete appRoleAssignment")
userID := chi.URLParam(r, "userID")
// check assignment belongs to the user
lrar, err := g.roleService.ListRoleAssignments(r.Context(), &settingssvc.ListRoleAssignmentsRequest{
AccountUuid: userID,
})
if err != nil {
errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, err.Error())
return
}
appRoleAssignmentID := chi.URLParam(r, "appRoleAssignmentID")
assignmentFound := false
for _, roleAssignment := range lrar.GetAssignments() {
if roleAssignment.Id == appRoleAssignmentID {
assignmentFound = true
}
}
if !assignmentFound {
errorcode.ItemNotFound.Render(w, r, http.StatusNotFound, fmt.Sprintf("appRoleAssignment %v not found for user %v", appRoleAssignmentID, userID))
return
}
_, err = g.roleService.RemoveRoleFromUser(r.Context(), &settingssvc.RemoveRoleFromUserRequest{
Id: appRoleAssignmentID,
})
if err != nil {
if merr, ok := merrors.As(err); ok && merr.Code == http.StatusForbidden {
errorcode.NotAllowed.Render(w, r, http.StatusForbidden, err.Error())
return
}
errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, err.Error())
return
}
render.NoContent(w, r)
}
func (g Graph) assignmentToAppRoleAssignment(assignment *settingsmsg.UserRoleAssignment) libregraph.AppRoleAssignment {
appRoleAssignment := libregraph.NewAppRoleAssignmentWithDefaults()
appRoleAssignment.SetId(assignment.Id)
appRoleAssignment.SetAppRoleId(assignment.RoleId)
appRoleAssignment.SetPrincipalType(principalTypeUser) // currently always assigned to the user
appRoleAssignment.SetResourceId(g.config.Application.ID)
appRoleAssignment.SetResourceDisplayName(g.config.Application.DisplayName)
appRoleAssignment.SetPrincipalId(assignment.AccountUuid)
// appRoleAssignment.SetPrincipalDisplayName() // TODO fetch and cache
return *appRoleAssignment
}