diff --git a/.gitignore b/.gitignore index befb523..fc64b09 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -/webroot +!/webroot /web_webroot cmd/warehost/warehost cmd/warehost-web/warehost-web diff --git a/modul/web/api.go b/modul/web/api.go index a3c9448..2021791 100644 --- a/modul/web/api.go +++ b/modul/web/api.go @@ -1,6 +1,7 @@ package web import ( + "encoding/json" "net/http" "github.com/astaxie/session" @@ -33,7 +34,9 @@ func NewAPI(config *libconfig.Config, sessions *session.Manager, dbconnection *g log: log.NewModulLog(MODULNAME), } router.GET(prefix+"/involve", libsystem.LoginHandler(api.Involve, sessions)) - router.POST(prefix+"/web", libsystem.LoginHandler(api.WebsiteAdd, sessions)) + router.POST(prefix+"/website", libsystem.LoginHandler(api.WebsiteAdd, sessions)) + router.PUT(prefix+"/website/:websiteid", InvolveWebsiteHandler(api.WebsiteEdit, sessions, dbconnection)) + router.DELETE(prefix+"/website/:websiteid", InvolveWebsiteHandler(api.WebsiteDelete, sessions, dbconnection)) } // Involve to get Website where loggend in user has privilegs @@ -51,6 +54,73 @@ func (api *API) Involve(w http.ResponseWriter, r *http.Request, _ httprouter.Par func (api *API) WebsiteAdd(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *libsystem.Login) (returndata interface{}, returnerr *libapi.ErrorResult) { returndata = false logger := api.log.GetLog(r, "websiteadd") - logger.Warn("not implemented") + tx := api.dbconnection.Begin() + var websiteRequest Website + err := json.NewDecoder(r.Body).Decode(&websiteRequest) + if err != nil { + tx.Rollback() + logger.Error("fetch request") + http.Error(w, err.Error(), http.StatusInternalServerError) + returnerr = &libapi.ErrorResult{Message: "Internal Request Error"} + return + } + website := &Website{Name: websiteRequest.Name} + if err := tx.Create(website).Error; err != nil { + tx.Rollback() + logger.Error("error during Website") + returnerr = &libapi.ErrorResult{Message: "Internal Database Error"} + return + } + + if err := tx.Create(&Manager{LoginID: login.ID, WebsiteID: website.ID}).Error; err != nil { + tx.Rollback() + logger.Error("error during Manager") + returnerr = &libapi.ErrorResult{Message: "Internal Database Error"} + return + } + + tx.Commit() + returndata = true + logger.Info("okay") + return +} + +// WebsiteEdit to edit website +func (api *API) WebsiteEdit(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *libsystem.Login, websiteid int64) (returndata interface{}, returnerr *libapi.ErrorResult) { + returndata = false + logger := api.log.GetLog(r, "websiteedit") + var websiteRequest Website + err := json.NewDecoder(r.Body).Decode(&websiteRequest) + if err != nil { + logger.Error("fetch request") + http.Error(w, err.Error(), http.StatusInternalServerError) + returnerr = &libapi.ErrorResult{Message: "Internal Request Error"} + return + } + websiteRequest.ID = websiteid + if err := api.dbconnection.Save(websiteRequest).Error; err != nil { + logger.Error("Database: during edit Website") + returnerr = &libapi.ErrorResult{Message: "Internal Database Error"} + return + } + returndata = true + logger.Warn("okay") + return +} + +// WebsiteDelete to delete website +func (api *API) WebsiteDelete(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *libsystem.Login, websiteid int64) (returndata interface{}, returnerr *libapi.ErrorResult) { + returndata = false + logger := api.log.GetLog(r, "websitedelete") + website := &Website{ + ID: websiteid, + } + if err := api.dbconnection.Unscoped().Delete(website).Error; err != nil { + logger.Error("database: during delete website") + returnerr = &libapi.ErrorResult{Message: "Internal Database Error"} + return + } + returndata = true + logger.Warn("okay") return } diff --git a/modul/web/lib.go b/modul/web/lib.go index efb3895..b489a05 100644 --- a/modul/web/lib.go +++ b/modul/web/lib.go @@ -1 +1,50 @@ package web + +import ( + "net/http" + "strconv" + + "github.com/astaxie/session" + "github.com/jinzhu/gorm" + "github.com/julienschmidt/httprouter" + + libapi "dev.sum7.de/sum7/warehost/lib/api" + log "dev.sum7.de/sum7/warehost/lib/log" + libsystem "dev.sum7.de/sum7/warehost/system" +) + +// Handle to handle request with session and current logged in user +type Handle func(w http.ResponseWriter, r *http.Request, ps httprouter.Params, sess session.Session, login *libsystem.Login, id int64) (interface{}, *libapi.ErrorResult) + +//InvolveWebsiteHandler for api function to Verifie User ist loggedin +func InvolveWebsiteHandler(h Handle, sessions *session.Manager, dbconnection *gorm.DB) httprouter.Handle { + return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { + sess := sessions.SessionStart(w, r) + err := &libapi.ErrorResult{Fields: []string{"session"}, Message: "Not logged in"} + var data interface{} + data = false + + if login := sess.Get("login"); login != nil { + if loginObj := login.(libsystem.Login); loginObj.Active { + id, errI := strconv.ParseInt(ps.ByName("websiteid"), 10, 64) + if errI != nil { + err = &libapi.ErrorResult{Fields: []string{"websiteid"}, Message: "Not a valid websiteid"} + log.Log.Warn("invalid websiteid, no integer") + } else { + res := dbconnection.Where(map[string]int64{"website": id, "login": loginObj.ID}).Find(&Manager{}) + if !res.RecordNotFound() { + data, err = h(w, r, ps, sess, &loginObj, id) + } else { + err = &libapi.ErrorResult{Fields: []string{"permission"}, Message: "No permission"} + log.Log.Info("no Permissions") + } + } + } else { + log.Log.Warn("user not active") + } + } else { + log.Log.Warn("not loggedin") + } + libapi.JSONOutput(w, r, sess, data, err) + } +} diff --git a/system/api.go b/system/api.go index 6271525..68dbd57 100644 --- a/system/api.go +++ b/system/api.go @@ -158,13 +158,13 @@ func (api *API) Password(w http.ResponseWriter, r *http.Request, _ httprouter.Pa func (api *API) Delete(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) { returndata = false logger := api.log.GetLog(r, "delete") - logger.Warn("login delete") sess.Delete("login") if err := api.dbconnection.Unscoped().Delete(login).Error; err != nil { logger.Warn("error detete login") returnerr = &libapi.ErrorResult{Message: "Error delete login"} return } + logger.Warn("login delete") returndata = true return } @@ -217,8 +217,7 @@ func (api *API) InviteAdd(w http.ResponseWriter, r *http.Request, _ httprouter.P func (api *API) LoginEdit(w http.ResponseWriter, r *http.Request, ps httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) { returndata = false logger := api.log.GetLog(r, "loginedit") - tmpID64, err := strconv.ParseUint(ps.ByName("id"), 10, 32) - id := uint(tmpID64) + id, err := strconv.ParseInt(ps.ByName("id"), 10, 64) if err != nil { returnerr = &libapi.ErrorResult{Message: "Error invalid input"} logger.Warn("invalid userinput, no integer") @@ -236,7 +235,7 @@ func (api *API) LoginEdit(w http.ResponseWriter, r *http.Request, ps httprouter. } api.dbconnection.Where("id = ?", invitedLogin.ID).First(&invitedLogin) - invite := login.GetInvitedby(api.dbconnection) + invite := invitedLogin.GetInvitedby(api.dbconnection) if !login.Superadmin && !invite.Admin && invitedLogin.CreateAt.Before(invitedLogin.LastLoginAt) { logger.Warn("no permission") returnerr = &libapi.ErrorResult{Message: "Error no permission to edit this invite"} @@ -262,8 +261,7 @@ func (api *API) LoginEdit(w http.ResponseWriter, r *http.Request, ps httprouter. func (api *API) LoginDelete(w http.ResponseWriter, r *http.Request, ps httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) { returndata = false logger := api.log.GetLog(r, "logindelete") - tmpID64, err := strconv.ParseUint(ps.ByName("id"), 10, 32) - id := uint(tmpID64) + id, err := strconv.ParseInt(ps.ByName("id"), 10, 64) if err != nil { returnerr = &libapi.ErrorResult{Message: "Error invalid input"} logger.Warn("invalid userinput, no integer") @@ -272,7 +270,7 @@ func (api *API) LoginDelete(w http.ResponseWriter, r *http.Request, ps httproute logger = logger.WithField("id", id) var invitedLogin = Login{ID: id} api.dbconnection.Where("id = ?", invitedLogin.ID).First(&invitedLogin) - invite := login.GetInvitedby(api.dbconnection) + invite := invitedLogin.GetInvitedby(api.dbconnection) if !login.Superadmin && !invite.Admin && invitedLogin.CreateAt.Before(invitedLogin.LastLoginAt) { logger.Warn("no permission") returnerr = &libapi.ErrorResult{Message: "Error no permission to delete this invite"} diff --git a/system/lib.go b/system/lib.go index 71a8f26..cc1a547 100644 --- a/system/lib.go +++ b/system/lib.go @@ -7,6 +7,7 @@ import ( "github.com/julienschmidt/httprouter" libapi "dev.sum7.de/sum7/warehost/lib/api" + log "dev.sum7.de/sum7/warehost/lib/log" ) // Handle to handle request with session and current logged in user @@ -23,7 +24,11 @@ func LoginHandler(h Handle, sessions *session.Manager) httprouter.Handle { if login := sess.Get("login"); login != nil { if loginObj := login.(Login); loginObj.Active { data, err = h(w, r, ps, sess, &loginObj) + } else { + log.Log.Warn("user not active") } + } else { + log.Log.Warn("not loggedin") } libapi.JSONOutput(w, r, sess, data, err) } diff --git a/system/models.go b/system/models.go index f787877..15e8c61 100644 --- a/system/models.go +++ b/system/models.go @@ -34,7 +34,7 @@ type ChangePasswordRequest struct { // Login found type Login struct { - ID uint + ID int64 Username string `gorm:"type:varchar(255);unique;column:mail" json:"username"` Password string `gorm:"type:varchar(255);column:password" json:"-"` Active bool `gorm:"default:false;column:active" json:"active"` @@ -47,9 +47,9 @@ type Login struct { // Invite struct type Invite struct { - LoginID uint `sql:"type:bigint REFERENCES login(id) ON UPDATE CASCADE ON DELETE CASCADE;column:login;primary_key"` + LoginID int64 `sql:"type:bigint REFERENCES login(id) ON UPDATE CASCADE ON DELETE CASCADE;column:login;primary_key"` Login Login `gorm:"column:login" json:"login"` - InvitedID uint `sql:"type:bigint REFERENCES login(id) ON UPDATE CASCADE ON DELETE CASCADE;column:invited;primary_key"` + InvitedID int64 `sql:"type:bigint REFERENCES login(id) ON UPDATE CASCADE ON DELETE CASCADE;column:invited;primary_key"` Invited Login `gorm:"column:invited" json:"invited"` Admin bool `sql:"default:false" json:"admin"` } diff --git a/webroot b/webroot index 908f09a..c9fd753 160000 --- a/webroot +++ b/webroot @@ -1 +1 @@ -Subproject commit 908f09a014e1ad086771b11b0931929e844ffe25 +Subproject commit c9fd753cfa6904337406706a94dbc5f4af43d4bb