add for_user query param for admins

SENERGY-Platform · Jan 26, 2024 · 894ae39 · 894ae39
1 parent e10b69f
commit 894ae39
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 26 deletions.
diff --git a/lib/api/api.go b/lib/api/api.go
@@ -17,13 +17,17 @@
 package api
 
 import (
-	"github.com/SENERGY-Platform/import-deploy/lib/api/util"
-	"github.com/SENERGY-Platform/import-deploy/lib/config"
-	"github.com/julienschmidt/httprouter"
+	"errors"
 	"log"
 	"net/http"
 	"reflect"
 	"runtime"
+	"slices"
+	"strings"
+
+	"github.com/SENERGY-Platform/import-deploy/lib/api/util"
+	"github.com/SENERGY-Platform/import-deploy/lib/config"
+	"github.com/julienschmidt/httprouter"
 )
 
 var endpoints = []func(config config.Config, control Controller, router *httprouter.Router){}
@@ -46,3 +50,15 @@ func Start(config config.Config, control Controller) (err error) {
 	go func() { log.Println(http.ListenAndServe(":"+config.ServerPort, logger)) }()
 	return nil
 }
+
+func getUserId(request *http.Request) (string, error) {
+	forUser := request.URL.Query().Get("for_user")
+	if forUser != "" {
+		roles := strings.Split(request.Header.Get("X-User-Roles"), ", ")
+		if !slices.Contains[[]string](roles, "admin") {
+			return "", errors.New("forbidden")
+		}
+		return forUser, nil
+	}
+	return request.Header.Get("X-UserId"), nil
+}
diff --git a/lib/api/instances.go b/lib/api/instances.go
@@ -36,7 +36,7 @@ func InstancesEndpoints(_ config.Config, control Controller, router *httprouter.
 	resource := "/instances"
 
 	router.GET(resource, func(writer http.ResponseWriter, request *http.Request, params httprouter.Params) {
-		token, err := auth.GetParsedToken(request)
+		userId, err := getUserId(request)
 		if err != nil {
 			http.Error(writer, err.Error(), http.StatusBadRequest)
 			return
@@ -69,7 +69,7 @@ func InstancesEndpoints(_ config.Config, control Controller, router *httprouter.
 		search := request.URL.Query().Get("search")
 
 		includeGenerated := strings.ToLower(request.URL.Query().Get("exclude_generated")) != "true"
-		results, err, errCode := control.ListInstances(token, limitInt, offsetInt, orderBy, asc, search, includeGenerated)
+		results, err, errCode := control.ListInstances(userId, limitInt, offsetInt, orderBy, asc, search, includeGenerated)
 		if err != nil {
 			http.Error(writer, err.Error(), errCode)
 			return
@@ -83,7 +83,7 @@ func InstancesEndpoints(_ config.Config, control Controller, router *httprouter.
 	})
 
 	router.GET("/total"+resource, func(writer http.ResponseWriter, request *http.Request, params httprouter.Params) {
-		token, err := auth.GetParsedToken(request)
+		userId, err := getUserId(request)
 		if err != nil {
 			http.Error(writer, err.Error(), http.StatusBadRequest)
 			return
@@ -92,7 +92,7 @@ func InstancesEndpoints(_ config.Config, control Controller, router *httprouter.
 		search := request.URL.Query().Get("search")
 		includeGenerated := strings.ToLower(request.URL.Query().Get("exclude_generated")) != "true"
 
-		count, err, errCode := control.CountInstances(token, search, includeGenerated)
+		count, err, errCode := control.CountInstances(userId, search, includeGenerated)
 		if err != nil {
 			http.Error(writer, err.Error(), errCode)
 			return
@@ -102,13 +102,13 @@ func InstancesEndpoints(_ config.Config, control Controller, router *httprouter.
 	})
 
 	router.GET(resource+"/:id", func(writer http.ResponseWriter, request *http.Request, params httprouter.Params) {
-		token, err := auth.GetParsedToken(request)
+		userId, err := getUserId(request)
 		if err != nil {
 			http.Error(writer, err.Error(), http.StatusBadRequest)
 			return
 		}
 		id := params.ByName("id")
-		result, err, errCode := control.ReadInstance(id, token)
+		result, err, errCode := control.ReadInstance(id, userId)
 		if err != nil {
 			http.Error(writer, err.Error(), errCode)
 			return
@@ -122,13 +122,13 @@ func InstancesEndpoints(_ config.Config, control Controller, router *httprouter.
 	})
 
 	router.DELETE(resource+"/:id", func(writer http.ResponseWriter, request *http.Request, params httprouter.Params) {
-		token, err := auth.GetParsedToken(request)
+		userId, err := getUserId(request)
 		if err != nil {
 			http.Error(writer, err.Error(), http.StatusBadRequest)
 			return
 		}
 		id := params.ByName("id")
-		err, errCode := control.DeleteInstance(id, token)
+		err, errCode := control.DeleteInstance(id, userId)
 		if err != nil {
 			http.Error(writer, err.Error(), errCode)
 			return

diff --git a/lib/api/interfaces.go b/lib/api/interfaces.go
@@ -22,10 +22,10 @@ import (
 )
 
 type Controller interface {
-	ListInstances(jwt auth.Token, limit int64, offset int64, sort string, asc bool, search string, includeGenerated bool) (results []model.Instance, err error, errCode int)
-	ReadInstance(id string, jwt auth.Token) (result model.Instance, err error, errCode int)
+	ListInstances(userId string, limit int64, offset int64, sort string, asc bool, search string, includeGenerated bool) (results []model.Instance, err error, errCode int)
+	ReadInstance(id string, userId string) (result model.Instance, err error, errCode int)
 	CreateInstance(instance model.Instance, jwt auth.Token) (result model.Instance, err error, code int)
 	SetInstance(importType model.Instance, jwt auth.Token) (err error, code int)
-	DeleteInstance(id string, jwt auth.Token) (err error, errCode int)
-	CountInstances(jwt auth.Token, search string, includeGenerated bool) (count int64, err error, errCode int)
+	DeleteInstance(id string, userId string) (err error, errCode int)
+	CountInstances(userId string, search string, includeGenerated bool) (count int64, err error, errCode int)
 }
diff --git a/lib/client/client.go b/lib/client/client.go
@@ -19,12 +19,21 @@ package client
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/SENERGY-Platform/import-deploy/lib/api"
 	"io"
 	"net/http"
+
+	"github.com/SENERGY-Platform/import-deploy/lib/auth"
+	"github.com/SENERGY-Platform/import-deploy/lib/model"
 )
 
-type Interface = api.Controller
+type Interface interface {
+	ListInstances(jwt auth.Token, limit int64, offset int64, sort string, asc bool, search string, includeGenerated bool) (results []model.Instance, err error, errCode int)
+	ReadInstance(id string, jwt auth.Token) (result model.Instance, err error, errCode int)
+	CreateInstance(instance model.Instance, jwt auth.Token) (result model.Instance, err error, code int)
+	SetInstance(importType model.Instance, jwt auth.Token) (err error, code int)
+	DeleteInstance(id string, jwt auth.Token) (err error, errCode int)
+	CountInstances(jwt auth.Token, search string, includeGenerated bool) (count int64, err error, errCode int)
+}
 
 type Client struct {
 	baseUrl string

diff --git a/lib/controller/instances.go b/lib/controller/instances.go
@@ -33,27 +33,27 @@ import (
 const idPrefix = "urn:infai:ses:import:"
 const containerNamePrefix = "import-"
 
-func (this *Controller) ListInstances(jwt auth.Token, limit int64, offset int64, sort string, asc bool, search string, includeGenerated bool) (results []model.Instance, err error, errCode int) {
+func (this *Controller) ListInstances(userId string, limit int64, offset int64, sort string, asc bool, search string, includeGenerated bool) (results []model.Instance, err error, errCode int) {
 	ctx, _ := util.GetTimeoutContext()
-	results, err = this.db.ListInstances(ctx, limit, offset, sort, jwt.GetUserId(), asc, search, includeGenerated)
+	results, err = this.db.ListInstances(ctx, limit, offset, sort, userId, asc, search, includeGenerated)
 	if err != nil {
 		return results, err, http.StatusInternalServerError
 	}
 	return results, nil, http.StatusOK
 }
 
-func (this *Controller) CountInstances(jwt auth.Token, search string, includeGenerated bool) (count int64, err error, errCode int) {
+func (this *Controller) CountInstances(userId string, search string, includeGenerated bool) (count int64, err error, errCode int) {
 	ctx, _ := util.GetTimeoutContext()
-	count, err = this.db.CountInstances(ctx, jwt.GetUserId(), search, includeGenerated)
+	count, err = this.db.CountInstances(ctx, userId, search, includeGenerated)
 	if err != nil {
 		return count, err, http.StatusInternalServerError
 	}
 	return count, nil, http.StatusOK
 }
 
-func (this *Controller) ReadInstance(id string, jwt auth.Token) (result model.Instance, err error, errCode int) {
+func (this *Controller) ReadInstance(id string, userId string) (result model.Instance, err error, errCode int) {
 	ctx, _ := util.GetTimeoutContext()
-	result, exists, err := this.db.GetInstance(ctx, id, jwt.GetUserId())
+	result, exists, err := this.db.GetInstance(ctx, id, userId)
 	if !exists {
 		return result, err, http.StatusNotFound
 	}
@@ -169,9 +169,9 @@ func (this *Controller) SetInstance(instance model.Instance, jwt auth.Token) (er
 	return nil, http.StatusOK
 }
 
-func (this *Controller) DeleteInstance(id string, jwt auth.Token) (err error, errCode int) {
+func (this *Controller) DeleteInstance(id string, userId string) (err error, errCode int) {
 	ctx, _ := util.GetTimeoutContext()
-	instance, exists, err := this.db.GetInstance(ctx, id, jwt.GetUserId())
+	instance, exists, err := this.db.GetInstance(ctx, id, userId)
 	if !exists {
 		return errors.New("not found"), http.StatusNotFound
 	}
@@ -188,7 +188,7 @@ func (this *Controller) DeleteInstance(id string, jwt auth.Token) (err error, er
 		return err, http.StatusInternalServerError
 	}
 
-	err = this.db.RemoveInstance(ctx, id, jwt.GetUserId())
+	err = this.db.RemoveInstance(ctx, id, userId)
 	if err != nil {
 		return err, http.StatusInternalServerError
 	}