akillibulut
/
porter
огледало од https://github.com/porter-dev/porter


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166
							package project

import (
	"errors"
	"fmt"
	"net/http"

	"github.com/porter-dev/porter/api/server/shared/apierrors"
	"github.com/porter-dev/porter/api/server/shared/requestutils"
	"gorm.io/gorm"

	"github.com/porter-dev/porter/api/server/handlers"
	"github.com/porter-dev/porter/api/server/shared"
	"github.com/porter-dev/porter/api/server/shared/config"
	"github.com/porter-dev/porter/api/types"
	"github.com/porter-dev/porter/internal/models"
)

type UpdateCollaboratorRolesHandler struct {
	handlers.PorterHandlerReadWriter
}

func NewUpdateCollaboratorRolesHandler(
	config *config.Config,
	decoderValidator shared.RequestDecoderValidator,
	writer shared.ResultWriter,
) *UpdateCollaboratorRolesHandler {
	return &UpdateCollaboratorRolesHandler{
		PorterHandlerReadWriter: handlers.NewDefaultPorterHandler(config, decoderValidator, writer),
	}
}

func (p *UpdateCollaboratorRolesHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	proj, _ := r.Context().Value(types.ProjectScope).(*models.Project)

	userID, reqErr := requestutils.GetURLParamUint(r, "user_id")

	if reqErr != nil {
		p.HandleAPIError(w, r, reqErr)
		return
	}

	request := &types.UpdateCollaboratorRoleRequest{}

	ok := p.DecodeAndValidate(w, r, request)

	if !ok {
		return
	}

	if len(request.RoleUIDs) == 0 {
		p.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(
			fmt.Errorf("roles cannot be empty"), http.StatusPreconditionFailed,
		))
		return
	}

	// check for valid user ID
	_, err := p.Repo().User().ReadUser(userID)

	if err != nil && errors.Is(err, gorm.ErrRecordNotFound) {
		p.HandleAPIError(w, r, apierrors.NewErrNotFound(fmt.Errorf("user not found")))
		return
	} else if err != nil {
		p.HandleAPIError(w, r, apierrors.NewErrInternal(err))
		return
	}

	rolesMap := make(map[string]*models.ProjectRole)

	// check for valid project roles
	for _, roleUID := range request.RoleUIDs {
		role, err := p.Repo().ProjectRole().ReadProjectRole(proj.ID, roleUID)

		if err != nil && errors.Is(err, gorm.ErrRecordNotFound) {
			p.HandleAPIError(w, r, apierrors.NewErrNotFound(fmt.Errorf("role not found in project: %s", roleUID)))
			return
		} else if err != nil {
			p.HandleAPIError(w, r, apierrors.NewErrInternal(err))
			return
		}

		rolesMap[roleUID] = role
	}

	userRoles, err := p.Repo().ProjectRole().ListAllRolesForUser(proj.ID, userID)

	if err != nil {
		p.HandleAPIError(w, r, apierrors.NewErrInternal(err))
		return
	}

	if len(userRoles) == 0 {
		p.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(
			fmt.Errorf("user is not a collaborator in this project"), http.StatusBadRequest,
		))
		return
	}

	userRolesMap := make(map[string]bool)

	for _, role := range userRoles {
		userRolesMap[role.UniqueID] = true
	}

	var rolesToAdd []string
	var rolesToRemove []string

	for _, uid := range userRoles {
		if _, ok := rolesMap[uid.UniqueID]; !ok {
			// user had this role, should be removed from
			rolesToRemove = append(rolesToRemove, uid.UniqueID)
		}
	}

	for _, uid := range request.RoleUIDs {
		if _, ok := userRolesMap[uid]; !ok {
			// user does not have this role, should be added to
			rolesToAdd = append(rolesToAdd, uid)
		}
	}

	for _, uid := range rolesToAdd {
		role, err := p.Repo().ProjectRole().ReadProjectRole(proj.ID, uid)

		if err != nil {
			p.HandleAPIError(w, r, apierrors.NewErrInternal(err))
			return
		}

		userIDs := role.GetUserIDs()
		userIDs = append(userIDs, userID)

		err = p.Repo().ProjectRole().UpdateUsersInProjectRole(proj.ID, uid, userIDs)

		if err != nil {
			p.HandleAPIError(w, r, apierrors.NewErrInternal(err))
			return
		}
	}

	for _, uid := range rolesToRemove {
		role, err := p.Repo().ProjectRole().ReadProjectRole(proj.ID, uid)

		if err != nil {
			p.HandleAPIError(w, r, apierrors.NewErrInternal(err))
			return
		}

		userIDs := role.GetUserIDs()
		var newUserIDs []uint

		for _, id := range userIDs {
			if id != userID {
				newUserIDs = append(newUserIDs, id)
			}
		}

		err = p.Repo().ProjectRole().UpdateUsersInProjectRole(proj.ID, uid, newUserIDs)

		if err != nil {
			p.HandleAPIError(w, r, apierrors.NewErrInternal(err))
			return
		}
	}
}