gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2024-09-20 07:16:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

update create user handler with new role mgmt

Browse source
This commit is contained in:
abhishek9686 2024-07-04 11:00:53 +05:30
parent b75c0e89ee
commit adec4c491a
2 changed files with 23 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
controllers/user.go
View file

@ -652,7 +652,12 @@ func createUser(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
caller, err := logic.GetUser(r.Header.Get("user"))
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
callerUserRole, err := logic.GetRole(caller.PlatformRoleID)
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
var user models.User
@ -677,23 +682,34 @@ func createUser(w http.ResponseWriter, r *http.Request) {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
if !caller.IsSuperAdmin && user.IsAdmin {
err = errors.New("only superadmin can create admin users")
userRole, err := logic.GetRole(user.PlatformRoleID)
if err != nil {
err = errors.New("error fetching role " + user.PlatformRoleID.String() + " " + err.Error())
slog.Error("error creating new user: ", "user", user.UserName, "error", err)
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
if user.IsSuperAdmin {
if userRole.ID == models.SuperAdminRole {
err = errors.New("additional superadmins cannot be created")
slog.Error("error creating new user: ", "user", user.UserName, "error", err)
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
return
}
if callerUserRole.ID != models.SuperAdminRole && user.IsAdmin {
err = errors.New("only superadmin can create admin users")
slog.Error("error creating new user: ", "user", user.UserName, "error", err)
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
return
}
if !servercfg.IsPro && !user.IsAdmin {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("non-admins users can only be created on Pro version"), "forbidden"))
return
}
if userRole.ID == models.AdminRole {
user.IsAdmin = true
}
err = logic.CreateUser(&user)
if err != nil {
slog.Error("error creating new user: ", "user", user.UserName, "error", err.Error())

1
logic/auth.go
View file

@ -146,6 +146,7 @@ func CreateSuperAdmin(u *models.User) error {
if hassuperadmin {
return errors.New("superadmin user already exists")
}
u.PlatformRoleID = models.SuperAdminRole
u.IsSuperAdmin = true
u.IsAdmin = false
return CreateUser(u)