From eed4a7fa18debd8ab63a9669750c629066c5af4b Mon Sep 17 00:00:00 2001
From: abhishek9686 <abhi281342@gmail.com>
Date: Wed, 31 Jul 2024 12:33:46 +0530
Subject: [PATCH] remove platform role from group object

---
 controllers/user.go      |  4 ++++
 models/user_mgmt.go      | 15 ++++++++-------
 pro/auth/azure-ad.go     |  5 +++--
 pro/auth/github.go       |  4 ++--
 pro/auth/google.go       |  4 ++--
 pro/auth/oidc.go         |  4 ++--
 pro/controllers/users.go | 17 +++++------------
 pro/logic/user_mgmt.go   | 29 ++++-------------------------
 8 files changed, 30 insertions(+), 52 deletions(-)

diff --git a/controllers/user.go b/controllers/user.go
index d0cf02c3..8b7b892a 100644
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -397,6 +397,10 @@ func createUser(w http.ResponseWriter, r *http.Request) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
 		return
 	}
+	if user.PlatformRoleID == "" {
+		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("platform role is missing"), "badrequest"))
+		return
+	}
 	userRole, err := logic.GetRole(user.PlatformRoleID)
 	if err != nil {
 		err = errors.New("error fetching role " + user.PlatformRoleID.String() + " " + err.Error())
diff --git a/models/user_mgmt.go b/models/user_mgmt.go
index bd15302a..573fee1a 100644
--- a/models/user_mgmt.go
+++ b/models/user_mgmt.go
@@ -122,7 +122,6 @@ type CreateGroupReq struct {
 
 type UserGroup struct {
 	ID           UserGroupID                         `json:"id"`
-	PlatformRole UserRole                            `json:"platform_role"`
 	NetworkRoles map[NetworkID]map[UserRole]struct{} `json:"network_roles"`
 	MetaData     string                              `json:"meta_data"`
 }
@@ -173,14 +172,16 @@ type UserClaims struct {
 }
 
 type InviteUsersReq struct {
-	UserEmails []string `json:"user_emails"`
-	Groups     []UserGroupID
+	UserEmails     []string `json:"user_emails"`
+	PlatformRoleID string   `json:"platform_role_id"`
+	Groups         []UserGroupID
 }
 
 // UserInvite - model for user invite
 type UserInvite struct {
-	Email      string        `json:"email"`
-	Groups     []UserGroupID `json:"groups"`
-	InviteCode string        `json:"invite_code"`
-	InviteURL  string        `json:"invite_url"`
+	Email          string        `json:"email"`
+	PlatformRoleID string        `json:"platform_role_id"`
+	Groups         []UserGroupID `json:"groups"`
+	InviteCode     string        `json:"invite_code"`
+	InviteURL      string        `json:"invite_url"`
 }
diff --git a/pro/auth/azure-ad.go b/pro/auth/azure-ad.go
index ef342994..2f27023e 100644
--- a/pro/auth/azure-ad.go
+++ b/pro/auth/azure-ad.go
@@ -99,14 +99,15 @@ func handleAzureCallback(w http.ResponseWriter, r *http.Request) {
 					Password: newPass,
 				}
 				for _, inviteGroupID := range in.Groups {
-					userG, err := proLogic.GetUserGroup(inviteGroupID)
+					_, err := proLogic.GetUserGroup(inviteGroupID)
 					if err != nil {
 						logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
 						return
 					}
-					user.PlatformRoleID = userG.PlatformRole
+
 					user.UserGroups[inviteGroupID] = struct{}{}
 				}
+				user.PlatformRoleID = models.UserRole(in.PlatformRoleID)
 				if user.PlatformRoleID == "" {
 					user.PlatformRoleID = models.ServiceUser
 				}
diff --git a/pro/auth/github.go b/pro/auth/github.go
index a39d174d..5f10746d 100644
--- a/pro/auth/github.go
+++ b/pro/auth/github.go
@@ -99,14 +99,14 @@ func handleGithubCallback(w http.ResponseWriter, r *http.Request) {
 				}
 
 				for _, inviteGroupID := range in.Groups {
-					userG, err := proLogic.GetUserGroup(inviteGroupID)
+					_, err := proLogic.GetUserGroup(inviteGroupID)
 					if err != nil {
 						logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
 						return
 					}
-					user.PlatformRoleID = userG.PlatformRole
 					user.UserGroups[inviteGroupID] = struct{}{}
 				}
+				user.PlatformRoleID = models.UserRole(in.PlatformRoleID)
 				if user.PlatformRoleID == "" {
 					user.PlatformRoleID = models.ServiceUser
 				}
diff --git a/pro/auth/google.go b/pro/auth/google.go
index 34dc2396..7883d3a6 100644
--- a/pro/auth/google.go
+++ b/pro/auth/google.go
@@ -106,16 +106,16 @@ func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {
 				}
 				logger.Log(0, "CALLBACK ----> 4.1")
 				for _, inviteGroupID := range in.Groups {
-					userG, err := proLogic.GetUserGroup(inviteGroupID)
+					_, err := proLogic.GetUserGroup(inviteGroupID)
 					if err != nil {
 						logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
 						return
 					}
-					user.PlatformRoleID = userG.PlatformRole
 					user.UserGroups = make(map[models.UserGroupID]struct{})
 					user.UserGroups[inviteGroupID] = struct{}{}
 				}
 				logger.Log(0, "CALLBACK ----> 5")
+				user.PlatformRoleID = models.UserRole(in.PlatformRoleID)
 				if user.PlatformRoleID == "" {
 					user.PlatformRoleID = models.ServiceUser
 				}
diff --git a/pro/auth/oidc.go b/pro/auth/oidc.go
index 0b62a91b..fd48823a 100644
--- a/pro/auth/oidc.go
+++ b/pro/auth/oidc.go
@@ -111,14 +111,14 @@ func handleOIDCCallback(w http.ResponseWriter, r *http.Request) {
 					Password: newPass,
 				}
 				for _, inviteGroupID := range in.Groups {
-					userG, err := proLogic.GetUserGroup(inviteGroupID)
+					_, err := proLogic.GetUserGroup(inviteGroupID)
 					if err != nil {
 						logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
 						return
 					}
-					user.PlatformRoleID = userG.PlatformRole
 					user.UserGroups[inviteGroupID] = struct{}{}
 				}
+				user.PlatformRoleID = models.UserRole(in.PlatformRoleID)
 				if user.PlatformRoleID == "" {
 					user.PlatformRoleID = models.ServiceUser
 				}
diff --git a/pro/controllers/users.go b/pro/controllers/users.go
index 2622396e..1fad3aa1 100644
--- a/pro/controllers/users.go
+++ b/pro/controllers/users.go
@@ -105,15 +105,14 @@ func userInviteSignUp(w http.ResponseWriter, r *http.Request) {
 	}
 
 	for _, inviteGroupID := range in.Groups {
-		userG, err := proLogic.GetUserGroup(inviteGroupID)
+		_, err := proLogic.GetUserGroup(inviteGroupID)
 		if err != nil {
-			logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
-			return
+			continue
 		}
-		user.PlatformRoleID = userG.PlatformRole
 		user.UserGroups = make(map[models.UserGroupID]struct{})
 		user.UserGroups[inviteGroupID] = struct{}{}
 	}
+	user.PlatformRoleID = models.UserRole(in.PlatformRoleID)
 	if user.PlatformRoleID == "" {
 		user.PlatformRoleID = models.ServiceUser
 	}
@@ -171,19 +170,13 @@ func inviteUsers(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	//validate Req
-	uniqueGroupsPlatformRole := make(map[models.UserRole]struct{})
 	for _, groupID := range inviteReq.Groups {
-		userG, err := proLogic.GetUserGroup(groupID)
+		_, err := proLogic.GetUserGroup(groupID)
 		if err != nil {
 			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
 			return
 		}
-		uniqueGroupsPlatformRole[userG.PlatformRole] = struct{}{}
-	}
-	if len(uniqueGroupsPlatformRole) > 1 {
-		err = errors.New("only groups with same platform role can be assigned to an user")
-		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
-		return
+
 	}
 
 	for _, inviteeEmail := range inviteReq.UserEmails {
diff --git a/pro/logic/user_mgmt.go b/pro/logic/user_mgmt.go
index b5880e5c..6a30db0a 100644
--- a/pro/logic/user_mgmt.go
+++ b/pro/logic/user_mgmt.go
@@ -243,15 +243,7 @@ func DeleteRole(rid models.UserRole) error {
 }
 
 func ValidateCreateGroupReq(g models.UserGroup) error {
-	// check platform role is valid
-	role, err := logic.GetRole(g.PlatformRole)
-	if err != nil {
-		err = fmt.Errorf("invalid platform role")
-		return err
-	}
-	if role.NetworkID != "" {
-		return errors.New("network role cannot be used as platform role")
-	}
+
 	// check if network roles are valid
 	for _, roleMap := range g.NetworkRoles {
 		for roleID := range roleMap {
@@ -267,15 +259,7 @@ func ValidateCreateGroupReq(g models.UserGroup) error {
 	return nil
 }
 func ValidateUpdateGroupReq(g models.UserGroup) error {
-	// check platform role is valid
-	role, err := logic.GetRole(g.PlatformRole)
-	if err != nil {
-		err = fmt.Errorf("invalid platform role")
-		return err
-	}
-	if role.NetworkID != "" {
-		return errors.New("network role cannot be used as platform role")
-	}
+
 	for networkID := range g.NetworkRoles {
 		userRolesMap := g.NetworkRoles[networkID]
 		for roleID := range userRolesMap {
@@ -585,17 +569,12 @@ func FilterNetworksByRole(allnetworks []models.Network, user models.User) []mode
 }
 
 func IsGroupsValid(groups map[models.UserGroupID]struct{}) error {
-	uniqueGroupsPlatformRole := make(map[models.UserRole]struct{})
+
 	for groupID := range groups {
-		userG, err := GetUserGroup(groupID)
+		_, err := GetUserGroup(groupID)
 		if err != nil {
 			return err
 		}
-		uniqueGroupsPlatformRole[userG.PlatformRole] = struct{}{}
-	}
-	if len(uniqueGroupsPlatformRole) > 1 {
-
-		return errors.New("only groups with same platform role can be assigned to an user")
 	}
 	return nil
 }