From 0a62c78132be3a777e6f56007b0af1ee6bdcb293 Mon Sep 17 00:00:00 2001 From: Sonja Happ Date: Thu, 25 Mar 2021 15:40:51 +0100 Subject: [PATCH 1/5] transform "running" parameter of scenario into "IsLocked" parameter; only admins can change this parameter, all operations other than READ fail if scenario is locked - also for associated components #63 --- database/models.go | 4 +- doc/api/docs.go | 9 ++-- doc/api/swagger.json | 9 ++-- doc/api/swagger.yaml | 6 +-- routes/component-configuration/config_test.go | 2 - routes/dashboard/dashboard_test.go | 2 - routes/file/file_test.go | 2 - routes/infrastructure-component/ic_test.go | 2 - routes/result/result_test.go | 2 - routes/scenario/scenario_endpoints.go | 3 +- routes/scenario/scenario_methods.go | 6 +-- routes/scenario/scenario_middleware.go | 4 +- routes/scenario/scenario_test.go | 45 ++++++++++++++----- routes/scenario/scenario_validators.go | 13 +++--- routes/signal/signal_test.go | 2 - routes/widget/widget_test.go | 2 - 16 files changed, 59 insertions(+), 54 deletions(-) diff --git a/database/models.go b/database/models.go index f51ff09..153dedd 100644 --- a/database/models.go +++ b/database/models.go @@ -60,8 +60,8 @@ type Scenario struct { Model // Name of scenario Name string `json:"name" gorm:"not null"` - // Running state of scenario - Running bool `json:"running" gorm:"default:false" ` + // IsLocked state of scenario (true if scenario is locked by administrator) + IsLocked bool `json:"isLocked" gorm:"default:false" ` // Start parameters of scenario as JSON StartParameters postgres.Jsonb `json:"startParameters"` // Users that have access to the scenario diff --git a/doc/api/docs.go b/doc/api/docs.go index fa1f409..17cf0eb 100644 --- a/doc/api/docs.go +++ b/doc/api/docs.go @@ -3727,9 +3727,6 @@ var doc = `{ "Name": { "type": "string" }, - "Running": { - "type": "boolean" - }, "StartParameters": { "$ref": "#/definitions/postgres.Jsonb" } @@ -3738,12 +3735,12 @@ var doc = `{ "scenario.validUpdatedScenario": { "type": "object", "properties": { + "IsLocked": { + "type": "boolean" + }, "Name": { "type": "string" }, - "Running": { - "type": "boolean" - }, "StartParameters": { "$ref": "#/definitions/postgres.Jsonb" } diff --git a/doc/api/swagger.json b/doc/api/swagger.json index 32b1bd9..32b02bb 100644 --- a/doc/api/swagger.json +++ b/doc/api/swagger.json @@ -3711,9 +3711,6 @@ "Name": { "type": "string" }, - "Running": { - "type": "boolean" - }, "StartParameters": { "$ref": "#/definitions/postgres.Jsonb" } @@ -3722,12 +3719,12 @@ "scenario.validUpdatedScenario": { "type": "object", "properties": { + "IsLocked": { + "type": "boolean" + }, "Name": { "type": "string" }, - "Running": { - "type": "boolean" - }, "StartParameters": { "$ref": "#/definitions/postgres.Jsonb" } diff --git a/doc/api/swagger.yaml b/doc/api/swagger.yaml index 85dca29..5dcdc9f 100644 --- a/doc/api/swagger.yaml +++ b/doc/api/swagger.yaml @@ -286,8 +286,6 @@ definitions: properties: Name: type: string - Running: - type: boolean StartParameters: $ref: '#/definitions/postgres.Jsonb' required: @@ -296,10 +294,10 @@ definitions: type: object scenario.validUpdatedScenario: properties: + IsLocked: + type: boolean Name: type: string - Running: - type: boolean StartParameters: $ref: '#/definitions/postgres.Jsonb' type: object diff --git a/routes/component-configuration/config_test.go b/routes/component-configuration/config_test.go index 43bf804..6f81cc6 100644 --- a/routes/component-configuration/config_test.go +++ b/routes/component-configuration/config_test.go @@ -64,7 +64,6 @@ type ICRequest struct { type ScenarioRequest struct { Name string `json:"name,omitempty"` - Running bool `json:"running,omitempty"` StartParameters postgres.Jsonb `json:"startParameters,omitempty"` } @@ -120,7 +119,6 @@ func addScenarioAndIC() (scenarioID uint, ICID uint) { // POST $newScenario newScenario := ScenarioRequest{ Name: "Scenario1", - Running: true, StartParameters: postgres.Jsonb{json.RawMessage(`{"parameter1" : "testValue1A", "parameter2" : "testValue2A", "parameter3" : 42}`)}, } code, resp, err = helper.TestEndpoint(router, token, diff --git a/routes/dashboard/dashboard_test.go b/routes/dashboard/dashboard_test.go index a73cc0f..0f592fa 100644 --- a/routes/dashboard/dashboard_test.go +++ b/routes/dashboard/dashboard_test.go @@ -49,7 +49,6 @@ type DashboardRequest struct { type ScenarioRequest struct { Name string `json:"name,omitempty"` - Running bool `json:"running,omitempty"` StartParameters postgres.Jsonb `json:"startParameters,omitempty"` } @@ -63,7 +62,6 @@ func addScenario(token string) (scenarioID uint) { // POST $newScenario newScenario := ScenarioRequest{ Name: "Scenario1", - Running: true, StartParameters: postgres.Jsonb{json.RawMessage(`{"parameter1" : "testValue1A", "parameter2" : "testValue2A", "parameter3" : 42}`)}, } _, resp, err := helper.TestEndpoint(router, token, diff --git a/routes/file/file_test.go b/routes/file/file_test.go index 28d05ad..48c5c30 100644 --- a/routes/file/file_test.go +++ b/routes/file/file_test.go @@ -47,7 +47,6 @@ var router *gin.Engine type ScenarioRequest struct { Name string `json:"name,omitempty"` - Running bool `json:"running,omitempty"` StartParameters postgres.Jsonb `json:"startParameters,omitempty"` } @@ -62,7 +61,6 @@ func addScenario() (scenarioID uint) { // POST $newScenario newScenario := ScenarioRequest{ Name: "Scenario1", - Running: true, StartParameters: postgres.Jsonb{RawMessage: json.RawMessage(`{"parameter1" : "testValue1A", "parameter2" : "testValue2A", "parameter3" : 42}`)}, } _, resp, _ := helper.TestEndpoint(router, token, diff --git a/routes/infrastructure-component/ic_test.go b/routes/infrastructure-component/ic_test.go index 000df25..194ea1e 100644 --- a/routes/infrastructure-component/ic_test.go +++ b/routes/infrastructure-component/ic_test.go @@ -65,7 +65,6 @@ type ICRequest struct { type ScenarioRequest struct { Name string `json:"name,omitempty"` - Running bool `json:"running,omitempty"` StartParameters postgres.Jsonb `json:"startParameters,omitempty"` } @@ -829,7 +828,6 @@ func TestDeleteICViaAMQPRecv(t *testing.T) { // add scenario newScenario := ScenarioRequest{ Name: "ScenarioA", - Running: true, StartParameters: postgres.Jsonb{RawMessage: json.RawMessage(`{"parameter1" : "testValue1B", "parameter2" : "testValue2B", "parameter3" : 55}`)}, } diff --git a/routes/result/result_test.go b/routes/result/result_test.go index 76af32c..521dfd6 100644 --- a/routes/result/result_test.go +++ b/routes/result/result_test.go @@ -50,7 +50,6 @@ var baseAPIResults = "/api/v2/results" type ScenarioRequest struct { Name string `json:"name,omitempty"` - Running bool `json:"running,omitempty"` StartParameters postgres.Jsonb `json:"startParameters,omitempty"` } @@ -79,7 +78,6 @@ func addScenario() (scenarioID uint) { // POST $newScenario newScenario := ScenarioRequest{ Name: "Scenario1", - Running: true, StartParameters: postgres.Jsonb{RawMessage: json.RawMessage(`{"parameter1" : "testValue1A", "parameter2" : "testValue2A", "parameter3" : 42}`)}, } _, resp, _ := helper.TestEndpoint(router, token, diff --git a/routes/scenario/scenario_endpoints.go b/routes/scenario/scenario_endpoints.go index 24e0789..c597ccc 100644 --- a/routes/scenario/scenario_endpoints.go +++ b/routes/scenario/scenario_endpoints.go @@ -182,7 +182,8 @@ func updateScenario(c *gin.Context) { } // Create the updatedScenario from oldScenario - updatedScenario := req.updatedScenario(oldScenario) + userRole, _ := c.Get(database.UserRoleCtx) + updatedScenario := req.updatedScenario(oldScenario, userRole.(string)) // Finally update the scenario err := oldScenario.update(updatedScenario) diff --git a/routes/scenario/scenario_methods.go b/routes/scenario/scenario_methods.go index 1a60e52..9f76bab 100644 --- a/routes/scenario/scenario_methods.go +++ b/routes/scenario/scenario_methods.go @@ -58,7 +58,7 @@ func (s *Scenario) update(updatedScenario Scenario) error { // TODO: if the field is empty member shouldn't be updated s.Name = updatedScenario.Name - s.Running = updatedScenario.Running + s.IsLocked = updatedScenario.IsLocked s.StartParameters = updatedScenario.StartParameters db := database.GetDB() @@ -146,7 +146,7 @@ func (s *Scenario) delete() error { return nil } -func (s *Scenario) checkAccess(userID uint, userRole string) bool { +func (s *Scenario) checkAccess(userID uint, userRole string, operation database.CRUD) bool { if userRole == "Admin" { return true @@ -155,7 +155,7 @@ func (s *Scenario) checkAccess(userID uint, userRole string) bool { u := database.User{} u.Username = "" err := db.Order("ID asc").Model(s).Where("ID = ?", userID).Related(&u, "Users").Error - if err != nil || !u.Active { + if err != nil || !u.Active || (s.IsLocked && operation != database.Read) { return false } else { return true diff --git a/routes/scenario/scenario_middleware.go b/routes/scenario/scenario_middleware.go index 2a9740a..c8f87e8 100644 --- a/routes/scenario/scenario_middleware.go +++ b/routes/scenario/scenario_middleware.go @@ -56,8 +56,8 @@ func CheckPermissions(c *gin.Context, operation database.CRUD, scenarioIDsource return false, so } - if so.checkAccess(userID.(uint), userRole.(string)) == false { - helper.UnprocessableEntityError(c, "Access denied (for scenario ID).") + if so.checkAccess(userID.(uint), userRole.(string), operation) == false { + helper.UnprocessableEntityError(c, "Access denied (user has no access or scenario is locked).") return false, so } diff --git a/routes/scenario/scenario_test.go b/routes/scenario/scenario_test.go index 65c39a2..51740ae 100644 --- a/routes/scenario/scenario_test.go +++ b/routes/scenario/scenario_test.go @@ -40,7 +40,7 @@ var router *gin.Engine type ScenarioRequest struct { Name string `json:"name,omitempty"` - Running bool `json:"running,omitempty"` + IsLocked bool `json:"isLocked,omitempty"` StartParameters postgres.Jsonb `json:"startParameters,omitempty"` } @@ -54,13 +54,11 @@ type UserRequest struct { var newScenario1 = ScenarioRequest{ Name: "Scenario1", - Running: true, StartParameters: postgres.Jsonb{json.RawMessage(`{"parameter1" : "testValue1A", "parameter2" : "testValue2A", "parameter3" : 42}`)}, } var newScenario2 = ScenarioRequest{ Name: "Scenario2", - Running: false, StartParameters: postgres.Jsonb{json.RawMessage(`{"parameter1" : "testValue1B", "parameter2" : "testValue2B", "parameter3" : 55}`)}, } @@ -133,7 +131,7 @@ func TestAddScenario(t *testing.T) { // try to POST a malformed scenario // Required fields are missing malformedNewScenario := ScenarioRequest{ - Running: false, + IsLocked: false, } // this should NOT work and return a unprocessable entity 442 status code code, resp, err = helper.TestEndpoint(router, token, @@ -205,12 +203,6 @@ func TestUpdateScenario(t *testing.T) { newScenarioID, err := helper.GetResponseID(resp) assert.NoError(t, err) - updatedScenario := ScenarioRequest{ - Name: "Updated name", - Running: false, - StartParameters: postgres.Jsonb{RawMessage: json.RawMessage(`{"parameter1" : "testValue1A", "parameter2" : "testValue2A", "parameter3" : 42}`)}, - } - // try to update with non JSON body // should return a bad request error code, resp, err = helper.TestEndpoint(router, token, @@ -218,6 +210,24 @@ func TestUpdateScenario(t *testing.T) { assert.NoError(t, err) assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) + updatedScenario := ScenarioRequest{ + Name: "Updated name", + IsLocked: true, + StartParameters: postgres.Jsonb{RawMessage: json.RawMessage(`{"parameter1" : "testValue1A", "parameter2" : "testValue2A", "parameter3" : 42}`)}, + } + + // try to change locked state as non admin user + // should return 200 but locked state not updated + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/v2/scenarios/%v", newScenarioID), "PUT", helper.KeyModels{"scenario": updatedScenario}) + assert.NoError(t, err) + assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) + + // Compare PUT's response with the updatedScenario (should result in error) + err = helper.CompareResponse(resp, helper.KeyModels{"scenario": updatedScenario}) + assert.Error(t, err) + + updatedScenario.IsLocked = false code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/scenarios/%v", newScenarioID), "PUT", helper.KeyModels{"scenario": updatedScenario}) assert.NoError(t, err) @@ -243,6 +253,21 @@ func TestUpdateScenario(t *testing.T) { assert.NoError(t, err) assert.Equalf(t, 404, code, "Response body: \n%v\n", resp) + // authenticate as admin user who has no access to everything + token, err = helper.AuthenticateForTest(router, helper.AdminCredentials) + assert.NoError(t, err) + + // changed locked state of scenario as admin user (should work) + updatedScenario.IsLocked = true + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/v2/scenarios/%v", newScenarioID), "PUT", helper.KeyModels{"scenario": updatedScenario}) + assert.NoError(t, err) + assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) + + // Compare PUT's response with the updatedScenario + err = helper.CompareResponse(resp, helper.KeyModels{"scenario": updatedScenario}) + assert.NoError(t, err) + } func TestGetAllScenariosAsAdmin(t *testing.T) { diff --git a/routes/scenario/scenario_validators.go b/routes/scenario/scenario_validators.go index b42cf1b..f80d4ac 100644 --- a/routes/scenario/scenario_validators.go +++ b/routes/scenario/scenario_validators.go @@ -32,13 +32,12 @@ var validate *validator.Validate type validNewScenario struct { Name string `form:"Name" validate:"required"` - Running bool `form:"Running" validate:"omitempty"` StartParameters postgres.Jsonb `form:"StartParameters" validate:"required"` } type validUpdatedScenario struct { Name string `form:"Name" validate:"omitempty"` - Running bool `form:"Running" validate:"omitempty"` + IsLocked bool `form:"IsLocked" validate:"omitempty"` StartParameters postgres.Jsonb `form:"StartParameters" validate:"omitempty"` } @@ -66,22 +65,24 @@ func (r *addScenarioRequest) createScenario() Scenario { var s Scenario s.Name = r.Scenario.Name - s.Running = r.Scenario.Running + s.IsLocked = false // new scenarios are not locked s.StartParameters = r.Scenario.StartParameters return s } -func (r *updateScenarioRequest) updatedScenario(oldScenario Scenario) Scenario { +func (r *updateScenarioRequest) updatedScenario(oldScenario Scenario, userRole string) Scenario { // Use the old Scenario as a basis for the updated Scenario `s` s := oldScenario + if userRole == "Admin" { // only admin users can change isLocked status + s.IsLocked = r.Scenario.IsLocked + } + if r.Scenario.Name != "" { s.Name = r.Scenario.Name } - s.Running = r.Scenario.Running - // only update Params if not empty var emptyJson postgres.Jsonb // Serialize empty json and params diff --git a/routes/signal/signal_test.go b/routes/signal/signal_test.go index 9444b53..b6a072b 100644 --- a/routes/signal/signal_test.go +++ b/routes/signal/signal_test.go @@ -72,7 +72,6 @@ type ICRequest struct { type ScenarioRequest struct { Name string `json:"name,omitempty"` - Running bool `json:"running,omitempty"` StartParameters postgres.Jsonb `json:"startParameters,omitempty"` } @@ -118,7 +117,6 @@ func addScenarioAndICAndConfig() (scenarioID uint, ICID uint, configID uint) { // POST $newScenario newScenario := ScenarioRequest{ Name: "Scenario1", - Running: true, StartParameters: postgres.Jsonb{json.RawMessage(`{"parameter1" : "testValue1A", "parameter2" : "testValue2A", "parameter3" : 42}`)}, } _, resp, _ = helper.TestEndpoint(router, token, diff --git a/routes/widget/widget_test.go b/routes/widget/widget_test.go index 8d47b94..ba6aace 100644 --- a/routes/widget/widget_test.go +++ b/routes/widget/widget_test.go @@ -64,7 +64,6 @@ type DashboardRequest struct { type ScenarioRequest struct { Name string `json:"name,omitempty"` - Running bool `json:"running,omitempty"` StartParameters postgres.Jsonb `json:"startParameters,omitempty"` } @@ -88,7 +87,6 @@ func addScenarioAndDashboard(token string) (scenarioID uint, dashboardID uint) { // POST $newScenario newScenario := ScenarioRequest{ Name: "Scenario1", - Running: true, StartParameters: postgres.Jsonb{json.RawMessage(`{"parameter1" : "testValue1A", "parameter2" : "testValue2A", "parameter3" : 42}`)}, } _, resp, _ := helper.TestEndpoint(router, token, From cabb3ed7f76f2a538f6ed52721758a54459075eb Mon Sep 17 00:00:00 2001 From: Sonja Happ Date: Thu, 25 Mar 2021 15:46:59 +0100 Subject: [PATCH 2/5] extend testing for updating scenarios in locked state --- routes/scenario/scenario_test.go | 42 ++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/routes/scenario/scenario_test.go b/routes/scenario/scenario_test.go index 51740ae..f0d1081 100644 --- a/routes/scenario/scenario_test.go +++ b/routes/scenario/scenario_test.go @@ -268,6 +268,48 @@ func TestUpdateScenario(t *testing.T) { err = helper.CompareResponse(resp, helper.KeyModels{"scenario": updatedScenario}) assert.NoError(t, err) + // Get the updatedScenario + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/v2/scenarios/%v", newScenarioID), "GET", nil) + assert.NoError(t, err) + assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) + + // Compare GET's response with the newScenario + err = helper.CompareResponse(resp, helper.KeyModels{"scenario": updatedScenario}) + assert.NoError(t, err) + + // change a locked scenario as admin user (should work) + updatedScenario.Name = "Updated as admin" + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/v2/scenarios/%v", newScenarioID), "PUT", helper.KeyModels{"scenario": updatedScenario}) + assert.NoError(t, err) + assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) + + // Compare GET's response with the updatedScenario + err = helper.CompareResponse(resp, helper.KeyModels{"scenario": updatedScenario}) + assert.NoError(t, err) + + // authenticate as normal user + token, err = helper.AuthenticateForTest(router, helper.UserACredentials) + assert.NoError(t, err) + + // Get the updatedScenario + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/v2/scenarios/%v", newScenarioID), "GET", nil) + assert.NoError(t, err) + assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) + + // Compare GET's response with the updatedScenario + err = helper.CompareResponse(resp, helper.KeyModels{"scenario": updatedScenario}) + assert.NoError(t, err) + + // try to change a locked scenario as normal user (should result in unprocessable entity error) + updatedScenario.Name = "another new name" + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/v2/scenarios/%v", newScenarioID), "PUT", helper.KeyModels{"scenario": updatedScenario}) + assert.NoError(t, err) + assert.Equalf(t, 422, code, "Response body: \n%v\n", resp) + } func TestGetAllScenariosAsAdmin(t *testing.T) { From 776e89eb90d4eda9fbfa8eb688af59e20f313755 Mon Sep 17 00:00:00 2001 From: Sonja Happ Date: Wed, 14 Apr 2021 10:07:35 +0200 Subject: [PATCH 3/5] fix updating bool values of data models (incl. scenario IsLocked parameter #63) --- routes/infrastructure-component/ic_methods.go | 6 ++++++ routes/scenario/scenario_methods.go | 6 ++++++ routes/user/user_methods.go | 5 ++++- 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/routes/infrastructure-component/ic_methods.go b/routes/infrastructure-component/ic_methods.go index d7b082d..7c9c307 100644 --- a/routes/infrastructure-component/ic_methods.go +++ b/routes/infrastructure-component/ic_methods.go @@ -52,6 +52,12 @@ func (s *InfrastructureComponent) update(updatedIC InfrastructureComponent) erro db := database.GetDB() err := db.Model(s).Updates(updatedIC).Error + if err != nil { + return err + } + + // extra update for bool ManagedExternally since it is ignored if false + err = db.Model(s).Updates(map[string]interface{}{"ManagedExternally": updatedIC.ManagedExternally}).Error return err } diff --git a/routes/scenario/scenario_methods.go b/routes/scenario/scenario_methods.go index 9f76bab..dbd6cb6 100644 --- a/routes/scenario/scenario_methods.go +++ b/routes/scenario/scenario_methods.go @@ -63,6 +63,12 @@ func (s *Scenario) update(updatedScenario Scenario) error { db := database.GetDB() err := db.Model(s).Update(updatedScenario).Error + if err != nil { + return err + } + + // extra update for bool IsLocked since it is ignored if false + err = db.Model(s).Updates(map[string]interface{}{"IsLocked": updatedScenario.IsLocked}).Error return err } diff --git a/routes/user/user_methods.go b/routes/user/user_methods.go index 885af6d..87981bc 100644 --- a/routes/user/user_methods.go +++ b/routes/user/user_methods.go @@ -124,8 +124,11 @@ func (u *User) update(updatedUser User) error { db := database.GetDB() err := db.Model(u).Update(updatedUser).Error + if err != nil { + return err + } - // extra update for bool active since it is ignored if false + // extra update for bool Active since it is ignored if false err = db.Model(u).Updates(map[string]interface{}{"Active": updatedUser.Active}).Error return err From 75aa4a023f5d4fb2d81bad92291704bf4545133b Mon Sep 17 00:00:00 2001 From: Sonja Happ Date: Wed, 14 Apr 2021 10:18:34 +0200 Subject: [PATCH 4/5] CI: disable cache and artifacts --- .gitlab-ci.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3114e3d..d2b867e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -11,9 +11,6 @@ variables: GOPATH: $CI_PROJECT_DIR/.go before_script: - mkdir -p .go - cache: - paths: - - .go/pkg/mod/ stages: - build @@ -37,10 +34,6 @@ build: --parseVendor --parseDepth 2 - go build - artifacts: - paths: - - doc/api/swagger.json - - doc/api/docs.go # Stage: test ############################################################################## From 2c79523a50ebdf64cff35027cbd61a3c8c077f52 Mon Sep 17 00:00:00 2001 From: Sonja Happ Date: Tue, 20 Apr 2021 17:10:29 +0200 Subject: [PATCH 5/5] fix access checking for scenarios --- routes/scenario/scenario_methods.go | 34 +++++++++++++++++--------- routes/scenario/scenario_middleware.go | 3 +-- 2 files changed, 24 insertions(+), 13 deletions(-) diff --git a/routes/scenario/scenario_methods.go b/routes/scenario/scenario_methods.go index dbd6cb6..49ea335 100644 --- a/routes/scenario/scenario_methods.go +++ b/routes/scenario/scenario_methods.go @@ -152,20 +152,32 @@ func (s *Scenario) delete() error { return nil } -func (s *Scenario) checkAccess(userID uint, userRole string, operation database.CRUD) bool { +func (s *Scenario) checkAccess(userID uint, operation database.CRUD) bool { - if userRole == "Admin" { + db := database.GetDB() + u := database.User{} + + err := db.Find(&u, userID).Error + if err != nil { + return false + } + + if u.Role == "Admin" { return true + } + + scenarioUser := database.User{} + err = db.Order("ID asc").Model(s).Where("ID = ?", userID).Related(&scenarioUser, "Users").Error + if err != nil { + return false + } + + if !scenarioUser.Active { + return false + } else if s.IsLocked && operation != database.Read { + return false } else { - db := database.GetDB() - u := database.User{} - u.Username = "" - err := db.Order("ID asc").Model(s).Where("ID = ?", userID).Related(&u, "Users").Error - if err != nil || !u.Active || (s.IsLocked && operation != database.Read) { - return false - } else { - return true - } + return true } } diff --git a/routes/scenario/scenario_middleware.go b/routes/scenario/scenario_middleware.go index c8f87e8..d908e03 100644 --- a/routes/scenario/scenario_middleware.go +++ b/routes/scenario/scenario_middleware.go @@ -49,14 +49,13 @@ func CheckPermissions(c *gin.Context, operation database.CRUD, scenarioIDsource } userID, _ := c.Get(database.UserIDCtx) - userRole, _ := c.Get(database.UserRoleCtx) err = so.ByID(uint(scenarioID)) if helper.DBError(c, err) { return false, so } - if so.checkAccess(userID.(uint), userRole.(string), operation) == false { + if so.checkAccess(userID.(uint), operation) == false { helper.UnprocessableEntityError(c, "Access denied (user has no access or scenario is locked).") return false, so }