Skip to content

Commit

Permalink
chore(backend): add remove team member api
Browse files Browse the repository at this point in the history
  • Loading branch information
detj committed Dec 6, 2023
1 parent 941a591 commit 8c60c62
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 1 deletion.
8 changes: 8 additions & 0 deletions measure-backend/measure-go/authz.go
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,14 @@ func PerformAuthz(uid string, rid string, scope scope) (bool, error) {
return true, nil
}
return false, nil
case *ScopeTeamChangeRoleSameOrLower:
if slices.Contains(roleScope, *ScopeTeamAll) {
return true, nil
}
if slices.Contains(roleScope, *ScopeTeamChangeRoleSameOrLower) {
return true, nil
}
return false, nil
case *ScopeTeamAll:
if slices.Contains(roleScope, *ScopeTeamAll) {
return true, nil
Expand Down
3 changes: 2 additions & 1 deletion measure-backend/measure-go/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ func main() {
r := gin.Default()
cors := cors.New(cors.Config{
AllowOrigins: []string{"http://localhost:3000", "https://www.measure.sh"},
AllowMethods: []string{"GET", "OPTIONS", "PATCH"},
AllowMethods: []string{"GET", "OPTIONS", "PATCH", "DELETE"},
AllowHeaders: []string{"Authorization"},
AllowCredentials: true,
MaxAge: 12 * time.Hour,
Expand All @@ -66,6 +66,7 @@ func main() {
r.Use(cors).PATCH("/teams/:id/rename", validateAccessToken(), renameTeam)
r.Use(cors).GET("/teams/:id/authz", validateAccessToken(), getAuthzRoles)
r.Use(cors).GET("/teams/:id/members", validateAccessToken(), getTeamMembers)
r.Use(cors).DELETE("/teams/:id/members/:memberId", validateAccessToken(), removeTeamMember)

r.Run(":8080") // listen and serve on 0.0.0.0:8080
}
81 changes: 81 additions & 0 deletions measure-backend/measure-go/teams.go
Original file line number Diff line number Diff line change
Expand Up @@ -238,6 +238,23 @@ func (t *Team) rename() error {
return nil
}

func (t *Team) removeMember(memberId *uuid.UUID) error {
stmt := sqlf.PostgreSQL.DeleteFrom("team_membership").
Where("team_id = ?", nil).
Where("user_id = ?", nil)
defer stmt.Close()

ctx := context.Background()

_, err := server.PgPool.Exec(ctx, stmt.String(), t.ID, memberId)

if err != nil {
return err
}

return nil
}

func getTeams(c *gin.Context) {
userId := c.GetString("userId")
u := &User{
Expand Down Expand Up @@ -602,3 +619,67 @@ func getTeamMembers(c *gin.Context) {

c.JSON(http.StatusOK, members)
}

func removeTeamMember(c *gin.Context) {
userId := c.GetString("userId")
teamId, err := uuid.Parse(c.Param("id"))
if err != nil {
msg := `team id invalid or missing`
fmt.Println(msg, err)
c.JSON(http.StatusBadRequest, gin.H{"error": msg})
return
}

memberId, err := uuid.Parse(c.Param("memberId"))
if err != nil {
msg := `member id invalid or missing`
fmt.Println(msg, err)
c.JSON(http.StatusBadRequest, gin.H{"error": msg})
return
}

user := &User{
id: userId,
}

userRole, err := user.getRole(teamId.String())
if err != nil {
msg := `couldn't perform authorization checks`
fmt.Println(msg, err)
c.JSON(http.StatusInternalServerError, gin.H{"error": msg})
return
}

if err != nil || userRole == unknown {
msg := `couldn't perform authorization checks`
fmt.Println(msg, err)
c.JSON(http.StatusInternalServerError, gin.H{"error": msg})
return
}

ok, err := PerformAuthz(userId, teamId.String(), *ScopeTeamChangeRoleSameOrLower)
if err != nil {
msg := `couldn't perform authorization checks`
fmt.Println(msg, err)
c.JSON(http.StatusInternalServerError, gin.H{"error": msg})
return
}
if !ok {
msg := fmt.Sprintf(`you don't have modify permissions to team [%s]`, teamId)
c.JSON(http.StatusForbidden, gin.H{"error": msg})
return
}

team := &Team{
ID: &teamId,
}

if err = team.removeMember(&memberId); err != nil {
msg := fmt.Sprintf("couldn't remove member [%s]", memberId)
fmt.Println(msg, err)
c.JSON(http.StatusInternalServerError, gin.H{"error": msg})
return
}

c.JSON(http.StatusOK, gin.H{"ok": fmt.Sprintf("removed member [%s] from team [%s]", memberId, teamId)})
}

0 comments on commit 8c60c62

Please sign in to comment.