feat (login and groups): group managers and new login approach

harena-lab · Mar 27, 2022 · 249981f · 249981f
1 parent 8fea190
commit 249981f
Show file tree

Hide file tree

Showing 8 changed files with 394 additions and 102 deletions.
diff --git a/harena-manager.postman_collection.json b/harena-manager.postman_collection.json
@@ -1,6 +1,6 @@
 {
 	"info": {
-		"_postman_id": "e04debeb-8da3-40a1-83bc-e210b48f8648",
+		"_postman_id": "e94367f3-5fe8-4628-9973-b1d5951cd65a",
 		"name": "harena-manager",
 		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
 	},
@@ -182,6 +182,62 @@
 					},
 					"response": []
 				},
+				{
+					"name": "/auth/login_event session",
+					"event": [
+						{
+							"listen": "test",
+							"script": {
+								"exec": [
+									"var response = pm.response.json();",
+									"console.log(response)",
+									"pm.environment.set(\"user-token\", response.token);",
+									"pm.environment.set(\"user-refreshToken\", response.refreshToken);",
+									""
+								],
+								"type": "text/javascript"
+							}
+						}
+					],
+					"request": {
+						"method": "POST",
+						"header": [],
+						"body": {
+							"mode": "formdata",
+							"formdata": [
+								{
+									"key": "eventId",
+									"value": "",
+									"type": "text",
+									"disabled": true
+								},
+								{
+									"key": "username",
+									"value": "",
+									"type": "text",
+									"disabled": true
+								},
+								{
+									"key": "login",
+									"value": "",
+									"type": "text",
+									"disabled": true
+								}
+							]
+						},
+						"url": {
+							"raw": "{{api-base-url}}/auth/login_event",
+							"host": [
+								"{{api-base-url}}"
+							],
+							"path": [
+								"auth",
+								"login_event"
+							]
+						}
+					},
+					"response": []
+				},
 				{
 					"name": "/auth/logout session",
 					"event": [
@@ -2988,6 +3044,49 @@
 					},
 					"response": []
 				},
+				{
+					"name": "/group/managers",
+					"event": [
+						{
+							"listen": "test",
+							"script": {
+								"exec": [
+									""
+								],
+								"type": "text/javascript"
+							}
+						}
+					],
+					"protocolProfileBehavior": {
+						"disableBodyPruning": true
+					},
+					"request": {
+						"method": "GET",
+						"header": [],
+						"body": {
+							"mode": "formdata",
+							"formdata": [
+								{
+									"key": "groupId",
+									"value": "",
+									"description": "group id (hash code)",
+									"type": "text"
+								}
+							]
+						},
+						"url": {
+							"raw": "{{api-base-url}}/group/managers",
+							"host": [
+								"{{api-base-url}}"
+							],
+							"path": [
+								"group",
+								"managers"
+							]
+						}
+					},
+					"response": []
+				},
 				{
 					"name": "/group/user (wip)",
 					"event": [
@@ -3116,6 +3215,40 @@
 						}
 					},
 					"response": []
+				},
+				{
+					"name": "/group/link/manager",
+					"request": {
+						"method": "POST",
+						"header": [],
+						"body": {
+							"mode": "formdata",
+							"formdata": [
+								{
+									"key": "groupId",
+									"value": "",
+									"type": "text"
+								},
+								{
+									"key": "userId",
+									"value": "",
+									"type": "text"
+								}
+							]
+						},
+						"url": {
+							"raw": "{{api-base-url}}/group/link/manager",
+							"host": [
+								"{{api-base-url}}"
+							],
+							"path": [
+								"group",
+								"link",
+								"manager"
+							]
+						}
+					},
+					"response": []
 				}
 			]
 		},
@@ -3369,37 +3502,10 @@
 					"response": []
 				},
 				{
-					"name": "/event/list",
-					"event": [
-						{
-							"listen": "test",
-							"script": {
-								"exec": [
-									"var response = pm.response.json();",
-									"",
-									"pm.environment.set(\"quest-id\", response.id);"
-								],
-								"type": "text/javascript"
-							}
-						}
-					],
-					"protocolProfileBehavior": {
-						"disableBodyPruning": true
-					},
+					"name": "/events",
 					"request": {
 						"method": "GET",
-						"header": [
-							{
-								"key": "Content-Type",
-								"name": "Content-Type",
-								"type": "text",
-								"value": "application/x-www-form-urlencoded"
-							}
-						],
-						"body": {
-							"mode": "formdata",
-							"formdata": []
-						},
+						"header": [],
 						"url": {
 							"raw": "{{api-base-url}}/event/list",
 							"host": [

diff --git a/src/adonisjs/app/Controllers/Http/GroupController.js b/src/adonisjs/app/Controllers/Http/GroupController.js
@@ -3,6 +3,7 @@
 const Group = use('App/Models/Group')
 const User = use('App/Models/v1/User')
 const UsersGroup = use('App/Models/v1/UsersGroup')
+const ManagersGroup = use('App/Models/v1/ManagersGroup')
 
 const Database = use('Database')
 const uuidv4 = require('uuid/v4')
@@ -33,22 +34,63 @@ class GroupController {
     }
   }
 
+  async canManageGroup (user, groupId) {
+    let canManage = await ManagersGroup
+      .query()
+      .where('user_id', user.id)
+      .where('group_id', groupId)
+      .first()
+
+    if (!canManage) {
+      const roles = (await user.roles().fetch()).toJSON()
+      for (const r of roles)
+        if (r.slug == 'admin')
+          canManage = true
+    }
+
+    return canManage
+  }
+
   async linkUser ({ request, auth, response }) {
     try {
       const { userId, groupId } = request.post()
       const user = await User.find(userId)
-      const canLinkUser = await UsersGroup
-        .query()
-        .where('user_id', auth.user.id)
-        .where('group_id', groupId)
-        .first()
-      if(canLinkUser && user){
+
+      const canManage = await this.canManageGroup(auth.user, groupId)
+
+      if (canManage && user) {
         await user.groups().attach(groupId)
         return response.json(user.username + ' successfully added to the group!')
-      }else if(!canLinkUser){
-        return response.status(500).json('Error. You must be part of the group to be able to add another user.')
-      }else{
-        return response.status(500).json('Error. Could not find the user to be added into the group.')
+      } else if (!canManage) {
+        return response.status(500).json(
+          'Error. You must have the right to be able to add another user.')
+      } else {
+        return response.status(500).json(
+          'Error. Could not find the user to be added into the group.')
+      }
+
+    } catch (e) {
+      console.log(e)
+      return response.status(e.status).json({ message: e.toString() })
+    }
+  }
+
+  async linkManager ({ request, auth, response }) {
+    try {
+      const { userId, groupId } = request.post()
+      const user = await User.find(userId)
+      const canManage = await this.canManageGroup(auth.user, groupId)
+
+      if (canManage && user) {
+        await user.groupManagers().attach(groupId)
+        return response.json(user.username +
+          ' successfully added as manager to the group!')
+      } else if (!canManage) {
+        return response.status(500).json(
+          'Error. You must have the right to be able to add another manager.')
+      } else {
+        return response.status(500)
+          .json('Error. Could not find the user to be added into the group.')
       }
 
     } catch (e) {
@@ -123,7 +165,10 @@ class GroupController {
   async listUsers ({ request, auth, response }) {
     try {
       const groupId = request.input('groupId')
-      if(await Group.find(groupId)){
+
+      const canManage = await this.canManageGroup(auth.user, groupId)
+
+      if (canManage && await Group.find(groupId)) {
         const result = await Database
           .select('users.username','user_id','group_id','groups.title as group_title')
           .from('users_groups')
@@ -132,16 +177,43 @@ class GroupController {
           .where ('users_groups.group_id', groupId)
 
         return response.json(result)
-      }
-      else {
+      } else if (!canManage) {
+        return response.status(500).json(
+          'Error. You must have the right to be able to list group users.')
+      } else {
         return response.status(500).json('Error. Could not find selected group.')
       }
     } catch (e) {
       console.log(e)
       return response.status(e.status).json({ message: e.toString() })
     }
+  }
+
+  async listManagers ({ request, auth, response }) {
+    try {
+      const groupId = request.input('groupId')
 
+      const canManage = await this.canManageGroup(auth.user, groupId)
 
+      if (canManage && await Group.find(groupId)) {
+        const result = await Database
+          .select('users.username','user_id','group_id','groups.title as group_title')
+          .from('managers_groups')
+          .join('groups','managers_groups.group_id','groups.id')
+          .join('users', 'managers_groups.user_id', 'users.id')
+          .where ('managers_groups.group_id', groupId)
+
+        return response.json(result)
+      } else if (!canManage) {
+        return response.status(500).json(
+          'Error. You must have the right to be able to list group managers.')
+      } else {
+        return response.status(500).json('Error. Could not find selected group.')
+      }
+    } catch (e) {
+      console.log(e)
+      return response.status(e.status).json({ message: e.toString() })
+    }
   }
 
   async removeUser ({ request, auth, response }){