Add method to create users and fix user update

Signed-off-by: trivernis <trivernis@protonmail.com>
4 years ago · 047ead2fd7
parent fee0f1e1aa
commit 047ead2fd7
5 changed files with 47 additions and 5 deletions
--- a/src/database/models.rs
+++ b/src/database/models.rs
@ -71,3 +71,13 @@ pub struct UserFullInformation {
    pub email: String,
    pub roles: Vec<Role>,
 }
+
+impl From<UserRecord> for UserInformation {
+    fn from(record: UserRecord) -> Self {
+        Self {
+            id: record.id.clone(),
+            name: record.name.clone(),
+            email: record.email.clone(),
+        }
+    }
+}
--- a/src/database/permissions.rs
+++ b/src/database/permissions.rs
@ -14,6 +14,7 @@ pub(crate) const ROLE_DELETE_PERM: &str = "ROLE_DELETE";

 pub(crate) const USER_UPDATE_PERM: &str = "USER_UPDATE";
 pub(crate) const USER_VIEW_PERM: &str = "USER_VIEW";
+pub(crate) const USER_CREATE_PERM: &str = "USER_CREATE";

 pub(crate) const USER_MANAGEMENT_PERMISSIONS: &[(&'static str, &'static str)] = &[
    (ROLE_CREATE_PERM, "Allows the user to create roles"),
@ -25,6 +26,7 @@ pub(crate) const USER_MANAGEMENT_PERMISSIONS: &[(&'static str, &'static str)] =
        "Allows changing the name, password and email of a user",
    ),
    (USER_VIEW_PERM, "Allows to see information of users"),
+    (USER_CREATE_PERM, "Allows the creation of new users"),
 ];

 /// The permissions table that stores defined
--- a/src/database/users.rs
+++ b/src/database/users.rs
@ -101,7 +101,7 @@ impl Users {
        }
        if old_email != email
            && connection
-                .query_opt("SELECT email FROM users WHERE email = $1", &[&old_email])?
+                .query_opt("SELECT email FROM users WHERE email = $1", &[&email])?
                .is_some()
        {
            log::trace!("Failed to create user: New Record exists!");
--- a/src/server/http_server.rs
+++ b/src/server/http_server.rs
@ -13,15 +13,15 @@ use serde::Serialize;

 use crate::database::models::{Role, UserFullInformation, UserInformation};
 use crate::database::permissions::{
-    ROLE_CREATE_PERM, ROLE_DELETE_PERM, ROLE_UPDATE_PERM, ROLE_VIEW_PERM, USER_UPDATE_PERM,
-    USER_VIEW_PERM,
+    ROLE_CREATE_PERM, ROLE_DELETE_PERM, ROLE_UPDATE_PERM, ROLE_VIEW_PERM, USER_CREATE_PERM,
+    USER_UPDATE_PERM, USER_VIEW_PERM,
 };
 use crate::database::tokens::SessionTokens;
 use crate::database::Database;
 use crate::server::documentation::RESTDocumentation;
 use crate::server::messages::{
-    DeleteRoleResponse, ErrorMessage, FullRoleData, LoginMessage, LogoutConfirmation,
-    LogoutMessage, ModifyRoleRequest, RefreshMessage, UpdateUserRequest,
+    CreateUserRequest, DeleteRoleResponse, ErrorMessage, FullRoleData, LoginMessage,
+    LogoutConfirmation, LogoutMessage, ModifyRoleRequest, RefreshMessage, UpdateUserRequest,
 };
 use crate::utils::error::DBError;
 use crate::utils::get_user_id_from_token;
@ -135,6 +135,9 @@ impl UserHttpServer {
                (GET) (/users) => {
                    Self::get_users(&database, request).unwrap_or_else(HTTPError::into)
                },
+                (POST) (/users/create) => {
+                    Self::create_user(&database, request).unwrap_or_else(HTTPError::into)
+                },
                (POST) (/users/{email: String}/update) => {
                    Self::update_user(&database, request, email).unwrap_or_else(HTTPError::into)
                },
@ -222,6 +225,11 @@ impl UserHttpServer {
            "GET",
            "Returns information for all users",
        )?;
+        doc.add_path::<CreateUserRequest, UserInformation>(
+            "/users/create",
+            "POST",
+            "Creates a new user",
+        )?;

        Ok(doc)
    }
@ -378,6 +386,20 @@ impl UserHttpServer {
        Ok(Response::json(&users))
    }

+    /// Creates a new user
+    fn create_user(database: &Database, request: &Request) -> HTTPResult<Response> {
+        require_permission!(database, request, USER_CREATE_PERM);
+        let message = deserialize_body::<CreateUserRequest>(&request)?;
+        let result = database.users.create_user(
+            message.name.clone(),
+            message.email.clone(),
+            message.password.clone(),
+        )?;
+
+        Ok(Response::json(&UserInformation::from(result)).with_status_code(201))
+    }
+
+    /// Updates the information of a user
    fn update_user(database: &Database, request: &Request, email: String) -> HTTPResult<Response> {
        let (_, id) = validate_request_token(request, database)?;
        let message = deserialize_body::<UpdateUserRequest>(&request)?;
--- a/src/server/messages.rs
+++ b/src/server/messages.rs
@ -128,3 +128,11 @@ pub struct UpdateUserRequest {
    pub password: Option<String>,
    pub own_password: String,
 }
+
+#[derive(Deserialize, JsonSchema, Zeroize)]
+#[zeroize(drop)]
+pub struct CreateUserRequest {
+    pub name: String,
+    pub email: String,
+    pub password: String,
+}