|
|
@ -6,6 +6,8 @@ use crate::database::models::Role;
|
|
|
|
use crate::database::role_permissions::RolePermissions;
|
|
|
|
use crate::database::role_permissions::RolePermissions;
|
|
|
|
use crate::database::{DatabaseResult, PostgresPool, Table, DEFAULT_ADMIN_EMAIL, ENV_ADMIN_EMAIL};
|
|
|
|
use crate::database::{DatabaseResult, PostgresPool, Table, DEFAULT_ADMIN_EMAIL, ENV_ADMIN_EMAIL};
|
|
|
|
use crate::utils::error::DBError;
|
|
|
|
use crate::utils::error::DBError;
|
|
|
|
|
|
|
|
use std::collections::HashSet;
|
|
|
|
|
|
|
|
use std::iter::FromIterator;
|
|
|
|
|
|
|
|
|
|
|
|
/// The role table that stores
|
|
|
|
/// The role table that stores
|
|
|
|
/// all defined roles
|
|
|
|
/// all defined roles
|
|
|
@ -48,68 +50,39 @@ impl Roles {
|
|
|
|
description: Option<String>,
|
|
|
|
description: Option<String>,
|
|
|
|
permissions: Vec<i32>,
|
|
|
|
permissions: Vec<i32>,
|
|
|
|
) -> DatabaseResult<Role> {
|
|
|
|
) -> DatabaseResult<Role> {
|
|
|
|
|
|
|
|
let permissions: HashSet<i32> = HashSet::from_iter(permissions.into_iter());
|
|
|
|
let mut connection = self.pool.get()?;
|
|
|
|
let mut connection = self.pool.get()?;
|
|
|
|
let exists = connection.query_opt("SELECT id FROM roles WHERE name = $1", &[&name])?;
|
|
|
|
let exists = connection.query_opt("SELECT id FROM roles WHERE name = $1", &[&name])?;
|
|
|
|
|
|
|
|
|
|
|
|
if exists.is_some() {
|
|
|
|
if exists.is_some() {
|
|
|
|
return Err(DBError::RecordExists);
|
|
|
|
return Err(DBError::RecordExists);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
let permissions_exist = connection.query(
|
|
|
|
|
|
|
|
"SELECT id FROM permissions WHERE permissions.id = ANY ($1)",
|
|
|
|
|
|
|
|
&[&permissions],
|
|
|
|
|
|
|
|
)?;
|
|
|
|
|
|
|
|
if permissions_exist.len() != permissions.len() {
|
|
|
|
|
|
|
|
return Err(DBError::GenericError(format!(
|
|
|
|
|
|
|
|
"Not all provided permissions exist! Existing permissions: {:?}",
|
|
|
|
|
|
|
|
permissions_exist
|
|
|
|
|
|
|
|
.iter()
|
|
|
|
|
|
|
|
.map(|row| -> i32 { row.get(0) })
|
|
|
|
|
|
|
|
.collect::<Vec<i32>>()
|
|
|
|
|
|
|
|
)));
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
log::trace!("Preparing transaction");
|
|
|
|
log::trace!("Preparing transaction");
|
|
|
|
let admin_email = dotenv::var(ENV_ADMIN_EMAIL).unwrap_or(DEFAULT_ADMIN_EMAIL.to_string());
|
|
|
|
let admin_email = dotenv::var(ENV_ADMIN_EMAIL).unwrap_or(DEFAULT_ADMIN_EMAIL.to_string());
|
|
|
|
let mut transaction = connection.transaction()?;
|
|
|
|
let mut transaction = connection.transaction()?;
|
|
|
|
|
|
|
|
|
|
|
|
let result: DatabaseResult<Role> = {
|
|
|
|
let row = transaction.query_one(
|
|
|
|
let row = transaction.query_one(
|
|
|
|
"INSERT INTO roles (name, description) VALUES ($1, $2) RETURNING *",
|
|
|
|
"INSERT INTO roles (name, description) VALUES ($1, $2) RETURNING *",
|
|
|
|
&[&name, &description],
|
|
|
|
&[&name, &description],
|
|
|
|
)?;
|
|
|
|
|
|
|
|
let role: Role = serde_postgres::from_row(&row)?;
|
|
|
|
|
|
|
|
for permission in permissions {
|
|
|
|
|
|
|
|
transaction.execute(
|
|
|
|
|
|
|
|
"INSERT INTO role_permissions (role_id, permission_id) VALUES ($1, $2);",
|
|
|
|
|
|
|
|
&[&role.id, &permission],
|
|
|
|
)?;
|
|
|
|
)?;
|
|
|
|
let role: Role = serde_postgres::from_row(&row)?;
|
|
|
|
|
|
|
|
for permission in permissions {
|
|
|
|
|
|
|
|
transaction.execute(
|
|
|
|
|
|
|
|
"INSERT INTO role_permissions (role_id, permission_id) VALUES ($1, $2);",
|
|
|
|
|
|
|
|
&[&role.id, &permission],
|
|
|
|
|
|
|
|
)?;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if let Err(e) = transaction.execute(
|
|
|
|
|
|
|
|
"INSERT INTO user_roles (user_id, role_id) VALUES ((SELECT id FROM users WHERE email = $1), $2)",
|
|
|
|
|
|
|
|
&[&admin_email, &role.id],
|
|
|
|
|
|
|
|
) {
|
|
|
|
|
|
|
|
log::debug!("Failed to add role to admin user: {}", e);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Ok(role)
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
match result {
|
|
|
|
|
|
|
|
Err(e) => {
|
|
|
|
|
|
|
|
log::warn!("Failed to create role {}: {}", name, e);
|
|
|
|
|
|
|
|
log::trace!("Rolling back...");
|
|
|
|
|
|
|
|
transaction.rollback()?;
|
|
|
|
|
|
|
|
log::trace!("Rolled back!");
|
|
|
|
|
|
|
|
Err(e)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
Ok(role) => {
|
|
|
|
|
|
|
|
log::debug!("Successfully created role {} with id {}", name, role.id);
|
|
|
|
|
|
|
|
log::trace!("Committing...");
|
|
|
|
|
|
|
|
transaction.commit()?;
|
|
|
|
|
|
|
|
log::trace!("Committed!");
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Ok(role)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if let Err(e) = transaction.execute(
|
|
|
|
|
|
|
|
"INSERT INTO user_roles (user_id, role_id) VALUES ((SELECT id FROM users WHERE email = $1), $2)",
|
|
|
|
|
|
|
|
&[&admin_email, &role.id],
|
|
|
|
|
|
|
|
) {
|
|
|
|
|
|
|
|
log::debug!("Failed to add role to admin user: {}", e);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
transaction.commit()?;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Ok(role)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/// Returns information for a role
|
|
|
|
/// Returns information for a role
|
|
|
@ -136,4 +109,50 @@ impl Roles {
|
|
|
|
|
|
|
|
|
|
|
|
Ok(roles)
|
|
|
|
Ok(roles)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
pub fn update_role(
|
|
|
|
|
|
|
|
&self,
|
|
|
|
|
|
|
|
name: String,
|
|
|
|
|
|
|
|
description: Option<String>,
|
|
|
|
|
|
|
|
permissions: Vec<i32>,
|
|
|
|
|
|
|
|
) -> DatabaseResult<Role> {
|
|
|
|
|
|
|
|
let permissions = HashSet::from_iter(permissions.into_iter());
|
|
|
|
|
|
|
|
let mut connection = self.pool.get()?;
|
|
|
|
|
|
|
|
let mut transaction = connection.transaction()?;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
let id: i32 = transaction
|
|
|
|
|
|
|
|
.query_opt("SELECT id FROM roles WHERE name = $1", &[&name])?
|
|
|
|
|
|
|
|
.ok_or(DBError::RecordDoesNotExist)?
|
|
|
|
|
|
|
|
.get(0);
|
|
|
|
|
|
|
|
let update_result = transaction.query_one(
|
|
|
|
|
|
|
|
"UPDATE roles SET description = $2 WHERE id = $1 RETURNING *",
|
|
|
|
|
|
|
|
&[&id, &description],
|
|
|
|
|
|
|
|
)?;
|
|
|
|
|
|
|
|
let current_permissions = transaction
|
|
|
|
|
|
|
|
.query(
|
|
|
|
|
|
|
|
"SELECT permission_id from role_permissions WHERE role_id = $1",
|
|
|
|
|
|
|
|
&[&id],
|
|
|
|
|
|
|
|
)?
|
|
|
|
|
|
|
|
.into_iter()
|
|
|
|
|
|
|
|
.map(|r| -> i32 { r.get(0) })
|
|
|
|
|
|
|
|
.collect::<HashSet<i32>>();
|
|
|
|
|
|
|
|
let new_permissions = permissions.difference(¤t_permissions);
|
|
|
|
|
|
|
|
let deleted_permissions = current_permissions.difference(&permissions);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
for new in new_permissions {
|
|
|
|
|
|
|
|
transaction.query(
|
|
|
|
|
|
|
|
"INSERT INTO role_permissions (role_id, permission_id) VALUES ($1, $2)",
|
|
|
|
|
|
|
|
&[&id, new],
|
|
|
|
|
|
|
|
)?;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
for deleted in deleted_permissions {
|
|
|
|
|
|
|
|
transaction.query(
|
|
|
|
|
|
|
|
"DELETE FROM role_permissions WHERE role_id = $1 AND permission_id = $2",
|
|
|
|
|
|
|
|
&[&id, deleted],
|
|
|
|
|
|
|
|
)?;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
transaction.commit()?;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Ok(serde_postgres::from_row::<Role>(&update_result)?)
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|