Change admin role and user handling

Change the handling of the default admin role and the default admin user to be assigned roles based on their names instead of their id. Signed-off-by: trivernis <trivernis@protonmail.com>
4 years ago · eb25371670
parent 5affe0e93e
commit eb25371670
4 changed files with 49 additions and 27 deletions
--- a/src/database/mod.rs
+++ b/src/database/mod.rs
@ -21,6 +21,12 @@ pub mod users;
 const DB_CONNECTION_URL: &str = "POSTGRES_CONNECTION_URL";
 const DEFAULT_CONNECTION: &str = "postgres://postgres:postgres@localhost/postgres";

+const DEFAULT_ADMIN_PASSWORD: &str = "flotte-admin";
+const DEFAULT_ADMIN_EMAIL: &str = "admin@flotte-berlin.de";
+const ENV_ADMIN_PASSWORD: &str = "ADMIN_PASSWORD";
+const ENV_ADMIN_EMAIL: &str = "ADMIN_EMAIL";
+const ADMIN_ROLE_NAME: &str = "SUPERADMIN";
+
 pub trait Table {
    fn new(pool: PostgresPool) -> Self;
    fn init(&self) -> DatabaseResult<()>;
@ -59,8 +65,27 @@ impl Database {
        self.permissions.init()?;
        log::info!("Initializing user_roles...");
        self.user_roles.init()?;
-        log::info!("Initializing user_permissions...");
+        log::info!("Initializing role_permissions...");
        self.role_permission.init()?;
+
+        // Create an admin user
+        if let Err(e) = self.users.create_user(
+            "ADMIN".to_string(),
+            dotenv::var(ENV_ADMIN_EMAIL).unwrap_or(DEFAULT_ADMIN_EMAIL.to_string()),
+            dotenv::var(ENV_ADMIN_PASSWORD).unwrap_or(DEFAULT_ADMIN_PASSWORD.to_string()),
+        ) {
+            log::debug!("Failed to create admin user {}", e);
+        } else {
+            log::debug!("Admin user created successfully!");
+        }
+        // Create an admin role where all roles get assigned to by default
+        if let Err(e) = self.roles.create_role(
+            ADMIN_ROLE_NAME.to_string(),
+            Some("System Superadmin".to_string()),
+            Vec::new(),
+        ) {
+            log::debug!("Failed to create admin role {}", e.to_string())
+        }
        log::info!("Database fully initialized!");

        Ok(())
--- a/src/database/permissions.rs
+++ b/src/database/permissions.rs
@ -1,5 +1,5 @@
 use crate::database::models::{CreatePermissionsEntry, Permission};
-use crate::database::{DatabaseResult, PostgresPool, Table};
+use crate::database::{DatabaseResult, PostgresPool, Table, ADMIN_ROLE_NAME};
 use crate::utils::error::DBError;

 #[derive(Clone)]
@ -46,8 +46,19 @@ impl Permissions {
                        "INSERT INTO permissions (name, description) VALUES ($1, $2) RETURNING *;",
                        &[&name, &description],
                    )?;
+                    let permission: Permission = serde_postgres::from_row(&row)?;
+                    if let Err(e) = transaction.execute(
+                        "INSERT INTO role_permissions (role_id, permission_id) VALUES ((SELECT id FROM roles WHERE name = $1), $2)",
+                        &[&ADMIN_ROLE_NAME, &permission.id],
+                    ) {
+                        log::debug!(
+                            "Failed to assign permission {} to ADMIN role: {}",
+                            name,
+                            e.to_string()
+                        )
+                    }

-                    created_permissions.push(serde_postgres::from_row(&row)?);
+                    created_permissions.push(permission);
                } else {
                    created_permissions.push(serde_postgres::from_row(&exists.unwrap())?);
                }
--- a/src/database/roles.rs
+++ b/src/database/roles.rs
@ -1,6 +1,6 @@
 use crate::database::models::Role;
 use crate::database::role_permissions::RolePermissions;
-use crate::database::{DatabaseResult, PostgresPool, Table};
+use crate::database::{DatabaseResult, PostgresPool, Table, DEFAULT_ADMIN_EMAIL, ENV_ADMIN_EMAIL};
 use crate::utils::error::DBError;

 #[derive(Clone)]
@ -18,17 +18,16 @@ impl Table for Roles {
    }

    fn init(&self) -> DatabaseResult<()> {
-        self.pool
-            .get()?
-            .batch_execute(
-                "
+        self.pool.get()?.batch_execute(
+            "
            CREATE TABLE IF NOT EXISTS roles (
            id              SERIAL PRIMARY KEY,
            name            VARCHAR(128) UNIQUE NOT NULL,
            description     VARCHAR(512)
        );",
-            )
-            .map_err(DBError::from)
+        )?;
+
+        Ok(())
    }
 }

@ -46,7 +45,9 @@ impl Roles {
            return Err(DBError::RecordExists);
        }
        log::trace!("Preparing transaction");
+        let admin_email = dotenv::var(ENV_ADMIN_EMAIL).unwrap_or(DEFAULT_ADMIN_EMAIL.to_string());
        let mut transaction = connection.transaction()?;
+
        let result: DatabaseResult<Role> = {
            let row = transaction.query_one(
                "INSERT INTO roles (name, description) VALUES ($1, $2) RETURNING *",
@ -60,8 +61,8 @@ impl Roles {
                )?;
            }
            if let Err(e) = transaction.execute(
-                "INSERT INTO user_roles (user_id, role_id) VALUES ($1, $2)",
-                &[&1, &role.id],
+                "INSERT INTO user_roles (user_id, role_id) VALUES ((SELECT id FROM users WHERE email = $1), $2)",
+                &[&admin_email, &role.id],
            ) {
                log::debug!("Failed to add role to admin user: {}", e);
            }
--- a/src/database/users.rs
+++ b/src/database/users.rs
@ -9,11 +9,6 @@ use parking_lot::Mutex;
 use std::sync::Arc;
 use zeroize::{Zeroize, Zeroizing};

-const DEFAULT_ADMIN_PASSWORD: &str = "flotte-admin";
-const DEFAULT_ADMIN_EMAIL: &str = "admin@flotte-berlin.de";
-const ENV_ADMIN_PASSWORD: &str = "ADMIN_PASSWORD";
-const ENV_ADMIN_EMAIL: &str = "ADMIN_EMAIL";
-
 #[derive(Clone)]
 pub struct Users {
    pool: PostgresPool,
@ -40,16 +35,6 @@ impl Table for Users {
            salt            BYTEA NOT NULL
        );",
        )?;
-        log::debug!("Creating admin user");
-        if let Err(e) = self.create_user(
-            "ADMIN".to_string(),
-            dotenv::var(ENV_ADMIN_EMAIL).unwrap_or(DEFAULT_ADMIN_EMAIL.to_string()),
-            dotenv::var(ENV_ADMIN_PASSWORD).unwrap_or(DEFAULT_ADMIN_PASSWORD.to_string()),
-        ) {
-            log::debug!("Failed to create admin user {}", e);
-        } else {
-            log::debug!("Admin user created successfully!");
-        }

        Ok(())
    }