Commit 1437609c authored by Alexis POYEN's avatar Alexis POYEN
Browse files

Merge branch 'web-interface' into 'master'

Web interface

See merge request apoyen/sdk-go!1
parents 9e8d7792 1d27804d
Pipeline #5079 passed with stages
in 3 minutes and 25 seconds
vestibule
__debug_bin
miscellaneous/mock_onlyoffice/data
data
\ No newline at end of file
No preview for this file type
No preview for this file type
......@@ -10,6 +10,9 @@ import (
"github.com/nicolaspernoud/vestibule/pkg/middlewares"
)
const literralContentType = "Content-Type"
const literralApplicationJson = "application/json"
var (
hostname = os.Getenv("HOSTNAME")
port string
......@@ -38,12 +41,12 @@ func CreateMockOAuth2() *http.ServeMux {
// Returns access token back to the user
mux.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/x-www-form-urlencoded")
w.Header().Set(literralContentType, "application/x-www-form-urlencoded")
w.Write([]byte("access_token=mocktoken&scope=user&token_type=bearer"))
})
// Returns userinfo back to the user
mux.HandleFunc("/userinfo", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
w.Header().Set(literralContentType, literralApplicationJson)
w.Write([]byte(`{
"displayName": "Us ER",
"memberOf": [
......@@ -56,7 +59,7 @@ func CreateMockOAuth2() *http.ServeMux {
})
// Returns userinfo back to the user (with an admin user)
mux.HandleFunc("/admininfo", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
w.Header().Set(literralContentType, literralApplicationJson)
w.Write([]byte(`{
"displayName": "Ad MIN",
"memberOf": [
......@@ -82,7 +85,7 @@ func CreateMockAPI() *http.ServeMux {
frameSource := "https://static." + hostname + ":" + port
mux.Handle("/", middlewares.Cors(func() http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
w.Header().Set(literralContentType, literralApplicationJson)
w.Write([]byte(`{
"foo": "bar",
"bar": "foo"
......
......@@ -16,128 +16,228 @@ func (d *DataHandler) HandleBankAccounts(w http.ResponseWriter, r *http.Request)
case "GET":
switch auth.GetLoggedUserTechnical(w, r).Role {
case "ADMIN":
if id != 0 {
var o BankAccount
if err := d.db.Preload("Operations").First(&o, id).Error; err != nil {
http.Error(w, "id does not exist", http.StatusNotFound)
return
}
json.NewEncoder(w).Encode(o)
} else {
var o []BankAccount
d.db.Preload("Operations").Find(&o)
json.NewEncoder(w).Encode(o)
}
d.getBankAccountAdmin(w, r, id)
case "BANKER":
user := d.getLoggedUser(w, r).(UserBanker)
if id != 0 {
var o BankAccount
if err := d.db.Preload("Operations").First(&o, id).Error; err != nil {
http.Error(w, "id does not exist", http.StatusNotFound)
return
}
// Check that the bank account belong to a one of the banker's client
var userClient UserClient
if err := d.db.Where("id = ? and user_banker_id = ?", o.UserClientID, user.ID).First(&userClient).Error; err != nil {
http.Error(w, "You can not access this ressource", http.StatusForbidden)
return
}
json.NewEncoder(w).Encode(o)
} else {
var o []BankAccount
d.db.Preload("Operations").Where("user_client_id IN (?)", d.db.Table("user_clients").Select("id").Where("user_banker_id = ?", user.ID).QueryExpr()).Find(&o)
json.NewEncoder(w).Encode(o)
}
d.getBankAccountBanker(w, r, id)
case "CLIENT":
user := d.getLoggedUser(w, r).(UserClient)
if id != 0 {
var o BankAccount
if err := d.db.Preload("Operations").Where("id = ? AND user_client_id = ?", id, user.ID).First(&o).Error; err != nil {
http.Error(w, "You can not access this ressource", http.StatusForbidden)
return
}
json.NewEncoder(w).Encode(o)
} else {
var o []BankAccount
d.db.Preload("Operations").Where("user_client_id = ?", user.ID).Find(&o)
json.NewEncoder(w).Encode(o)
}
d.getBankAccountClient(w, r, id)
default:
http.Error(w, "Could not get role of logged user", http.StatusInternalServerError)
http.Error(w, ErrorRoleOfLoggedUser, http.StatusInternalServerError)
}
case "POST":
switch auth.GetLoggedUserTechnical(w, r).Role {
case "ADMIN":
var o BankAccount
err := json.NewDecoder(r.Body).Decode(&o)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
if o.UserClientID != 0 {
d.db.Create(&o)
} else {
http.Error(w, "id of UserClient is missing", http.StatusNotFound)
}
d.postBankAccountAdmin(w, r, id)
case "BANKER":
user := d.getLoggedUser(w, r).(UserBanker)
var o BankAccount
err := json.NewDecoder(r.Body).Decode(&o)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
if o.UserClientID != 0 {
var userClient UserClient
if err := d.db.Where("id = ? and user_banker_id = ?", o.UserClientID, user.ID).First(&userClient).Error; err != nil {
http.Error(w, "You can not access this ressource", http.StatusForbidden)
return
}
d.db.Create(&o)
} else {
http.Error(w, "id of UserClient is missing", http.StatusNotFound)
}
d.postBankAccountBanker(w, r, id)
case "CLIENT":
http.Error(w, "You're not authorize to execute this method on this ressource.", http.StatusMethodNotAllowed)
d.postBankAccountClient(w, r, id)
default:
http.Error(w, "Could not get role of logged user", http.StatusInternalServerError)
http.Error(w, ErrorRoleOfLoggedUser, http.StatusInternalServerError)
}
case "PUT":
switch auth.GetLoggedUserTechnical(w, r).Role {
case "ADMIN":
d.putBankAccountAdmin(w, r, id)
case "BANKER":
d.putBankAccountBanker(w, r, id)
case "CLIENT":
d.putBankAccountClient(w, r, id)
default:
http.Error(w, ErrorRoleOfLoggedUser, http.StatusInternalServerError)
}
case "DELETE":
switch auth.GetLoggedUserTechnical(w, r).Role {
case "ADMIN":
if id != 0 {
var o BankAccount
if err := d.db.First(&o, id).Error; err != nil {
http.Error(w, "id does not exist", http.StatusNotFound)
return
}
d.db.Delete(&o)
} else {
http.Error(w, "id is missing", http.StatusNotFound)
}
d.deleteBankAccountAdmin(w, r, id)
case "BANKER":
user := d.getLoggedUser(w, r).(UserBanker)
if id != 0 {
var o BankAccount
if err := d.db.First(&o, id).Error; err != nil {
http.Error(w, "id does not exist", http.StatusNotFound)
return
}
var userClient UserClient
if err := d.db.Where("id = ? and user_banker_id = ?", o.UserClientID, user.ID).First(&userClient).Error; err != nil {
http.Error(w, "You can not access this ressource", http.StatusForbidden)
return
}
d.db.Delete(&o)
} else {
http.Error(w, "id is missing", http.StatusNotFound)
}
d.deleteBankAccountBanker(w, r, id)
case "CLIENT":
http.Error(w, "You're not authorize to execute this method on this ressource.", http.StatusMethodNotAllowed)
d.deleteBankAccountClient(w, r, id)
default:
http.Error(w, "Could not get role of logged user", http.StatusInternalServerError)
http.Error(w, ErrorRoleOfLoggedUser, http.StatusInternalServerError)
}
default:
http.Error(w, "method not allowed", 400)
}
}
func (d *DataHandler) getBankAccountAdmin(w http.ResponseWriter, r *http.Request, id int) {
if id != 0 {
var o BankAccount
if err := d.db.Preload("Operations").First(&o, id).Error; err != nil {
http.Error(w, ErrorIDDoesNotExist, http.StatusNotFound)
return
}
json.NewEncoder(w).Encode(o)
} else {
var o []BankAccount
d.db.Preload("Operations").Find(&o)
json.NewEncoder(w).Encode(o)
}
}
func (d *DataHandler) getBankAccountBanker(w http.ResponseWriter, r *http.Request, id int) {
user := d.getLoggedUser(w, r).(UserBanker)
if id != 0 {
var o BankAccount
if err := d.db.Preload("Operations").First(&o, id).Error; err != nil {
http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
return
}
// Check that the bank account belong to a one of the banker's client
var userClient UserClient
if err := d.db.Where(reqIDAndBankerID, o.UserClientID, user.ID).First(&userClient).Error; err != nil {
http.Error(w, ErrorCannotAccessRessource, http.StatusForbidden)
return
}
json.NewEncoder(w).Encode(o)
} else {
var o []BankAccount
d.db.Preload("Operations").Where("user_client_id IN (?)", d.db.Table("user_clients").Select("id").Where("user_banker_id = ?", user.ID).QueryExpr()).Find(&o)
json.NewEncoder(w).Encode(o)
}
}
func (d *DataHandler) getBankAccountClient(w http.ResponseWriter, r *http.Request, id int) {
user := d.getLoggedUser(w, r).(UserClient)
if id != 0 {
var o BankAccount
if err := d.db.Preload("Operations").Where("id = ? AND user_client_id = ?", id, user.ID).First(&o).Error; err != nil {
http.Error(w, ErrorCannotAccessRessource, http.StatusForbidden)
return
}
json.NewEncoder(w).Encode(o)
} else {
var o []BankAccount
d.db.Preload("Operations").Where("user_client_id = ?", user.ID).Find(&o)
json.NewEncoder(w).Encode(o)
}
}
func (d *DataHandler) postBankAccountAdmin(w http.ResponseWriter, r *http.Request, id int) {
var o BankAccount
err := json.NewDecoder(r.Body).Decode(&o)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
if o.UserClientID == 0 {
http.Error(w, ErrorUserIDIsMissing, http.StatusInternalServerError)
}
d.db.Create(&o)
d.db.Last(&o)
json.NewEncoder(w).Encode(o)
}
func (d *DataHandler) postBankAccountBanker(w http.ResponseWriter, r *http.Request, id int) {
user := d.getLoggedUser(w, r).(UserBanker)
var o BankAccount
err := json.NewDecoder(r.Body).Decode(&o)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
if o.UserClientID == 0 {
http.Error(w, ErrorUserIDIsMissing, http.StatusInternalServerError)
}
var userClient UserClient
if err := d.db.Where(reqIDAndBankerID, o.UserClientID, user.ID).First(&userClient).Error; err != nil {
http.Error(w, ErrorCannotAccessRessource, http.StatusForbidden)
return
}
d.db.Create(&o)
d.db.Last(&o)
json.NewEncoder(w).Encode(o)
}
func (d *DataHandler) postBankAccountClient(w http.ResponseWriter, r *http.Request, id int) {
http.Error(w, ErrorNotAuthorizeMethodOnRessource, http.StatusMethodNotAllowed)
}
func (d *DataHandler) putBankAccountAdmin(w http.ResponseWriter, r *http.Request, id int) {
var o BankAccount
if err := d.db.Preload("Operations").First(&o, id).Error; err != nil {
http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
return
}
var bankAccount BankAccount
err := json.NewDecoder(r.Body).Decode(&bankAccount)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
o.BankOverdraft = bankAccount.BankOverdraft
o.Type = bankAccount.Type
if o.UserClientID == 0 {
http.Error(w, ErrorUserIDIsMissing, http.StatusInternalServerError)
}
d.db.Save(&o)
json.NewEncoder(w).Encode(o)
}
func (d *DataHandler) putBankAccountBanker(w http.ResponseWriter, r *http.Request, id int) {
user := d.getLoggedUser(w, r).(UserBanker)
var o BankAccount
if err := d.db.Preload("Operations").First(&o, id).Error; err != nil {
http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
return
}
var bankAccount BankAccount
err := json.NewDecoder(r.Body).Decode(&bankAccount)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
o.BankOverdraft = bankAccount.BankOverdraft
o.Type = bankAccount.Type
if o.UserClientID == 0 {
http.Error(w, ErrorUserIDIsMissing, http.StatusInternalServerError)
}
var userClient UserClient
if err := d.db.Where(reqIDAndBankerID, o.UserClientID, user.ID).First(&userClient).Error; err != nil {
http.Error(w, ErrorCannotAccessRessource, http.StatusForbidden)
return
}
d.db.Save(&o)
json.NewEncoder(w).Encode(o)
}
func (d *DataHandler) putBankAccountClient(w http.ResponseWriter, r *http.Request, id int) {
http.Error(w, ErrorNotAuthorizeMethodOnRessource, http.StatusMethodNotAllowed)
}
func (d *DataHandler) deleteBankAccountAdmin(w http.ResponseWriter, r *http.Request, id int) {
if id != 0 {
var o BankAccount
if err := d.db.First(&o, id).Error; err != nil {
http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
return
}
d.db.Delete(&o)
} else {
http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
}
}
func (d *DataHandler) deleteBankAccountBanker(w http.ResponseWriter, r *http.Request, id int) {
user := d.getLoggedUser(w, r).(UserBanker)
if id != 0 {
var o BankAccount
if err := d.db.First(&o, id).Error; err != nil {
http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
return
}
var userClient UserClient
if err := d.db.Where(reqIDAndBankerID, o.UserClientID, user.ID).First(&userClient).Error; err != nil {
http.Error(w, ErrorCannotAccessRessource, http.StatusForbidden)
return
}
d.db.Delete(&o)
} else {
http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
}
}
func (d *DataHandler) deleteBankAccountClient(w http.ResponseWriter, r *http.Request, id int) {
http.Error(w, ErrorNotAuthorizeMethodOnRessource, http.StatusMethodNotAllowed)
}
......@@ -16,89 +16,159 @@ func (d *DataHandler) HandleBankers(w http.ResponseWriter, r *http.Request) {
case "GET":
switch auth.GetLoggedUserTechnical(w, r).Role {
case "ADMIN":
if id != 0 {
var o UserBanker
if err := d.db.Preload("UserClients").Where("id = ?", id).First(&o).Error; err != nil {
http.Error(w, "id does not exist", http.StatusNotFound)
return
}
json.NewEncoder(w).Encode(o)
} else {
var o []UserBanker
d.db.Preload("UserClients").Find(&o)
json.NewEncoder(w).Encode(o)
}
d.getBankerAdmin(w, r, id)
case "BANKER":
user := d.getLoggedUser(w, r).(UserBanker)
if id != 0 {
var o UserBanker
if err := d.db.Preload("UserClients").Where("id = ?", id).First(&o).Error; err != nil {
http.Error(w, "id does not exist", http.StatusNotFound)
return
}
if o.ID != user.ID {
http.Error(w, "You can not access this ressource", http.StatusForbidden)
return
}
json.NewEncoder(w).Encode(o)
} else {
http.Error(w, "You can not access this ressource", http.StatusForbidden)
}
d.getBankerBanker(w, r, id)
case "CLIENT":
user := d.getLoggedUser(w, r).(UserClient)
if id != 0 && int(user.ID) == id {
var userClient UserClient
if err := d.db.Where("user_id = ?", user.ID).First(&userClient).Error; err != nil {
http.Error(w, "id does not exist", http.StatusNotFound)
return
}
var o UserBanker
if err := d.db.Where("id = ?", userClient.UserBankerID).First(&o).Error; err != nil {
http.Error(w, "id does not exist", http.StatusNotFound)
return
}
json.NewEncoder(w).Encode(o)
} else {
http.Error(w, "You can not access this ressource", http.StatusForbidden)
}
d.getBankerClient(w, r, id)
default:
http.Error(w, "Could not get role of logged user", http.StatusInternalServerError)
http.Error(w, ErrorRoleOfLoggedUser, http.StatusInternalServerError)
}
case "POST":
switch auth.GetLoggedUserTechnical(w, r).Role {
case "ADMIN":
var o UserBanker
err := json.NewDecoder(r.Body).Decode(&o)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
d.db.Create(&o)
d.postBankerAdmin(w, r, id)
case "BANKER", "CLIENT":
http.Error(w, "You're not authorize to execute this method on this ressource.", http.StatusMethodNotAllowed)
d.postBankerClient(w, r, id)
default:
http.Error(w, "Could not get role of logged user", http.StatusInternalServerError)
http.Error(w, ErrorRoleOfLoggedUser, http.StatusInternalServerError)
}
case "PUT":
switch auth.GetLoggedUserTechnical(w, r).Role {
case "ADMIN":
d.putBankerAdmin(w, r, id)
case "BANKER", "CLIENT":
d.putBankerClient(w, r, id)
default:
http.Error(w, ErrorRoleOfLoggedUser, http.StatusInternalServerError)
}
case "DELETE":
switch auth.GetLoggedUserTechnical(w, r).Role {
case "ADMIN":
if id != 0 {
var o UserBanker
if err := d.db.First(&o, id).Error; err != nil {
http.Error(w, "id does not exist", http.StatusNotFound)
return
}
d.db.Delete(&o)
} else {
http.Error(w, "id is missing", http.StatusNotFound)
}
d.deleteBankerAdmin(w, r, id)
case "BANKER", "CLIENT":
http.Error(w, "You're not authorize to execute this method on this ressource.", http.StatusMethodNotAllowed)
d.deleteBankerClient(w, r, id)
default:
http.Error(w, "Could not get role of logged user", http.StatusInternalServerError)
http.Error(w, ErrorRoleOfLoggedUser, http.StatusInternalServerError)
}
default:
http.Error(w, "method not allowed", 400)
}
}
func (d *DataHandler) getBankerAdmin(w http.ResponseWriter, r *http.Request, id int) {
if id != 0 {
var o UserBanker
if err := d.db.Preload("UserClients").Where(reqID, id).First(&o).Error; err != nil {
http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
return
}
json.NewEncoder(w).Encode(o)
} else {
var o []UserBanker
d.db.Preload("UserClients").Find(&o)
json.NewEncoder(w).Encode(o)
}
}
func (d *DataHandler) getBankerBanker(w http.ResponseWriter, r *http.Request, id int) {
user := d.getLoggedUser(w, r).(UserBanker)
if id != 0 {
var o UserBanker
if err := d.db.Preload("UserClients").Where(reqID, id).First(&o).Error; err != nil {
http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
return
}
if o.ID != user.ID {
http.Error(w, ErrorCannotAccessRessource, http.StatusForbidden)
return
}
json.NewEncoder(w).Encode(o)
} else {
http.Error(w, ErrorCannotAccessRessource, http.StatusForbidden)
}
}
func (d *DataHandler) getBankerClient(w http.ResponseWriter, r *http.Request, id int) {
user := d.getLoggedUser(w, r).(UserClient)
if id != 0 && int(user.ID) == id {
var userClient UserClient
if err := d.db.Where(reqUserID, user.ID).First(&userClient).Error; err != nil {
http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
return
}
var o UserBanker
if err := d.db.Where(reqID, userClient.UserBankerID).First(&o).Error; err != nil {
http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
return
}
json.NewEncoder(w).Encode(o)
} else {
http.Error(w, ErrorCannotAccessRessource, http.StatusForbidden)
}
}
func (d *DataHandler) postBankerAdmin(w http.ResponseWriter, r *http.Request, id int) {
var o UserBanker
err := json.NewDecoder(r.Body).Decode(&o)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
// check userID is not already present in DB
var client UserClient
if err := d.db.Where(reqUserID, o.UserID).First(&client).Error; err == nil {
http.Error(w, "UserID is already bind to a Client", http.StatusNotFound)
return
}
var banker UserBanker
if err := d.db.Where(reqUserID, o.UserID).First(&banker).Error; err == nil {
http.Error(w, "UserID is already bind to a Banker", http.StatusNotFound)
return
}
d.db.Create(&o)
d.db.Last(&o)
json.NewEncoder(w).Encode(o)
}
func (d *DataHandler) postBankerClient(w http.ResponseWriter, r *http.Request, id int) {
http.Error(w, ErrorNotAuthorizeMethodOnRessource, http.StatusMethodNotAllowed)
}
func (d *DataHandler) putBankerAdmin(w http.ResponseWriter, r *http.Request, id int) {
var o UserBanker
if err := d.db.Preload("UserClients").Where(reqID, id).First(&o).Error; err != nil {
http.Error(w, ErrorIDIsMissing, http.StatusNotFound)