diff --git a/.env.template b/.env.template
index f2b86fe0f18ed30bb1bb2410f301e339ea194bf4..1771b0ddd7123700a539a873be9ca5d6e5eb230c 100644
--- a/.env.template
+++ b/.env.template
@@ -1,6 +1,7 @@
# Common settings
HOSTNAME=localhost
-ADMIN_ROLE
+ANIMATOR_ROLE=ANIMATORS
+ADMIN_ROLE=ADMINS
DEBUG_MODE
MOCK_OAUTH2
HTTPS_PORT
diff --git a/.gitlab/merge_request_templates/default.md b/.gitlab/merge_request_templates/default.md
index 08706332819a222a9cd57bf3c1bd869015b4be89..228a3db491b55c9360edd17dfe312f7ca0849d50 100644
--- a/.gitlab/merge_request_templates/default.md
+++ b/.gitlab/merge_request_templates/default.md
@@ -1,23 +1,24 @@
-| :triangular_flag_on_post: Give your MR the same name that the desired squash commit. In doubt, check the conventional commit [doc](https://www.conventionalcommits.org/en/v1.0.0/).|
+# Related to #000
+
+| :triangular_flag_on_post: Give your MR title the same name that the desired squash commit. In doubt, check the conventional commit [doc][conventional-commits]. examples |
| --- |
+| **feat(profile)**: add... |
+| **fix(annuaire)**: remove... |
## What does this MR do and why?
_Describe in detail what your merge request does and why._
-| :warning: Keep an up to date checklist based on your icescrum tasks during all the draft phase of the MR to help any other developer who would take the job after you to finish it.|
-| --- |
-
## Screenshots or screen recordings
_These are strongly recommended to assist reviewers and reduce the time to merge your change._
-
## How to set up and validate locally (or on alpha)
_List all steps to set up and validate the changes on local environment._
## MR acceptance checklist
+
_To be completed by the chosen reviewer._
<!---
@@ -27,39 +28,30 @@ More reading on checklists can be found in the "Checklist Manifesto": http://atu
"It is common to misconceive how checklists function in complex lines of work. They are not comprehensive how-to guides, whether for building a skyscraper or getting a plane out of trouble. They are quick and simple tools aimed to buttress the skills of expert professionals." - Gawande, Atul. The Checklist Manifesto
--->
+### Quality [](https://sonarqube.forge.grandlyon.com/dashboard?id=ecolyo-agent-server-mr) [](https://sonarqube.forge.grandlyon.com/dashboard?id=ecolyo-agent-server-mr)
-### Quality
-
-* [ ] Confirmed
-
-1. For the code that this change impacts, I believe that the automated tests validate functionality that is highly important to users. If the existing automated tests do not cover this functionality, I have added the necessary additional tests or I have added an issue to describe the automation testing gap and linked it to this MR.
-1. I have made sure that the sonar quality coverage is up to standards.
-1. I have considered the impact of this change on the front-end, back-end, and database portions of the system where appropriate and applied.
-1. I have tested this MR in all supported browsers or determined that this testing is not needed.
-1. I have confirmed that this change is backwards compatible across updates (migrate up needs a migrate down), or I have decided that this does not apply.
+- For the code that this change impacts, I believe that the **automated tests validate functionality** that is **highly important to users**. If the existing automated tests do not cover this functionality, I have **added the necessary additional tests** or I have added an issue to describe the automation testing gap and linked it to this MR.
+- I have made sure that the **sonar quality coverage is up to standards**.
+- I have **considered the impact** of this change on the **front-end**, **back-end**, and **database** portions of the system where appropriate and applied.
+- I have tested this MR in **all supported browsers** or determined that this testing is not needed.
+- I have confirmed that this change is **backwards compatible** across updates (migrate up needs a migrate down), or I have decided that this does not apply.
### Performance, reliability and availability
-* [ ] Confirmed
-
-1. I am confident that this MR does not harm performance, or I have asked a reviewer to help assess the performance impact.
-1. I have considered the scalability risk based on future predicted growth.
+- I am confident that this MR **does not harm performance**, or I have asked a reviewer to help assess the performance impact.
+- I have considered the **scalability risk** based on future predicted growth.
### Documentation
-* [ ] Confirmed
-
-1. The MR is named after the desired squash commit to feed the changelog linked to the current milestone.
-1. I have added/updated documentation (also updated if the changes feature a deprecation) or I have decided that documentation changes are not needed for this MR.
-
-### Security
+- The MR is named after the **desired squash commit** to feed the changelog linked to the current milestone.
+- I have **added/updated documentation** (also updated if the changes feature a deprecation) or I have decided that documentation changes are not needed for this MR.
-* [ ] Confirmed
+### Security [](https://sonarqube.forge.grandlyon.com/dashboard?id=ecolyo-agent-server-mr)
-1. I have confirmed that if this MR does not contains any sensitive informations hidden in the changes.
+- I have confirmed that if this MR **does not contains any sensitive informations** hidden in the changes.
### Deployment
-* [ ] Confirmed
+- When featured on a self-data project release, I have made sure my **app version** in the manifest and package.json is **incremented** and any relative **changes to the permissions are clearly written and transmitted to Cozy**.
-1. When featured on a self-data project release, i have made sure my app version in the manifest and package.json is incremented and any relative changes to the permissions are clearly written and transmitted to Cozy.
+[conventional-commits]: https://www.conventionalcommits.org/en/v1.0.0/
diff --git a/.vscode/launch.json b/.vscode/launch.json
deleted file mode 100644
index 2fe17c006fe49b7dbaeb3fecc15bc66cf6b7e8e8..0000000000000000000000000000000000000000
--- a/.vscode/launch.json
+++ /dev/null
@@ -1,38 +0,0 @@
-{
- // Utilisez IntelliSense pour en savoir plus sur les attributs possibles.
- // Pointez pour afficher la description des attributs existants.
- // Pour plus d'informations, visitez : https://go.microsoft.com/fwlink/?linkid=830387
- "version": "0.2.0",
- "configurations": [
- {
- "name": "Debug Back-office with Mock OAuth2",
- "type": "go",
- "request": "launch",
- "mode": "debug",
- "program": "${workspaceFolder}/main.go",
- "envFile": "${workspaceFolder}/.env",
- "showLog": true
- },
- {
- "name": "Debug Back-office with Sign&Go",
- "type": "go",
- "request": "launch",
- "mode": "debug",
- "program": "${workspaceFolder}/main.go",
- "env": {
- "REDIRECT_URL": "https://localhost:1443/OAuth2Callback",
- "CLIENT_ID": "<GET ONE FROM YOUR IDP>",
- "CLIENT_SECRET": "<GET ONE FROM YOUR IDP>",
- "AUTH_URL": "https://connexion-rec.grandlyon.fr/IdPOAuth2/authorize/oidc-rec",
- "TOKEN_URL": "https://connexion-rec.grandlyon.fr/IdPOAuth2/token/oidc-rec",
- "USERINFO_URL": "https://connexion-rec.grandlyon.fr/IdPOAuth2/userinfo/oidc-rec",
- "LOGOUT_URL": "https://connexion-rec.grandlyon.fr/auth/logout.jsp",
- "ADMIN_ROLE": "GGD_ORG_DG-DEES-DINSI-DAAG_TOUS",
- "HOSTNAME": "ecolyobackoffice.127.0.0.1.nip.io",
- "DEBUG_MODE": "true",
- "HTTPS_PORT": "1443"
- },
- "showLog": true
- }
- ]
-}
diff --git a/.vscode/settings.json b/.vscode/settings.json
index 5bef7010d562b29263aca212431df54eb8652a7d..11a1978e8b65f62fa6d8ce4f9b7fba81a8f0623b 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -20,6 +20,8 @@
},
"peacock.color": "#32f0ff",
"cSpell.words": [
+ "admininfo",
+ "animatorinfo",
"backoffice",
"ecogesture",
"ecolyo",
diff --git a/docker-compose.deploy.yml b/docker-compose.deploy.yml
deleted file mode 100644
index cff867a3a615c96e95629b90d153003321662020..0000000000000000000000000000000000000000
--- a/docker-compose.deploy.yml
+++ /dev/null
@@ -1,58 +0,0 @@
-version: '3.7'
-services:
- database-agent:
- image: mysql:8
- networks:
- backoffice:
- restart: always
- volumes:
- - /mnt/local/data/ecolyo_agent_mysql_data:/var/lib/mysql
- - ./dbinit:/dbinit
- environment:
- MYSQL_ROOT_PASSWORD: ${DATABASE_PASSWORD}
- MYSQL_DATABASE: ${DATABASE_NAME}
- healthcheck:
- test: mysqladmin ping -h 127.0.0.1 -u root --password=$$MYSQL_ROOT_PASSWORD
- interval: 5s
- timeout: 10s
- retries: 60
-
- backend:
- image: registry.forge.grandlyon.com/web-et-numerique/factory/llle_project/backoffice-server:dev
- networks:
- backoffice:
- nginx-network:
- depends_on:
- database-agent:
- condition: service_healthy
- restart: unless-stopped
- volumes:
- - /etc/localtime:/etc/localtime:ro
- - ./configs:/app/configs
- - ./letsencrypt_cache:/app/letsencrypt_cache
- - ./data:/app/data
- - ./${IMAGE_FOLDER}:/app/${IMAGE_FOLDER}
- expose:
- - ${HTTPS_PORT}
- environment:
- - HOSTNAME=${HOSTNAME}
- - HTTPS_PORT=${HTTPS_PORT}
- - ADMIN_ROLE=${ADMIN_ROLE}
- - REDIRECT_URL=${REDIRECT_URL}
- - CLIENT_ID=${CLIENT_ID}
- - CLIENT_SECRET=${CLIENT_SECRET}
- - AUTH_URL=${AUTH_URL}
- - IMAGE_FOLDER=${IMAGE_FOLDER}
- - MOCK_OAUTH2=${MOCK_OAUTH2}
- - TOKEN_URL=${TOKEN_URL}
- - USERINFO_URL=${USERINFO_URL}
- - DEBUG_MODE=${DEBUG_MODE}
- - DATABASE_USER=${DATABASE_USER}
- - DATABASE_NAME=${DATABASE_NAME}
- - DATABASE_PASSWORD=${DATABASE_PASSWORD}
- - DATABASE_HOST=database-agent
-
-networks:
- backoffice:
- nginx-network:
- external: true
\ No newline at end of file
diff --git a/internal/auth/auth.go b/internal/auth/auth.go
index f4326b6ccdc877ce941a16d4fc864e522ef73ed1..2670382e45bcb5ab9aad6b68a1e57b798888e20b 100644
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -7,9 +7,7 @@ import (
"fmt"
"net"
"net/http"
- "os"
"strings"
- "time"
"forge.grandlyon.com/web-et-numerique/factory/llle_project/backoffice-server/internal/common"
"forge.grandlyon.com/web-et-numerique/factory/llle_project/backoffice-server/internal/tokens"
@@ -24,6 +22,7 @@ const (
)
var (
+ AnimatorRole = common.StringValueFromEnv("ANIMATOR_ROLE", "ANIMATORS")
// AdminRole represents the role reserved for admins
AdminRole = common.StringValueFromEnv("ADMIN_ROLE", "ADMINS")
hostname = common.StringValueFromEnv("HOSTNAME", "ecolyobackoffice.127.0.0.1.nip.io")
@@ -53,12 +52,12 @@ type TokenData struct {
XSRFToken string `json:"xsrftoken,omitempty"`
}
-func AdminAuthMiddleware(next http.Handler) http.Handler {
- return ValidateAuthMiddleware(next, []string{os.Getenv("ADMIN_ROLE")}, true)
+func AnimatorAuthMiddleware(next http.Handler) http.Handler {
+ return ValidateAuthMiddleware(next, []string{AdminRole, AnimatorRole}, true)
}
-func CommonAuthMiddleware(next http.Handler) http.Handler {
- return ValidateAuthMiddleware(next, []string{"*"}, false)
+func AdminAuthMiddleware(next http.Handler) http.Handler {
+ return ValidateAuthMiddleware(next, []string{AdminRole}, true)
}
// ValidateAuthMiddleware validates that the token is valid and that the user has the correct roles
@@ -169,45 +168,6 @@ func checkUserHasRole(user TokenData, allowedRoles []string) error {
return fmt.Errorf("no user role among %v is in allowed roles (%v)", user.Roles, allowedRoles)
}
-//GetShareToken gets a share token for a given ressource
-func GetShareToken(w http.ResponseWriter, r *http.Request) {
- user, err := GetTokenData(r)
- if err != nil {
- http.Error(w, err.Error(), http.StatusBadRequest)
- return
- }
-
- if r.Method != http.MethodPost {
- http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
- return
- }
- var wantedToken struct {
- Sharedfor string `json:"sharedfor"`
- URL string `json:"url"`
- Lifespan int `json:"lifespan"`
- ReadOnly bool `json:"readonly,omitempty"`
- }
- err = json.NewDecoder(r.Body).Decode(&wantedToken)
- if err != nil {
- http.Error(w, err.Error(), http.StatusBadRequest)
- return
- }
- if wantedToken.URL == "" {
- http.Error(w, "url cannot be empty", http.StatusBadRequest)
- return
- }
- user.Login = user.Login + "_share_for_" + wantedToken.Sharedfor
- user.URL = wantedToken.URL
- user.ReadOnly = wantedToken.ReadOnly
- user.SharingUserLogin = wantedToken.Sharedfor
- token, err := tokens.CreateToken(user, time.Now().Add(time.Hour*time.Duration(24*wantedToken.Lifespan)))
- if err != nil {
- http.Error(w, err.Error(), http.StatusBadRequest)
- return
- }
- fmt.Fprint(w, token)
-}
-
// GetTokenData gets an user from a request
func GetTokenData(r *http.Request) (TokenData, error) {
user, ok := r.Context().Value(ContextData).(TokenData)
@@ -216,13 +176,3 @@ func GetTokenData(r *http.Request) (TokenData, error) {
}
return user, nil
}
-
-// isWebdav works out if an user agent is a webdav user agent
-func isWebdav(ua string) bool {
- for _, a := range []string{"vfs", "Microsoft-WebDAV", "Konqueror", "LibreOffice", "Rei.Fs.WebDAV"} {
- if strings.Contains(ua, a) {
- return true
- }
- }
- return false
-}
diff --git a/internal/auth/oauth2.go b/internal/auth/oauth2.go
index 84c03558c6ce0e371805b950a8ed97ebd51ef7a4..423df8eac680bc3d4b740993ceb38eadfb004312 100644
--- a/internal/auth/oauth2.go
+++ b/internal/auth/oauth2.go
@@ -127,7 +127,7 @@ func (m Manager) HandleOAuth2Callback() http.Handler {
}
// Check if user has the correct role
- err = checkUserHasRole(TokenData{User: user}, []string{AdminRole})
+ err = checkUserHasRole(TokenData{User: user}, []string{AdminRole, AnimatorRole})
if err != nil {
// Log the connexion attempt
diff --git a/internal/mocks/mocks.go b/internal/mocks/mocks.go
index f25b70c3241016120cb4b0cd02f9299e0cdc7163..724552d295444b5bbc6b24e095144deb69d79088 100644
--- a/internal/mocks/mocks.go
+++ b/internal/mocks/mocks.go
@@ -36,17 +36,17 @@ func CreateMockOAuth2() *http.ServeMux {
w.Header().Set("Content-Type", "application/x-www-form-urlencoded")
w.Write([]byte("access_token=mocktoken&scope=user&token_type=bearer"))
})
- // Returns userinfo back to the user
- mux.HandleFunc("/userinfo", func(w http.ResponseWriter, r *http.Request) {
+ // Returns userinfo back to the user (with an animator user)
+ mux.HandleFunc("/animatorinfo", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
w.Write([]byte(`{
- "displayName": "Us ER",
+ "displayName": "Anim Ator",
"memberOf": [
- "CN=USERS",
+ "CN=ANIMATORS",
"CN=OTHER_GROUP"
],
"id": "1000",
- "login": "USER"
+ "login": "ANIMATOR"
}`))
})
// Returns userinfo back to the user (with an admin user)
diff --git a/internal/models/customPopup.go b/internal/models/customPopup.go
index 71b32ab2bed81e0c62463a3078733f9770efd303..6e3dd2732ead6106a651fa1d2061967ac7d69b37 100644
--- a/internal/models/customPopup.go
+++ b/internal/models/customPopup.go
@@ -50,7 +50,7 @@ func (dh *DataHandler) GetCustomPopup(w http.ResponseWriter, r *http.Request) {
// @Failure 400 {string} string "Bad Request"
// @Failure 500 {string} string "Internal server error"
// @Param customPopup body CustomPopup true "CustomPopup to create/update with new content"
-// @Router /api/admin/customPopup [put]
+// @Router /api/animator/customPopup [put]
func (dh *DataHandler) SaveCustomPopup(w http.ResponseWriter, r *http.Request) {
if r.Body == http.NoBody {
http.Error(w, "request body is empty", http.StatusBadRequest)
diff --git a/internal/models/mailSubject.go b/internal/models/mailSubject.go
index e9cb8dc60689d58a67b99c00725b61ea3e750a95..c3005a2f841a27b0c0166caddbd13e3f9eb4277d 100644
--- a/internal/models/mailSubject.go
+++ b/internal/models/mailSubject.go
@@ -23,7 +23,7 @@ type MailSubject struct {
// @Failure 404 {string} string "Not found"
// @Param year path int true "Year of the mailSubject"
// @Param month path int true "Month of the mailSubject"
-// @Router /api/admin/mailSubject/{year}/{month} [get]
+// @Router /api/animator/mailSubject/{year}/{month} [get]
func (dh *DataHandler) GetSingleMailSubject(w http.ResponseWriter, r *http.Request) {
year, month, err := common.YearMonthFromRequest(r)
if err != nil {
@@ -54,7 +54,7 @@ func (dh *DataHandler) GetSingleMailSubject(w http.ResponseWriter, r *http.Reque
// @Failure 400 {string} string "Bad Request"
// @Failure 500 {string} string "Internal server error"
// @Param mailSubject body MailSubject true "MailSubject to create/update with new content"
-// @Router /api/admin/mailSubject [put]
+// @Router /api/animator/mailSubject [put]
func (dh *DataHandler) SaveMailSubject(w http.ResponseWriter, r *http.Request) {
if r.Body == http.NoBody {
http.Error(w, "request body is empty", http.StatusBadRequest)
@@ -111,7 +111,7 @@ func (dh *DataHandler) SaveMailSubject(w http.ResponseWriter, r *http.Request) {
// @Failure 404 {string} string "Not found"
// @Param year path int true "Year of the mailSubject"
// @Param month path int true "Month of the mailSubject"
-// @Router /api/admin/mailSubject/{year}/{month} [delete]
+// @Router /api/animator/mailSubject/{year}/{month} [delete]
func (dh *DataHandler) DeleteMailSubject(w http.ResponseWriter, r *http.Request) {
year, month, err := common.YearMonthFromRequest(r)
if err != nil {
diff --git a/internal/models/monthlyInfo.go b/internal/models/monthlyInfo.go
index 32a12ab76aab51be361dff53d7f6d54aed3e8db1..971c9c5f1817b2390b20f350f4b93a2d912607b5 100644
--- a/internal/models/monthlyInfo.go
+++ b/internal/models/monthlyInfo.go
@@ -21,7 +21,7 @@ type MonthlyInfo struct {
// @Tags monthlyInfo
// @Produce json
// @Success 200 {array} MonthlyInfo
-// @Router /api/admin/monthlyInfo [get]
+// @Router /api/animator/monthlyInfo [get]
func (dh *DataHandler) GetAllMonthlyInfo(w http.ResponseWriter, r *http.Request) {
var monthlyInfo []MonthlyInfo
dh.sqlClient.Find(&monthlyInfo)
@@ -40,7 +40,7 @@ func (dh *DataHandler) GetAllMonthlyInfo(w http.ResponseWriter, r *http.Request)
// @Failure 404 {string} string "Not found"
// @Param year path int true "Year of the monthlyInfo"
// @Param month path int true "Month of the monthlyInfo"
-// @Router /api/admin/monthlyInfo/{year}/{month} [get]
+// @Router /api/animator/monthlyInfo/{year}/{month} [get]
func (dh *DataHandler) GetSingleMonthlyInfo(w http.ResponseWriter, r *http.Request) {
year, month, err := common.YearMonthFromRequest(r)
if err != nil {
@@ -71,7 +71,7 @@ func (dh *DataHandler) GetSingleMonthlyInfo(w http.ResponseWriter, r *http.Reque
// @Failure 400 {string} string "Bad Request"
// @Failure 500 {string} string "Internal server error"
// @Param monthlyInfo body MonthlyInfo true "MonthlyInfo to create/update with new content"
-// @Router /api/admin/monthlyInfo [put]
+// @Router /api/animator/monthlyInfo [put]
func (dh *DataHandler) SaveMonthlyInfo(w http.ResponseWriter, r *http.Request) {
if r.Body == http.NoBody {
http.Error(w, "request body is empty", http.StatusBadRequest)
@@ -136,7 +136,7 @@ func (dh *DataHandler) SaveMonthlyInfo(w http.ResponseWriter, r *http.Request) {
// @Failure 404 {string} string "Not found"
// @Param year path int true "Year of the monthlyInfo"
// @Param month path int true "Month of the monthlyInfo"
-// @Router /api/admin/monthlyInfo/{year}/{month} [delete]
+// @Router /api/animator/monthlyInfo/{year}/{month} [delete]
func (dh *DataHandler) DeleteMonthlyInfo(w http.ResponseWriter, r *http.Request) {
year, month, err := common.YearMonthFromRequest(r)
if err != nil {
diff --git a/internal/models/monthlyNews.go b/internal/models/monthlyNews.go
index f352177509b1b1ab22e8e528813377b6962a671c..9bdfdb8dccc79d8d987a558dca771e9463af2be6 100644
--- a/internal/models/monthlyNews.go
+++ b/internal/models/monthlyNews.go
@@ -21,7 +21,7 @@ type MonthlyNews struct {
// @Tags monthlyNews
// @Produce json
// @Success 200 {array} MonthlyNews
-// @Router /api/admin/monthlyNews [get]
+// @Router /api/animator/monthlyNews [get]
func (dh *DataHandler) GetAllMonthlyNews(w http.ResponseWriter, r *http.Request) {
var monthlyNews []MonthlyNews
dh.sqlClient.Find(&monthlyNews)
@@ -40,7 +40,7 @@ func (dh *DataHandler) GetAllMonthlyNews(w http.ResponseWriter, r *http.Request)
// @Failure 404 {string} string "Not found"
// @Param year path int true "Year of the monthlyNews"
// @Param month path int true "Month of the monthlyNews"
-// @Router /api/admin/monthlyNews/{year}/{month} [get]
+// @Router /api/animator/monthlyNews/{year}/{month} [get]
func (dh *DataHandler) GetSingleMonthlyNews(w http.ResponseWriter, r *http.Request) {
year, month, err := common.YearMonthFromRequest(r)
if err != nil {
@@ -71,7 +71,7 @@ func (dh *DataHandler) GetSingleMonthlyNews(w http.ResponseWriter, r *http.Reque
// @Failure 400 {string} string "Bad Request"
// @Failure 500 {string} string "Internal server error"
// @Param monthlyNews body MonthlyNews true "MonthlyNews to create/update with new content"
-// @Router /api/admin/monthlyNews [put]
+// @Router /api/animator/monthlyNews [put]
func (dh *DataHandler) SaveMonthlyNews(w http.ResponseWriter, r *http.Request) {
if r.Body == http.NoBody {
http.Error(w, "request body is empty", http.StatusBadRequest)
@@ -136,7 +136,7 @@ func (dh *DataHandler) SaveMonthlyNews(w http.ResponseWriter, r *http.Request) {
// @Failure 404 {string} string "Not found"
// @Param year path int true "Year of the monthlyNews"
// @Param month path int true "Month of the monthlyNews"
-// @Router /api/admin/monthlyNews/{year}/{month} [delete]
+// @Router /api/animator/monthlyNews/{year}/{month} [delete]
func (dh *DataHandler) DeleteMonthlyNews(w http.ResponseWriter, r *http.Request) {
year, month, err := common.YearMonthFromRequest(r)
if err != nil {
diff --git a/internal/models/partnersInfo.go b/internal/models/partnersInfo.go
index 0a70becfabab3b46177bbe7863ebf9792569fc7f..cdea10aec1770bbba1051ccb1bfd934d8560a007 100644
--- a/internal/models/partnersInfo.go
+++ b/internal/models/partnersInfo.go
@@ -49,7 +49,7 @@ func (dh *DataHandler) GetPartnersInfo(w http.ResponseWriter, r *http.Request) {
// @Failure 400 {string} string "Bad Request"
// @Failure 500 {string} string "Internal server error"
// @Param partnersInfo body PartnersInfo true "PartnersInfo to create/update with new content"
-// @Router /api/admin/partnersInfo [put]
+// @Router /api/animator/partnersInfo [put]
func (dh *DataHandler) SavePartnersInfo(w http.ResponseWriter, r *http.Request) {
if r.Body == http.NoBody {
http.Error(w, "request body is empty", http.StatusBadRequest)
diff --git a/internal/models/poll.go b/internal/models/poll.go
index 3f89d853b1ad607fa92e2807d5565d88b7e756b4..76683a20660ebd17f3b2ae1259062c5aefd636b4 100644
--- a/internal/models/poll.go
+++ b/internal/models/poll.go
@@ -21,7 +21,7 @@ type Poll struct {
// @Tags poll
// @Produce json
// @Success 200 {array} Poll
-// @Router /api/admin/poll [get]
+// @Router /api/animator/poll [get]
func (dh *DataHandler) GetAllPolls(w http.ResponseWriter, r *http.Request) {
var polls []Poll
err := dh.sqlClient.Find(&polls).Error
@@ -44,7 +44,7 @@ func (dh *DataHandler) GetAllPolls(w http.ResponseWriter, r *http.Request) {
// @Failure 404 {string} string "Not found"
// @Param year path int true "Year of the poll"
// @Param month path int true "Month of the poll"
-// @Router /api/admin/poll/{year}/{month} [get]
+// @Router /api/animator/poll/{year}/{month} [get]
func (dh *DataHandler) GetSinglePoll(w http.ResponseWriter, r *http.Request) {
year, month, err := common.YearMonthFromRequest(r)
if err != nil {
@@ -75,7 +75,7 @@ func (dh *DataHandler) GetSinglePoll(w http.ResponseWriter, r *http.Request) {
// @Failure 400 {string} string "Bad Request"
// @Failure 500 {string} string "Internal server error"
// @Param poll body Poll true "Poll to update with new content"
-// @Router /api/admin/poll [put]
+// @Router /api/animator/poll [put]
func (dh *DataHandler) SavePoll(w http.ResponseWriter, r *http.Request) {
if r.Body == http.NoBody {
http.Error(w, "request body is empty", http.StatusBadRequest)
@@ -133,7 +133,7 @@ func (dh *DataHandler) SavePoll(w http.ResponseWriter, r *http.Request) {
// @Failure 404 {string} string "Not found"
// @Param year path int true "Year of the poll"
// @Param month path int true "Month of the poll"
-// @Router /api/admin/poll/{year}/{month} [delete]
+// @Router /api/animator/poll/{year}/{month} [delete]
func (dh *DataHandler) DeletePoll(w http.ResponseWriter, r *http.Request) {
year, month, err := common.YearMonthFromRequest(r)
if err != nil {
diff --git a/internal/models/price.go b/internal/models/price.go
index bfec29b853a928ae9ae444bea541c0bbce9273a8..5503bf185fe55ec3d83bfad7709ba529fb7b9a3c 100644
--- a/internal/models/price.go
+++ b/internal/models/price.go
@@ -72,7 +72,7 @@ func (dh *DataHandler) GetPricesByFluid(w http.ResponseWriter, r *http.Request)
// @Failure 400 {string} string "Bad Request"
// @Failure 500 {string} string "Internal server error"
// @Param price body object true "Price to create/update with new content"
-// @Router /api/admin/price [put]
+// @Router /api/animator/price [put]
func (dh *DataHandler) SavePrice(w http.ResponseWriter, r *http.Request) {
if r.Body == http.NoBody {
http.Error(w, "request body price is empty", http.StatusBadRequest)
diff --git a/internal/rootmux/rootmux.go b/internal/rootmux/rootmux.go
index caf8916f6cf58d8cd4f932556c157a5cb4e402af..04e185c7d855b939f47234e24a144650da8a3d59 100644
--- a/internal/rootmux/rootmux.go
+++ b/internal/rootmux/rootmux.go
@@ -51,8 +51,8 @@ func CreateRootMux() RootMux {
r.Get("/prices/{fluidtype}", dh.GetPricesByFluid)
})
- r.Route("/api/admin", func(r chi.Router) {
- r.Use(auth.AdminAuthMiddleware)
+ r.Route("/api/animator", func(r chi.Router) {
+ r.Use(auth.AnimatorAuthMiddleware)
r.Get("/mailSubject/{year}/{month}", dh.GetSingleMailSubject)
r.Put("/mailSubject", dh.SaveMailSubject)
r.Delete("/mailSubject/{year}/{month}", dh.DeleteMailSubject)
@@ -76,6 +76,10 @@ func CreateRootMux() RootMux {
r.Put("/customPopup", dh.SaveCustomPopup)
r.Get("/imageNames", file.GetEcogestureImages)
r.Put("/prices", dh.SavePrice)
+ })
+
+ r.Route("/api/admin", func(r chi.Router) {
+ r.Use(auth.AdminAuthMiddleware)
r.Get("/consent", dh.SearchConsent)
})
diff --git a/internal/rootmux/rootmux_test.go b/internal/rootmux/rootmux_test.go
index 4b0c1344bedbf05fc51dbe8c96599518c24e778f..9d86529c154af8225060079782a35c89b82b3433 100644
--- a/internal/rootmux/rootmux_test.go
+++ b/internal/rootmux/rootmux_test.go
@@ -45,11 +45,12 @@ func TestMain(m *testing.M) {
// Set the constants with environment variables
os.Setenv("HOSTNAME", "localhost")
+ os.Setenv("ANIMATOR_ROLE", "ANIMATORS")
os.Setenv("ADMIN_ROLE", "ADMINS")
os.Setenv("CLIENT_ID", "foo")
os.Setenv("CLIENT_SECRET", "bar")
os.Setenv("TOKEN_URL", oAuth2Server.URL+"/token")
- os.Setenv("USERINFO_URL", oAuth2Server.URL+"/userinfo")
+ os.Setenv("USERINFO_URL", oAuth2Server.URL+"/animatorinfo")
os.Setenv("LOGOUT_URL", oAuth2Server.URL+"/logout")
os.Setenv("SGE_API_TOKEN", "sgeApiToken")
@@ -82,17 +83,18 @@ func TestMain(m *testing.M) {
}
func TestAll(t *testing.T) {
+ // SGE API tests
+ sgeTests(t)
// Set up testers
os.Setenv("AUTH_URL", oAuth2Server.URL+"/auth-wrong-state") // Set the server to access failing OAuth2 endpoints
oauth2Tests(t)
os.Setenv("AUTH_URL", oAuth2Server.URL+"/auth") // Set the server to access the correct OAuth2Endpoint
unloggedTests(t)
+ os.Setenv("USERINFO_URL", oAuth2Server.URL+"/animatorinfo")
+ animatorTests(t)
os.Setenv("USERINFO_URL", oAuth2Server.URL+"/admininfo")
adminTests(t)
-
- // SGE API tests
- sgeTests(t)
}
/*
@@ -119,7 +121,7 @@ func unloggedTests(t *testing.T) {
defer ts.Close() // Close the tester
// Try to create a monthlyNews (must fail)
- do("PUT", "/api/admin/monthlyNews", noH, monthlyNewsStr, http.StatusUnauthorized, "error extracting token")
+ do("PUT", "/api/animator/monthlyNews", noH, monthlyNewsStr, http.StatusUnauthorized, "error extracting token")
// Try to get a monthlyReport (must fail because no parameters are given)
do("GET", "/api/common/monthlyReport", noH, "", http.StatusBadRequest, "")
// Try to get a monthlyReport (must pass empty)
@@ -130,10 +132,10 @@ func unloggedTests(t *testing.T) {
/*
*
-ADMIN TESTS (this tests are to check that an administrator can edit a newsletter's content)
+ANIMATOR TESTS (these tests are to check that an animator user can edit a newsletter's content but can't access SGE consents)
*
*/
-func adminTests(t *testing.T) {
+func animatorTests(t *testing.T) {
// Create the tester
ts, do, _ := createTester(t)
defer ts.Close() // Close the tester
@@ -144,83 +146,85 @@ func adminTests(t *testing.T) {
json.Unmarshal([]byte(response), &token)
xsrfHeader := map[string]string{"XSRF-TOKEN": token.XSRFToken}
// Try to create a monthlyNews without the XSRF-TOKEN (must fail)
- do("PUT", "/api/admin/monthlyNews", noH, monthlyNewsStr, http.StatusUnauthorized, "XSRF protection triggered")
+ do("PUT", "/api/animator/monthlyNews", noH, monthlyNewsStr, http.StatusUnauthorized, "XSRF protection triggered")
// Try to create a monthlyNews without body (must fail)
- do("PUT", "/api/admin/monthlyNews", xsrfHeader, "", http.StatusBadRequest, "request body is empty")
+ do("PUT", "/api/animator/monthlyNews", xsrfHeader, "", http.StatusBadRequest, "request body is empty")
// Try to get a monthlyNews before it is created (must fail because not found)
- do("GET", "/api/admin/monthlyNews/2021/1", xsrfHeader, "", http.StatusNotFound, "")
+ do("GET", "/api/animator/monthlyNews/2021/1", xsrfHeader, "", http.StatusNotFound, "")
// Try to create a monthlyNews (must pass)
- do("PUT", "/api/admin/monthlyNews", xsrfHeader, monthlyNewsStr, http.StatusCreated, `{"year":2021,"month":1,"title":"Les nouveautés du service","content":"Nouvelles fonctionnalités"`)
+ do("PUT", "/api/animator/monthlyNews", xsrfHeader, monthlyNewsStr, http.StatusCreated, `{"year":2021,"month":1,"title":"Les nouveautés du service","content":"Nouvelles fonctionnalités"`)
// Try to update a monthlyNews (must pass)
- do("PUT", "/api/admin/monthlyNews", xsrfHeader, monthlyNewsStr, http.StatusOK, `{"year":2021,"month":1,"title":"Les nouveautés du service","content":"Nouvelles fonctionnalités"`)
+ do("PUT", "/api/animator/monthlyNews", xsrfHeader, monthlyNewsStr, http.StatusOK, `{"year":2021,"month":1,"title":"Les nouveautés du service","content":"Nouvelles fonctionnalités"`)
// Try to get the monthlyNews created (must pass)
- do("GET", "/api/admin/monthlyNews/2021/1", xsrfHeader, "", http.StatusOK, `{"year":2021,"month":1,"title":"Les nouveautés du service","content":"Nouvelles fonctionnalités"`)
+ do("GET", "/api/animator/monthlyNews/2021/1", xsrfHeader, "", http.StatusOK, `{"year":2021,"month":1,"title":"Les nouveautés du service","content":"Nouvelles fonctionnalités"`)
// Try to get the monthlyReport (must pass)
do("GET", "/api/common/monthlyReport?year=2021&month=1", noH, "", http.StatusOK, `{"year":2021,"month":1,"subject":"[Ecolyo] Votre bilan de décembre 2020","info":"","image":"","newsTitle":"Les nouveautés du service","newsContent":"Nouvelles fonctionnalités","question":"","link":""}`)
// Try to create a poll without the XSRF-TOKEN (must fail)
- do("PUT", "/api/admin/poll", noH, newPollStr, http.StatusUnauthorized, "XSRF protection triggered")
+ do("PUT", "/api/animator/poll", noH, newPollStr, http.StatusUnauthorized, "XSRF protection triggered")
// Try to create a poll without body (must fail)
- do("PUT", "/api/admin/poll", xsrfHeader, "", http.StatusBadRequest, "request body is empty")
+ do("PUT", "/api/animator/poll", xsrfHeader, "", http.StatusBadRequest, "request body is empty")
// Try to get a poll before it is created (must fail because not found')
- do("GET", "/api/admin/poll/2021/1", xsrfHeader, "", http.StatusNotFound, "")
+ do("GET", "/api/animator/poll/2021/1", xsrfHeader, "", http.StatusNotFound, "")
// Try to create a poll (must pass)
- do("PUT", "/api/admin/poll", xsrfHeader, newPollStr, http.StatusCreated, newPollStr)
+ do("PUT", "/api/animator/poll", xsrfHeader, newPollStr, http.StatusCreated, newPollStr)
// Try to update a poll (must pass)
- do("PUT", "/api/admin/poll", xsrfHeader, newPollStr, http.StatusOK, newPollStr)
+ do("PUT", "/api/animator/poll", xsrfHeader, newPollStr, http.StatusOK, newPollStr)
// Try to get the poll created (must pass)
- do("GET", "/api/admin/poll/2021/1", xsrfHeader, "", http.StatusOK, newPollStr)
+ do("GET", "/api/animator/poll/2021/1", xsrfHeader, "", http.StatusOK, newPollStr)
// Try to get the monthlyReport (must pass)
do("GET", "/api/common/monthlyReport?year=2021&month=1", noH, "", http.StatusOK, `{"year":2021,"month":1,"subject":"[Ecolyo] Votre bilan de décembre 2020","info":"","image":"","newsTitle":"Les nouveautés du service","newsContent":"Nouvelles fonctionnalités","question":"pollQuestion","link":"pollLink"}`)
// Try to create a monthlyInfo without the XSRF-TOKEN (must fail)
- do("PUT", "/api/admin/monthlyInfo", noH, monthlyInfoStr, http.StatusUnauthorized, "XSRF protection triggered")
+ do("PUT", "/api/animator/monthlyInfo", noH, monthlyInfoStr, http.StatusUnauthorized, "XSRF protection triggered")
// Try to create a monthlyInfo without body (must fail)
- do("PUT", "/api/admin/monthlyInfo", xsrfHeader, "", http.StatusBadRequest, "request body is empty")
+ do("PUT", "/api/animator/monthlyInfo", xsrfHeader, "", http.StatusBadRequest, "request body is empty")
// Try to get a monthlyInfo before it is created (must fail because not found)
- do("GET", "/api/admin/monthlyInfo/2021/1", xsrfHeader, "", http.StatusNotFound, "")
+ do("GET", "/api/animator/monthlyInfo/2021/1", xsrfHeader, "", http.StatusNotFound, "")
// Try to create a monthlyInfo (must pass)
- do("PUT", "/api/admin/monthlyInfo", xsrfHeader, monthlyInfoStr, http.StatusCreated, monthlyInfoStr)
+ do("PUT", "/api/animator/monthlyInfo", xsrfHeader, monthlyInfoStr, http.StatusCreated, monthlyInfoStr)
// Try to update a monthlyInfo (must pass)
- do("PUT", "/api/admin/monthlyInfo", xsrfHeader, monthlyInfoStr, http.StatusOK, monthlyInfoStr)
+ do("PUT", "/api/animator/monthlyInfo", xsrfHeader, monthlyInfoStr, http.StatusOK, monthlyInfoStr)
// Try to get the monthlyInfo created (must pass)
- do("GET", "/api/admin/monthlyInfo/2021/1", xsrfHeader, "", http.StatusOK, monthlyInfoStr)
+ do("GET", "/api/animator/monthlyInfo/2021/1", xsrfHeader, "", http.StatusOK, monthlyInfoStr)
// Try to get the monthlyReport (must pass)
do("GET", "/api/common/monthlyReport?year=2021&month=1", noH, "", http.StatusOK, `{"year":2021,"month":1,"subject":"[Ecolyo] Votre bilan de décembre 2020","info":"Informations du mois","image":"imagebase64","newsTitle":"Les nouveautés du service","newsContent":"Nouvelles fonctionnalités","question":"pollQuestion","link":"pollLink"`)
// Try to update the partnersInfo (must pass)
- do("PUT", "/api/admin/partnersInfo", xsrfHeader, partnersInfoStr, http.StatusOK, partnersInfoStr)
+ do("PUT", "/api/animator/partnersInfo", xsrfHeader, partnersInfoStr, http.StatusOK, partnersInfoStr)
// Try to get the partnersInfo created (must pass)
do("GET", "/api/common/partnersInfo", xsrfHeader, "", http.StatusOK, partnersInfoStr)
// Try to update the customPopup (must pass)
- do("PUT", "/api/admin/customPopup", xsrfHeader, customPopupStr, http.StatusOK, customPopupStr)
+ do("PUT", "/api/animator/customPopup", xsrfHeader, customPopupStr, http.StatusOK, customPopupStr)
// Try to get the partnersInfo created (must pass)
do("GET", "/api/common/customPopup", xsrfHeader, "", http.StatusOK, customPopupStr)
// Try to delete the monthlyNews created (must pass)
- do("DELETE", "/api/admin/monthlyNews/2021/1", xsrfHeader, "", http.StatusOK, "successful delete")
+ do("DELETE", "/api/animator/monthlyNews/2021/1", xsrfHeader, "", http.StatusOK, "successful delete")
// Try to get a monthlyNews after it is deleted (must fail because not found)
- do("GET", "/api/admin/monthlyNews/2021/1", xsrfHeader, "", http.StatusNotFound, "")
+ do("GET", "/api/animator/monthlyNews/2021/1", xsrfHeader, "", http.StatusNotFound, "")
// Try to create a mail subject (must pass)
- do("PUT", "/api/admin/mailSubject", xsrfHeader, mailSubjectStr, http.StatusCreated, mailSubjectStr)
+ do("PUT", "/api/animator/mailSubject", xsrfHeader, mailSubjectStr, http.StatusCreated, mailSubjectStr)
// Try to get the monthlyReport (must pass)
do("GET", "/api/common/monthlyReport?year=2021&month=1", noH, "", http.StatusOK, `{"year":2021,"month":1,"subject":"[Ecolyo] Newsletter","info":"Informations du mois","image":"imagebase64","newsTitle":"","newsContent":"","question":"pollQuestion","link":"pollLink"`)
// Try to delete the poll created (must pass)
- do("DELETE", "/api/admin/poll/2021/1", xsrfHeader, "", http.StatusOK, "successful delete")
+ do("DELETE", "/api/animator/poll/2021/1", xsrfHeader, "", http.StatusOK, "successful delete")
// Try to get a poll after it is deleted (must fail because not found)
- do("GET", "/api/admin/poll/2021/1", xsrfHeader, "", http.StatusNotFound, "")
+ do("GET", "/api/animator/poll/2021/1", xsrfHeader, "", http.StatusNotFound, "")
// Try to get the monthlyReport (must pass)
do("GET", "/api/common/monthlyReport?year=2021&month=1", noH, "", http.StatusOK, `{"year":2021,"month":1,"subject":"[Ecolyo] Newsletter","info":"Informations du mois","image":"imagebase64","newsTitle":"","newsContent":"","question":"","link":""`)
// Try to delete the mail subject created (must pass)
- do("DELETE", "/api/admin/mailSubject/2021/1", xsrfHeader, "", http.StatusOK, "successful delete")
+ do("DELETE", "/api/animator/mailSubject/2021/1", xsrfHeader, "", http.StatusOK, "successful delete")
// Try to get a mail subject after it is deleted (must fail because not found)
- do("GET", "/api/admin/mailSubject/2021/1", xsrfHeader, "", http.StatusNotFound, "")
+ do("GET", "/api/animator/mailSubject/2021/1", xsrfHeader, "", http.StatusNotFound, "")
// Try to get the monthlyReport (must pass)
do("GET", "/api/common/monthlyReport?year=2021&month=1", noH, "", http.StatusOK, `{"year":2021,"month":1,"subject":"[Ecolyo] Votre bilan de décembre 2020","info":"Informations du mois","image":"imagebase64","newsTitle":"","newsContent":"","question":"","link":""`)
+ // Try to get SGE consents (must fail)
+ do("GET", "/api/admin/consent?limit=50&page=0", xsrfHeader, "", http.StatusForbidden, "no user role among [ANIMATORS OTHER_GROUP] is in allowed roles ([ADMINS])")
}
// Try to login (must pass)
do("GET", "/OAuth2Login", noH, "", http.StatusOK, "")
@@ -229,12 +233,33 @@ func adminTests(t *testing.T) {
// Try to logout (must pass)
do("GET", "/Logout", noH, "", http.StatusOK, "")
// Try to get a monthlyNews again (must fail)
- do("GET", "/api/admin/monthlyNews", noH, "", http.StatusUnauthorized, "error extracting token")
+ do("GET", "/api/animator/monthlyNews", noH, "", http.StatusUnauthorized, "error extracting token")
// Try to get a poll again (must fail)
- do("GET", "/api/admin/poll", noH, "", http.StatusUnauthorized, "error extracting token")
+ do("GET", "/api/animator/poll", noH, "", http.StatusUnauthorized, "error extracting token")
}
+func adminTests(t *testing.T) {
+ // Create the tester
+ ts, do, _ := createTester(t)
+ defer ts.Close() // Close the tester
+
+ // Try to login (must pass)
+ do("GET", "/OAuth2Login", noH, "", http.StatusOK, "")
+ // Get the XSRF Token
+ response := do("GET", "/api/common/WhoAmI", noH, "", http.StatusOK, "")
+ token := auth.TokenData{}
+ json.Unmarshal([]byte(response), &token)
+ xsrfHeader := map[string]string{"XSRF-TOKEN": token.XSRFToken}
+
+ // Try to get SGE consents (must pass)
+ do("GET", "/api/admin/consent?limit=50&page=0", xsrfHeader, "", http.StatusOK, `{"totalRows":2,"rows":[{"ID":2`)
+ // Try to logout (must pass)
+ do("GET", "/Logout", noH, "", http.StatusOK, "")
+ // Try to get SGE consents again (must fail)
+ do("GET", "/api/admin/consent?limit=50&page=0", xsrfHeader, "", http.StatusUnauthorized, "error extracting token")
+}
+
func sgeTests(t *testing.T) {
// Create the tester
ts, do, _ := createTester(t)
@@ -260,25 +285,6 @@ func sgeTests(t *testing.T) {
do("GET", "/api/sge/consent/1", sgeApiHeader, "", http.StatusOK, `{"ID":1`)
// Try to get a consent that doesn't exist (must fail not found)
do("GET", "/api/sge/consent/3", sgeApiHeader, "", http.StatusNotFound, `consent not found`)
-
- // Try to login (must pass)
- do("GET", "/OAuth2Login", noH, "", http.StatusOK, "")
-
- response := do("GET", "/api/common/WhoAmI", noH, "", http.StatusOK, "")
- token := auth.TokenData{}
- json.Unmarshal([]byte(response), &token)
- xsrfHeader := map[string]string{"XSRF-TOKEN": token.XSRFToken}
-
- // Try to get first 50 consents (must pass)
- do("GET", "/api/admin/consent?limit=50&page=0", xsrfHeader, "", http.StatusOK, `{"totalRows":2,"rows":[{"ID":2`)
- // Try to search for both consent (must pass)
- do("GET", "/api/admin/consent?search=123456&limit=50&page=0", xsrfHeader, "", http.StatusOK, `{"totalRows":2,"rows":[{"ID":2`)
- // Try to search for first point id (must pass)
- do("GET", "/api/admin/consent?search=12345671234567&limit=50&page=0", xsrfHeader, "", http.StatusOK, `{"totalRows":1,"rows":[{"ID":1`)
- // Try to search for second point id (must pass)
- do("GET", "/api/admin/consent?search=01234560123456&limit=50&page=0", xsrfHeader, "", http.StatusOK, `{"totalRows":1,"rows":[{"ID":2`)
- // Try to search for unknown point id (must pass empty)
- do("GET", "/api/admin/consent?search=000000&limit=50&page=0", xsrfHeader, "", http.StatusOK, `{"totalRows":0,"rows":[]`)
// Try to delete a consent (must pass)
do("DELETE", "/api/sge/consent/1", sgeApiHeader, "", http.StatusOK, "")
}
diff --git a/k8s/secrets/ecolyo-agent-server-config.yml b/k8s/secrets/ecolyo-agent-server-config.yml
index ad0ac2d852f31477643274919fd4d32bebd634ad..9503f60a184c0409456b4f8f5a8e5945e433a279 100644
--- a/k8s/secrets/ecolyo-agent-server-config.yml
+++ b/k8s/secrets/ecolyo-agent-server-config.yml
@@ -6,6 +6,7 @@ stringData:
# Replace all values between <...>
# All values must be string ex: 1443 => '1443'
ADMIN_ROLE: GG_SNG_ECO
+ ANIMATOR_ROLE: GG_SNG_ECO_ANIM
AUTH_URL: {{AUTH_URL}}
CLIENT_ID: {{CLIENT_ID}}
CLIENT_SECRET: {{CLIENT_SECRET}}