// Updates or creates a principal from a PrincipalConfig structure.
func updatePrincipal(dbc *db.DatabaseContext, newInfo PrincipalConfig, isUser bool, allowReplace bool) (replaced bool, err error) {
// Get the existing principal, or if this is a POST make sure there isn't one:
var princ auth.Principal
var user auth.User
authenticator := dbc.Authenticator()
if isUser {
user, err = authenticator.GetUser(internalUserName(*newInfo.Name))
princ = user
} else {
princ, err = authenticator.GetRole(*newInfo.Name)
}
if err != nil {
return
}
replaced = (princ != nil)
if !replaced {
// If user/role didn't exist already, instantiate a new one:
if isUser {
user, err = authenticator.NewUser(internalUserName(*newInfo.Name), "", nil)
princ = user
} else {
princ, err = authenticator.NewRole(*newInfo.Name, nil)
}
if err != nil {
return
}
} else if !allowReplace {
err = base.HTTPErrorf(http.StatusConflict, "Already exists")
return
}
// Now update the Principal object from the properties in the request, first the channels:
updatedChannels := princ.ExplicitChannels()
if updatedChannels == nil {
updatedChannels = ch.TimedSet{}
}
lastSeq, err := dbc.LastSequence()
if err != nil {
return
}
updatedChannels.UpdateAtSequence(newInfo.ExplicitChannels, lastSeq+1)
princ.SetExplicitChannels(updatedChannels)
// Then the roles:
if isUser {
user.SetEmail(newInfo.Email)
if newInfo.Password != nil {
user.SetPassword(*newInfo.Password)
}
user.SetDisabled(newInfo.Disabled)
user.SetExplicitRoleNames(newInfo.ExplicitRoleNames)
}
// And finally save the Principal:
err = authenticator.Save(princ)
return
}
// Handles PUT and POST for a user or a role.
func (h *handler) updatePrincipal(name string, isUser bool) error {
h.assertAdminOnly()
// Unmarshal the request body into a PrincipalJSON struct:
body, _ := ioutil.ReadAll(h.rq.Body)
var newInfo PrincipalJSON
var err error
if err = json.Unmarshal(body, &newInfo); err != nil {
return err
}
var princ auth.Principal
var user auth.User
if h.rq.Method == "POST" {
// On POST, take the name from the "name" property in the request body:
if newInfo.Name == nil {
return &base.HTTPError{http.StatusBadRequest, "Missing name property"}
}
name = *newInfo.Name
} else {
// ON PUT, verify the name matches, if given:
if newInfo.Name != nil && *newInfo.Name != name {
return &base.HTTPError{http.StatusBadRequest, "Name mismatch (can't change name)"}
}
}
// Get the existing principal, or if this is a POST make sure there isn't one:
if isUser {
user, err = h.db.Authenticator().GetUser(internalUserName(name))
princ = user
} else {
princ, err = h.db.Authenticator().GetRole(name)
}
if err != nil {
return err
}
status := http.StatusOK
if princ == nil {
// If user/role didn't exist already, instantiate a new one:
status = http.StatusCreated
if isUser {
user, err = h.db.Authenticator().NewUser(internalUserName(name), "", nil)
princ = user
} else {
princ, err = h.db.Authenticator().NewRole(name, nil)
}
if err != nil {
return err
}
} else if h.rq.Method == "POST" {
return &base.HTTPError{http.StatusConflict, "Already exists"}
}
// Now update the Principal object from the properties in the request, first the channels:
updatedChannels := princ.ExplicitChannels()
if updatedChannels == nil {
updatedChannels = ch.TimedSet{}
}
updatedChannels.UpdateAtSequence(newInfo.ExplicitChannels, h.db.LastSequence()+1)
princ.SetExplicitChannels(updatedChannels)
// Then the roles:
if isUser {
user.SetEmail(newInfo.Email)
if newInfo.Password != nil {
user.SetPassword(*newInfo.Password)
}
user.SetDisabled(newInfo.Disabled)
user.SetExplicitRoleNames(newInfo.ExplicitRoleNames)
}
// And finally save the Principal:
if err = h.db.Authenticator().Save(princ); err != nil {
return err
}
h.response.WriteHeader(status)
return nil
}
