// Updates or creates a principal from a PrincipalConfig structure. func (dbc *DatabaseContext) UpdatePrincipal(newInfo PrincipalConfig, isUser bool, allowReplace bool) (replaced bool, err error) { // Get the existing principal, or if this is a POST make sure there isn't one: var princ auth.Principal var user auth.User authenticator := dbc.Authenticator() if isUser { user, err = authenticator.GetUser(*newInfo.Name) princ = user } else { princ, err = authenticator.GetRole(*newInfo.Name) } if err != nil { return } replaced = (princ != nil) if !replaced { // If user/role didn't exist already, instantiate a new one: if isUser { user, err = authenticator.NewUser(*newInfo.Name, "", nil) princ = user } else { princ, err = authenticator.NewRole(*newInfo.Name, nil) } if err != nil { return } } else if !allowReplace { err = base.HTTPErrorf(http.StatusConflict, "Already exists") return } // Update the persistent sequence number of this principal: nextSeq, err := dbc.sequences.nextSequence() if err != nil { return } princ.SetSequence(nextSeq) // Now update the Principal object from the properties in the request, first the channels: updatedChannels := princ.ExplicitChannels() if updatedChannels == nil { updatedChannels = ch.TimedSet{} } updatedChannels.UpdateAtSequence(newInfo.ExplicitChannels, nextSeq) princ.SetExplicitChannels(updatedChannels) // Then the user-specific fields like roles: if isUser { user.SetEmail(newInfo.Email) if newInfo.Password != nil { user.SetPassword(*newInfo.Password) } user.SetDisabled(newInfo.Disabled) updatedRoles := user.ExplicitRoles() if updatedRoles == nil { updatedRoles = ch.TimedSet{} } updatedRoles.UpdateAtSequence(base.SetFromArray(newInfo.ExplicitRoleNames), nextSeq) user.SetExplicitRoles(updatedRoles) } // And finally save the Principal: err = authenticator.Save(princ) return }
// Updates or creates a principal from a PrincipalConfig structure. func updatePrincipal(dbc *db.DatabaseContext, newInfo PrincipalConfig, isUser bool, allowReplace bool) (replaced bool, err error) { // Get the existing principal, or if this is a POST make sure there isn't one: var princ auth.Principal var user auth.User authenticator := dbc.Authenticator() if isUser { user, err = authenticator.GetUser(internalUserName(*newInfo.Name)) princ = user } else { princ, err = authenticator.GetRole(*newInfo.Name) } if err != nil { return } replaced = (princ != nil) if !replaced { // If user/role didn't exist already, instantiate a new one: if isUser { user, err = authenticator.NewUser(internalUserName(*newInfo.Name), "", nil) princ = user } else { princ, err = authenticator.NewRole(*newInfo.Name, nil) } if err != nil { return } } else if !allowReplace { err = base.HTTPErrorf(http.StatusConflict, "Already exists") return } // Now update the Principal object from the properties in the request, first the channels: updatedChannels := princ.ExplicitChannels() if updatedChannels == nil { updatedChannels = ch.TimedSet{} } lastSeq, err := dbc.LastSequence() if err != nil { return } updatedChannels.UpdateAtSequence(newInfo.ExplicitChannels, lastSeq+1) princ.SetExplicitChannels(updatedChannels) // Then the user-specific fields like roles: if isUser { user.SetEmail(newInfo.Email) if newInfo.Password != nil { user.SetPassword(*newInfo.Password) } user.SetDisabled(newInfo.Disabled) // Convert the array of role strings into a TimedSet by reapplying the current sequences // for existing roles, and using the database's last sequence for any new roles. newRoles := ch.TimedSet{} oldRoles := user.ExplicitRoles() var currentSequence uint64 for _, roleName := range newInfo.ExplicitRoleNames { since, found := oldRoles[roleName] if !found { if currentSequence == 0 { currentSequence, _ = dbc.LastSequence() if currentSequence == 0 { currentSequence = 1 } } since = currentSequence } newRoles[roleName] = since } user.SetExplicitRoles(newRoles) } // And finally save the Principal: err = authenticator.Save(princ) return }