func upsertPermissionsHandler(mapper *pgmapper.Mapper, objectIdExtractor idextractor.Extractor) http.Handler { result := func(w http.ResponseWriter, r *http.Request) { objectId, err := objectIdExtractor(r) if err != nil { w.WriteHeader(http.StatusInternalServerError) return } ids, ok := r.URL.Query()["sid"] entity := make(map[string]interface{}) err = json.NewDecoder(r.Body).Decode(&entity) if err != nil { w.WriteHeader(http.StatusInternalServerError) return } if ok { err = mapper.Execute("SELECT insert_bulk_permissions(%v)", objectId, entity["create_permission"], entity["read_permission"], entity["update_permission"], entity["delete_permission"], ids) } else { _, err = mapper.ExecuteRaw("insert into acl_entries(object_id,sid,create_permission,read_permission,update_permission,delete_permission) values($1,$2,$3,$4,$5,$6) ON CONFLICT (object_id,sid) DO UPDATE SET create_permission = $3, read_permission = $4, update_permission = $5, delete_permission = $6 where acl_entries.sid = $2 AND acl_entries.object_id = $1", objectId, entity["sid"], entity["create_permission"], entity["read_permission"], entity["update_permission"], entity["delete_permission"]) } if err != nil { w.WriteHeader(http.StatusInternalServerError) return } } return http.Handler(http.HandlerFunc(result)) }
func deleteObjectHandler(mapper *pgmapper.Mapper, extractor idextractor.Extractor) http.Handler { result := func(w http.ResponseWriter, r *http.Request) { objectId, err := extractor(r) if err != nil { w.WriteHeader(http.StatusInternalServerError) return } _, err = mapper.ExecuteRaw("delete from object_identities where id = $1", objectId) if err != nil { w.WriteHeader(http.StatusInternalServerError) return } } return http.Handler(http.HandlerFunc(result)) }