bouzoure/pop-camarades
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Implement permissions in members controllers

Browse source
This commit is contained in:
William Bouzourène 2025-01-17 15:59:35 +01:00
parent 625d777a8b
commit 8c94b2567e
2 changed files with 272 additions and 59 deletions
Download patch file Download diff file Expand all files Collapse all files

229
controllers/members.go
View file

@ -27,6 +27,32 @@ type PersonValidation struct {
}
func Members(c *fiber.Ctx) error {
userid, err := helpers.GetSessionUserId(c)
if err != nil {
return err
}
allowedSections, err := helpers.PermissionsGetSections(
userid, "show_member",
)
if err != nil {
return err
}
allowedSectionsArchived, err := helpers.PermissionsGetSections(
userid, "show_archived_member",
)
if err != nil {
return err
}
permShow := (len(allowedSections) > 0)
permShowArchived := (len(allowedSectionsArchived) > 0)
if !permShow && !permShowArchived {
return fiber.NewError(fiber.StatusForbidden, "Forbidden")
}
db, err := helpers.GetDatabase()
if err != nil {
return err
@ -36,7 +62,7 @@ func Members(c *fiber.Ctx) error {
result := db.Order(
"last_name collate nocase asc, first_name collate nocase asc",
).Preload("Section").Find(
&people, "is_member = ?", true,
&people, "is_member = ? AND section_id IN ?", true, allowedSections,
)
if result.Error != nil && !errors.Is(result.Error, gorm.ErrRecordNotFound) {
@ -44,9 +70,11 @@ func Members(c *fiber.Ctx) error {
}
return c.Render("people", fiber.Map{
"PageTitle": "Membres",
"MembersPage": true,
"People": people,
"PageTitle": "Membres",
"MembersPage": true,
"People": people,
"PermShow": permShow,
"PermShowArchived": permShowArchived,
})
}
@ -63,12 +91,33 @@ func MemberShow(c *fiber.Ctx) error {
&person, "id = ? AND is_member", id, true,
)
if result.Error != nil {
return result.Error
}
if result.RowsAffected < 1 {
return fiber.NewError(fiber.StatusNotFound, "Not found")
}
if result.Error != nil {
return result.Error
userid, err := helpers.GetSessionUserId(c)
if err != nil {
return err
}
persmissionName := "show_member"
if person.DeletedAt.Valid {
persmissionName = "show_archived_member"
}
allow, err := helpers.PermissionsCheckSection(
userid, persmissionName, person.SectionID,
)
if err != nil {
return err
}
if !allow {
return fiber.NewError(fiber.StatusForbidden, "Forbidden")
}
title := fmt.Sprintf(
@ -91,17 +140,41 @@ func MemberShow(c *fiber.Ctx) error {
person.ID,
)
permEdit, _ := helpers.PermissionsGetSections(userid, "edit_member")
permConvert, _ := helpers.PermissionsGetSections(userid, "convert_member_to_contact")
permArchive, _ := helpers.PermissionsGetSections(userid, "archive_member")
permRestore, _ := helpers.PermissionsGetSections(userid, "restore_member")
permPurge, _ := helpers.PermissionsGetSections(userid, "purge_member")
return c.Render("person", fiber.Map{
"PageTitle": title,
"Person": person,
"Fields": fields,
"FieldValues": fieldValues,
"PermEdit": permEdit,
"PermConvert": permConvert,
"PermArchive": permArchive,
"PermRestore": permRestore,
"PermPurge": permPurge,
})
}
func MemberAdd(c *fiber.Ctx) error {
var person models.Person
var errors []string
userid, err := helpers.GetSessionUserId(c)
if err != nil {
return err
}
allowedSections, err := helpers.PermissionsGetSections(
userid, "create_member",
)
if err != nil {
return err
}
if len(allowedSections) < 1 {
return fiber.NewError(fiber.StatusForbidden, "Forbidden")
}
db, err := helpers.GetDatabase()
if err != nil {
@ -122,6 +195,8 @@ func MemberAdd(c *fiber.Ctx) error {
&fields, "person_type = ?", "member",
)
var person models.Person
var errors []string
if c.Method() == "POST" {
data := PersonValidation{
LastName: c.FormValue("last_name"),
@ -320,12 +395,28 @@ func MemberEdit(c *fiber.Ctx) error {
var person models.Person
result := db.Find(&person, "id = ?", id)
if errors.Is(result.Error, gorm.ErrRecordNotFound) {
if result.Error != nil {
return result.Error
}
if result.RowsAffected < 1 {
return fiber.NewError(fiber.StatusNotFound, "Not found")
}
if result.Error != nil {
return result.Error
userid, err := helpers.GetSessionUserId(c)
if err != nil {
return err
}
allow, err := helpers.PermissionsCheckSection(
userid, "edit_member", person.SectionID,
)
if err != nil {
return err
}
if !allow {
return fiber.NewError(fiber.StatusForbidden, "Forbidden")
}
title := fmt.Sprintf(
@ -562,12 +653,28 @@ func MemberConvert(c *fiber.Ctx) error {
var person models.Person
result := db.Find(&person, "id = ?", id)
if errors.Is(result.Error, gorm.ErrRecordNotFound) {
if result.Error != nil {
return result.Error
}
if result.RowsAffected < 1 {
return fiber.NewError(fiber.StatusNotFound, "Not found")
}
if result.Error != nil {
return result.Error
userid, err := helpers.GetSessionUserId(c)
if err != nil {
return err
}
allow, err := helpers.PermissionsCheckSection(
userid, "convert_member_to_contact", person.SectionID,
)
if err != nil {
return err
}
if !allow {
return fiber.NewError(fiber.StatusForbidden, "Forbidden")
}
person.IsContact = true
@ -592,7 +699,34 @@ func MemberArchive(c *fiber.Ctx) error {
return err
}
result := db.Delete(&models.Person{}, id)
var person models.Person
result := db.Find(&person, "id = ?", id)
if result.Error != nil {
return result.Error
}
if result.RowsAffected < 1 {
return fiber.NewError(fiber.StatusNotFound, "Not found")
}
userid, err := helpers.GetSessionUserId(c)
if err != nil {
return err
}
allow, err := helpers.PermissionsCheckSection(
userid, "archive_member", person.SectionID,
)
if err != nil {
return err
}
if !allow {
return fiber.NewError(fiber.StatusForbidden, "Forbidden")
}
result = db.Delete(&person)
if result.Error != nil {
return result.Error
}
@ -611,9 +745,37 @@ func MemberRestore(c *fiber.Ctx) error {
return err
}
result := db.Unscoped().Model(&models.Person{}).Where(
"id = ?", id,
).Update("DeletedAt", nil)
var person models.Person
result := db.Unscoped().Find(
&person, "id = ? AND deleted_at IS NOT NULL", id,
)
if result.Error != nil {
return result.Error
}
if result.RowsAffected < 1 {
return fiber.NewError(fiber.StatusNotFound, "Not found")
}
userid, err := helpers.GetSessionUserId(c)
if err != nil {
return err
}
allow, err := helpers.PermissionsCheckSection(
userid, "restore_member", person.SectionID,
)
if err != nil {
return err
}
if !allow {
return fiber.NewError(fiber.StatusForbidden, "Forbidden")
}
person.DeletedAt.Valid = false
result = db.Save(&person)
if result.Error != nil {
return result.Error
@ -633,7 +795,36 @@ func MemberPurge(c *fiber.Ctx) error {
return err
}
result := db.Unscoped().Delete(
var person models.Person
result := db.Unscoped().Find(
&person, "id = ?", id,
)
if result.Error != nil {
return result.Error
}
if result.RowsAffected < 1 {
return fiber.NewError(fiber.StatusNotFound, "Not found")
}
userid, err := helpers.GetSessionUserId(c)
if err != nil {
return err
}
allow, err := helpers.PermissionsCheckSection(
userid, "purge_member", person.SectionID,
)
if err != nil {
return err
}
if !allow {
return fiber.NewError(fiber.StatusForbidden, "Forbidden")
}
result = db.Unscoped().Delete(
&models.FieldValue{}, "person_id = ?", id,
)

98
views/person.html
View file

@ -260,62 +260,83 @@
<div class="my-5">
{% if Person.IsMember %}
<div class="row">
<div class="col-md-6">
{% if !Person.DeletedAt.Valid %}
<a class="btn btn-md btn-primary" href="/members/{{ Person.ID }}/edit">
<i class="bi-pencil-square"></i>
Modifier
</a>
<form
action="/members/{{ Person.ID }}/convert"
method="post"
class="d-inline p-0"
>
<button class="btn btn-md btn-secondary areyousure" type="submit">
<i class="bi-arrow-repeat"></i>
Convertir en contact
</button>
</form>
{% if PermEdit %}
<a class="btn btn-md btn-primary" href="/members/{{ Person.ID }}/edit">
<i class="bi-pencil-square"></i>
Modifier
</a>
{% endif %}
{% if PermConvert %}
<form
action="/members/{{ Person.ID }}/convert"
method="post"
class="d-inline p-0"
>
<button class="btn btn-md btn-secondary areyousure" type="submit">
<i class="bi-arrow-repeat"></i>
Convertir en contact
</button>
</form>
{% endif %}
{% endif %}
</div>
<div class="col-md-6 text-md-end mt-2 mt-md-0">
{% if Person.DeletedAt.Valid %}
<form
action="/members/{{ Person.ID }}/restore"
method="post"
class="d-inline p-0"
>
<button class="btn btn-md btn-secondary areyousure" type="submit">
<i class="bi-person-check"></i>
Restaurer
</button>
</form>
{% if PermRestore %}
<form
action="/members/{{ Person.ID }}/restore"
method="post"
class="d-inline p-0"
>
<button class="btn btn-md btn-secondary areyousure" type="submit">
<i class="bi-person-check"></i>
Restaurer
</button>
</form>
{% endif %}
{% else %}
{% if PermArchive %}
<form
action="/members/{{ Person.ID }}/archive"
method="post"
class="d-inline p-0"
>
<button class="btn btn-md btn-secondary areyousure" type="submit">
<i class="bi-person-slash"></i>
Archiver
</button>
</form>
{% endif %}
{% endif %}
{% if PermPurge %}
<form
action="/members/{{ Person.ID }}/archive"
action="/members/{{ Person.ID }}/purge"
method="post"
class="d-inline p-0"
>
<button class="btn btn-md btn-secondary areyousure" type="submit">
<i class="bi-person-slash"></i>
Archiver
<button class="btn btn-md btn-danger areyousure" type="submit">
<i class="bi-trash3"></i>
Supprimer
</button>
</form>
{% endif %}
<form
action="/members/{{ Person.ID }}/purge"
method="post"
class="d-inline p-0"
>
<button class="btn btn-md btn-danger areyousure" type="submit">
<i class="bi-trash3"></i>
Supprimer
</button>
</form>
</div>
</div>
{% else %}
<div class="row">
<div class="col-md-6">
{% if !Person.DeletedAt.Valid %}
@ -371,6 +392,7 @@
</form>
</div>
</div>
{% endif %}
</div>