From d2e08de9bd5acd1ded21124218c9e32ae1937271 Mon Sep 17 00:00:00 2001 From: Steven Date: Tue, 27 Sep 2022 00:21:05 +0800 Subject: [PATCH] feat: update delete module api --- api/shortcut.go | 6 +++++- server/acl.go | 2 -- server/shortcut.go | 2 +- server/workspace_user.go | 15 +++++++++++++-- store/db/seed/10003__workspace_user.sql | 13 +++++++++++++ store/shortcut.go | 18 ++++++++++++++---- store/user.go | 1 - store/workspace.go | 1 - store/workspace_user.go | 1 - 9 files changed, 46 insertions(+), 13 deletions(-) diff --git a/api/shortcut.go b/api/shortcut.go index 0e3648a..49cfa7a 100644 --- a/api/shortcut.go +++ b/api/shortcut.go @@ -83,5 +83,9 @@ type ShortcutFind struct { } type ShortcutDelete struct { - ID int + ID *int + + // Standard fields + CreatorID *int + WorkspaceID *int } diff --git a/server/acl.go b/server/acl.go index 252a550..222f355 100644 --- a/server/acl.go +++ b/server/acl.go @@ -60,8 +60,6 @@ func aclMiddleware(s *Server, next echo.HandlerFunc) echo.HandlerFunc { return next(c) } - println("path", path) - if common.HasPrefixes(path, "/api/ping", "/api/status", "/api/user/:id") && c.Request().Method == http.MethodGet { return next(c) } diff --git a/server/shortcut.go b/server/shortcut.go index 1158d63..10656d9 100644 --- a/server/shortcut.go +++ b/server/shortcut.go @@ -156,7 +156,7 @@ func (s *Server) registerShortcutRoutes(g *echo.Group) { } shortcutDelete := &api.ShortcutDelete{ - ID: shortcutID, + ID: &shortcutID, } if err := s.Store.DeleteShortcut(ctx, shortcutDelete); err != nil { if common.ErrorCode(err) == common.NotFound { diff --git a/server/workspace_user.go b/server/workspace_user.go index 48f3a8f..d8c7b4c 100644 --- a/server/workspace_user.go +++ b/server/workspace_user.go @@ -134,8 +134,8 @@ func (s *Server) registerWorkspaceUserRoutes(g *echo.Group) { if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find workspace user").SetInternal(err) } - if currentWorkspaceUser.Role != api.RoleAdmin { - return echo.NewHTTPError(http.StatusForbidden, "Access forbidden to add workspace user").SetInternal(err) + if currentWorkspaceUser.UserID != userID && currentWorkspaceUser.Role != api.RoleAdmin { + return echo.NewHTTPError(http.StatusForbidden, "Access forbidden to delete workspace user").SetInternal(err) } userID, err = strconv.Atoi(c.Param("userId")) @@ -154,6 +154,17 @@ func (s *Server) registerWorkspaceUserRoutes(g *echo.Group) { return echo.NewHTTPError(http.StatusInternalServerError, "Failed to delete workspace user").SetInternal(err) } + shortcutDelete := &api.ShortcutDelete{ + CreatorID: &userID, + WorkspaceID: &workspaceID, + } + if err := s.Store.DeleteShortcut(ctx, shortcutDelete); err != nil { + if common.ErrorCode(err) == common.NotFound { + return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("Shortcut not found with workspace id %d and user id %d", workspaceID, userID)) + } + return echo.NewHTTPError(http.StatusInternalServerError, "Failed to delete shortcut").SetInternal(err) + } + return c.JSON(http.StatusOK, true) }) } diff --git a/store/db/seed/10003__workspace_user.sql b/store/db/seed/10003__workspace_user.sql index e6e6963..728ce23 100644 --- a/store/db/seed/10003__workspace_user.sql +++ b/store/db/seed/10003__workspace_user.sql @@ -11,6 +11,19 @@ VALUES 'ADMIN' ); +INSERT INTO + workspace_user ( + `workspace_id`, + `user_id`, + `role` + ) +VALUES + ( + 11, + 102, + 'USER' + ); + INSERT INTO workspace_user ( `workspace_id`, diff --git a/store/shortcut.go b/store/shortcut.go index 209b9a5..4fd060f 100644 --- a/store/shortcut.go +++ b/store/shortcut.go @@ -182,7 +182,7 @@ func (s *Store) DeleteShortcut(ctx context.Context, delete *api.ShortcutDelete) return FormatError(err) } - s.cache.DeleteCache(api.ShortcutCache, delete.ID) + s.cache.DeleteCache(api.ShortcutCache, *delete.ID) return nil } @@ -346,10 +346,20 @@ func findShortcutList(ctx context.Context, tx *sql.Tx, find *api.ShortcutFind) ( } func deleteShortcut(ctx context.Context, tx *sql.Tx, delete *api.ShortcutDelete) error { + where, args := []string{"1 = 1"}, []interface{}{} + + if v := delete.ID; v != nil { + where, args = append(where, "id = ?"), append(args, *v) + } + if v := delete.CreatorID; v != nil { + where, args = append(where, "creator_id = ?"), append(args, *v) + } + if v := delete.WorkspaceID; v != nil { + where, args = append(where, "workspace_id = ?"), append(args, *v) + } + result, err := tx.ExecContext(ctx, ` - PRAGMA foreign_keys = ON; - DELETE FROM shortcut WHERE id = ? - `, delete.ID) + DELETE FROM shortcut WHERE `+strings.Join(where, " AND "), args...) if err != nil { return FormatError(err) } diff --git a/store/user.go b/store/user.go index 4b70e66..ed54e16 100644 --- a/store/user.go +++ b/store/user.go @@ -326,7 +326,6 @@ func findUserList(ctx context.Context, tx *sql.Tx, find *api.UserFind) ([]*userR func deleteUser(ctx context.Context, tx *sql.Tx, delete *api.UserDelete) error { result, err := tx.ExecContext(ctx, ` - PRAGMA foreign_keys = ON; DELETE FROM user WHERE id = ? `, delete.ID) if err != nil { diff --git a/store/workspace.go b/store/workspace.go index f565835..0e8b08a 100644 --- a/store/workspace.go +++ b/store/workspace.go @@ -311,7 +311,6 @@ func findWorkspaceList(ctx context.Context, tx *sql.Tx, find *api.WorkspaceFind) func deleteWorkspace(ctx context.Context, tx *sql.Tx, delete *api.WorkspaceDelete) error { result, err := tx.ExecContext(ctx, ` - PRAGMA foreign_keys = ON; DELETE FROM workspace WHERE id = ? `, delete.ID) if err != nil { diff --git a/store/workspace_user.go b/store/workspace_user.go index 308e51d..3097bf4 100644 --- a/store/workspace_user.go +++ b/store/workspace_user.go @@ -212,7 +212,6 @@ func findWorkspaceUserList(ctx context.Context, tx *sql.Tx, find *api.WorkspaceU func deleteWorkspaceUser(ctx context.Context, tx *sql.Tx, delete *api.WorkspaceUserDelete) error { result, err := tx.ExecContext(ctx, ` - PRAGMA foreign_keys = ON; DELETE FROM workspace_user WHERE workspace_id = ? AND user_id = ? `, delete.WorkspaceID, delete.UserID) if err != nil {