From 85d08e5697b3af63c956f690ed37c225d8c3a586 Mon Sep 17 00:00:00 2001 From: konrad Date: Sat, 25 May 2019 10:16:55 +0000 Subject: [PATCH] Fixed check if the user really exists before updating/deleting its rights (#77) --- Featurecreep.md | 2 +- pkg/models/list_users_test.go | 28 ++++++++++++++-------------- pkg/models/list_users_update.go | 7 +++++++ pkg/models/namespace_users_test.go | 12 ++++++------ pkg/models/namespace_users_update.go | 7 +++++++ 5 files changed, 35 insertions(+), 21 deletions(-) diff --git a/Featurecreep.md b/Featurecreep.md index 970205465..64ed3d75d 100644 --- a/Featurecreep.md +++ b/Featurecreep.md @@ -217,7 +217,7 @@ Sorry for some of them being in German, I'll tranlate them at some point. * [x] Reminders should use an extra table so we can make reverse lookups aka "give me all tasks with reminders in this period" which we'll need for things like email reminders notifications * [x] When giving a user access to a list/namespace, they should be reffered to by uuid, not numeric id * [x] Adding users to a team should also use uuid -* [ ] Check if the team/user really exist before updating them on lists/namespaces +* [x] Check if the team/user really exist before updating them on lists/namespaces ### Linters diff --git a/pkg/models/list_users_test.go b/pkg/models/list_users_test.go index 2d3097d87..9d38a9e41 100644 --- a/pkg/models/list_users_test.go +++ b/pkg/models/list_users_test.go @@ -218,7 +218,7 @@ func TestListUser_ReadAll(t *testing.T) { func TestListUser_Update(t *testing.T) { type fields struct { ID int64 - UserID int64 + Username string ListID int64 Right Right Created int64 @@ -235,33 +235,33 @@ func TestListUser_Update(t *testing.T) { { name: "Test Update Normally", fields: fields{ - ListID: 3, - UserID: 1, - Right: RightAdmin, + ListID: 3, + Username: "user1", + Right: RightAdmin, }, }, { name: "Test Update to write", fields: fields{ - ListID: 3, - UserID: 1, - Right: RightWrite, + ListID: 3, + Username: "user1", + Right: RightWrite, }, }, { name: "Test Update to Read", fields: fields{ - ListID: 3, - UserID: 1, - Right: RightRead, + ListID: 3, + Username: "user1", + Right: RightRead, }, }, { name: "Test Update with invalid right", fields: fields{ - ListID: 3, - UserID: 1, - Right: 500, + ListID: 3, + Username: "user1", + Right: 500, }, wantErr: true, errType: IsErrInvalidRight, @@ -271,7 +271,7 @@ func TestListUser_Update(t *testing.T) { t.Run(tt.name, func(t *testing.T) { lu := &ListUser{ ID: tt.fields.ID, - UserID: tt.fields.UserID, + Username: tt.fields.Username, ListID: tt.fields.ListID, Right: tt.fields.Right, Created: tt.fields.Created, diff --git a/pkg/models/list_users_update.go b/pkg/models/list_users_update.go index a69c5891d..29bc6c824 100644 --- a/pkg/models/list_users_update.go +++ b/pkg/models/list_users_update.go @@ -40,6 +40,13 @@ func (lu *ListUser) Update() (err error) { return err } + // Check if the user exists + user, err := GetUserByUsername(lu.Username) + if err != nil { + return err + } + lu.UserID = user.ID + _, err = x. Where("list_id = ? AND user_id = ?", lu.ListID, lu.UserID). Cols("right"). diff --git a/pkg/models/namespace_users_test.go b/pkg/models/namespace_users_test.go index 29c65a8dc..fefdf12f9 100644 --- a/pkg/models/namespace_users_test.go +++ b/pkg/models/namespace_users_test.go @@ -218,7 +218,7 @@ func TestNamespaceUser_ReadAll(t *testing.T) { func TestNamespaceUser_Update(t *testing.T) { type fields struct { ID int64 - UserID int64 + Username string NamespaceID int64 Right Right Created int64 @@ -236,7 +236,7 @@ func TestNamespaceUser_Update(t *testing.T) { name: "Test Update Normally", fields: fields{ NamespaceID: 3, - UserID: 1, + Username: "user1", Right: RightAdmin, }, }, @@ -244,7 +244,7 @@ func TestNamespaceUser_Update(t *testing.T) { name: "Test Update to write", fields: fields{ NamespaceID: 3, - UserID: 1, + Username: "user1", Right: RightWrite, }, }, @@ -252,7 +252,7 @@ func TestNamespaceUser_Update(t *testing.T) { name: "Test Update to Read", fields: fields{ NamespaceID: 3, - UserID: 1, + Username: "user1", Right: RightRead, }, }, @@ -260,7 +260,7 @@ func TestNamespaceUser_Update(t *testing.T) { name: "Test Update with invalid right", fields: fields{ NamespaceID: 3, - UserID: 1, + Username: "user1", Right: 500, }, wantErr: true, @@ -271,7 +271,7 @@ func TestNamespaceUser_Update(t *testing.T) { t.Run(tt.name, func(t *testing.T) { nu := &NamespaceUser{ ID: tt.fields.ID, - UserID: tt.fields.UserID, + Username: tt.fields.Username, NamespaceID: tt.fields.NamespaceID, Right: tt.fields.Right, Created: tt.fields.Created, diff --git a/pkg/models/namespace_users_update.go b/pkg/models/namespace_users_update.go index 82273f1f6..bcaa55d14 100644 --- a/pkg/models/namespace_users_update.go +++ b/pkg/models/namespace_users_update.go @@ -40,6 +40,13 @@ func (nu *NamespaceUser) Update() (err error) { return err } + // Check if the user exists + user, err := GetUserByUsername(nu.Username) + if err != nil { + return err + } + nu.UserID = user.ID + _, err = x. Where("namespace_id = ? AND user_id = ?", nu.NamespaceID, nu.UserID). Cols("right").