Add admin page to list the users
There is no way, for now, to add, edit or remove users, because
currently we only need to list users.
I can not give admins access to the user table, for security
permissions, so i had to create a new view. I could name it also ‘user’
in ‘camper’ scheme, but then i was afraid i would have problems with
unit tests and their search_path, so instead i called it
‘company_user_profile’, which is like ‘user_profile’ but for all users
in ‘company_user’.
I created a new Go package for it, rather than add the admin handler in
‘auth’, because ‘template’ depends on ‘auth’, and rendering from ‘auth’
would cause a dependency loop.
I needed to have the roles in gettext to translate them, but there is
no obvious place where to put the call to PgettextNoop. For now, there
are in ‘NewAdminHandler’ because it is called once in the application’s
lifetime and they actually do not matter much.
2024-01-17 18:42:47 +00:00
|
|
|
package user
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"net/http"
|
|
|
|
|
|
|
|
|
|
"dev.tandem.ws/tandem/camper/pkg/auth"
|
|
|
|
|
"dev.tandem.ws/tandem/camper/pkg/database"
|
|
|
|
|
httplib "dev.tandem.ws/tandem/camper/pkg/http"
|
|
|
|
|
"dev.tandem.ws/tandem/camper/pkg/locale"
|
|
|
|
|
"dev.tandem.ws/tandem/camper/pkg/template"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type AdminHandler struct {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewAdminHandler() *AdminHandler {
|
|
|
|
|
locale.PgettextNoop("guest", "role")
|
|
|
|
|
locale.PgettextNoop("employee", "role")
|
|
|
|
|
locale.PgettextNoop("admin", "role")
|
|
|
|
|
|
|
|
|
|
return &AdminHandler{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (h *AdminHandler) Handler(user *auth.User, company *auth.Company, conn *database.Conn) http.Handler {
|
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
var head string
|
|
|
|
|
head, r.URL.Path = httplib.ShiftPath(r.URL.Path)
|
|
|
|
|
|
|
|
|
|
switch head {
|
|
|
|
|
case "":
|
|
|
|
|
switch r.Method {
|
|
|
|
|
case http.MethodGet:
|
|
|
|
|
serveUserIndex(w, r, user, company, conn)
|
|
|
|
|
default:
|
2024-01-18 18:34:58 +00:00
|
|
|
httplib.MethodNotAllowed(w, r, http.MethodGet)
|
Add admin page to list the users
There is no way, for now, to add, edit or remove users, because
currently we only need to list users.
I can not give admins access to the user table, for security
permissions, so i had to create a new view. I could name it also ‘user’
in ‘camper’ scheme, but then i was afraid i would have problems with
unit tests and their search_path, so instead i called it
‘company_user_profile’, which is like ‘user_profile’ but for all users
in ‘company_user’.
I created a new Go package for it, rather than add the admin handler in
‘auth’, because ‘template’ depends on ‘auth’, and rendering from ‘auth’
would cause a dependency loop.
I needed to have the roles in gettext to translate them, but there is
no obvious place where to put the call to PgettextNoop. For now, there
are in ‘NewAdminHandler’ because it is called once in the application’s
lifetime and they actually do not matter much.
2024-01-17 18:42:47 +00:00
|
|
|
}
|
2024-01-17 19:28:42 +00:00
|
|
|
case "login-attempts":
|
|
|
|
|
switch r.Method {
|
|
|
|
|
case http.MethodGet:
|
|
|
|
|
serveLoginAttemptIndex(w, r, user, company, conn)
|
|
|
|
|
default:
|
2024-01-18 18:34:58 +00:00
|
|
|
httplib.MethodNotAllowed(w, r, http.MethodGet)
|
2024-01-17 19:28:42 +00:00
|
|
|
}
|
Add admin page to list the users
There is no way, for now, to add, edit or remove users, because
currently we only need to list users.
I can not give admins access to the user table, for security
permissions, so i had to create a new view. I could name it also ‘user’
in ‘camper’ scheme, but then i was afraid i would have problems with
unit tests and their search_path, so instead i called it
‘company_user_profile’, which is like ‘user_profile’ but for all users
in ‘company_user’.
I created a new Go package for it, rather than add the admin handler in
‘auth’, because ‘template’ depends on ‘auth’, and rendering from ‘auth’
would cause a dependency loop.
I needed to have the roles in gettext to translate them, but there is
no obvious place where to put the call to PgettextNoop. For now, there
are in ‘NewAdminHandler’ because it is called once in the application’s
lifetime and they actually do not matter much.
2024-01-17 18:42:47 +00:00
|
|
|
default:
|
|
|
|
|
http.NotFound(w, r)
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func serveUserIndex(w http.ResponseWriter, r *http.Request, user *auth.User, company *auth.Company, conn *database.Conn) {
|
|
|
|
|
users, err := collectUserEntries(r.Context(), conn)
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
page := &userIndex{
|
|
|
|
|
Users: users,
|
|
|
|
|
}
|
|
|
|
|
page.MustRender(w, r, user, company)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func collectUserEntries(ctx context.Context, conn *database.Conn) ([]*userEntry, error) {
|
|
|
|
|
rows, err := conn.Query(ctx, `
|
|
|
|
|
select '/admin/users/' || user_id
|
|
|
|
|
, email
|
|
|
|
|
, name
|
|
|
|
|
, role
|
|
|
|
|
from company_user_profile
|
|
|
|
|
order by name
|
|
|
|
|
`)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
defer rows.Close()
|
|
|
|
|
|
|
|
|
|
var entries []*userEntry
|
|
|
|
|
for rows.Next() {
|
|
|
|
|
entry := &userEntry{}
|
|
|
|
|
if err = rows.Scan(&entry.URL, &entry.Email, &entry.Name, &entry.Role); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
entries = append(entries, entry)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return entries, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type userEntry struct {
|
|
|
|
|
URL string
|
|
|
|
|
Email string
|
|
|
|
|
Name string
|
|
|
|
|
Role string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type userIndex struct {
|
|
|
|
|
Users []*userEntry
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (page *userIndex) MustRender(w http.ResponseWriter, r *http.Request, user *auth.User, company *auth.Company) {
|
|
|
|
|
template.MustRenderAdmin(w, r, user, company, "user/index.gohtml", page)
|
|
|
|
|
}
|
