313 lines
6.9 KiB
Go
313 lines
6.9 KiB
Go
/*
|
|
Copyright 2017-2022 CAcert Inc.
|
|
SPDX-License-Identifier: Apache-2.0
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package models
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/jmoiron/sqlx"
|
|
)
|
|
|
|
const (
|
|
RoleAdmin string = "ADMIN"
|
|
RoleSecretary string = "SECRETARY"
|
|
RoleVoter string = "VOTER"
|
|
)
|
|
|
|
// The User type is used for mapping users from the voters table. The table
|
|
// has two columns that are obsolete:
|
|
//
|
|
// enabled -> replaced with user_roles where role is 'VOTER'
|
|
// reminder -> replaced with address from emails where reminder is true
|
|
//
|
|
// The columns cannot be dropped in SQLite without dropping and recreating
|
|
// the voters table and all foreign key indices pointing to that table.
|
|
type User struct {
|
|
ID int64 `db:"id"`
|
|
Name string `db:"name"`
|
|
Reminder string `db:"reminder"` // reminder email address
|
|
roles []*Role `db:"-"`
|
|
}
|
|
|
|
func (v *User) Roles() ([]*Role, error) {
|
|
if v.roles != nil {
|
|
return v.roles, nil
|
|
}
|
|
|
|
return nil, errors.New("call to GetRoles required")
|
|
}
|
|
|
|
func (v *User) HasRole(roles []string) (bool, error) {
|
|
userRoles, err := v.Roles()
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
|
|
roleMatched := false
|
|
|
|
outer:
|
|
for _, role := range userRoles {
|
|
for _, checkRole := range roles {
|
|
if role.Name == checkRole {
|
|
roleMatched = true
|
|
|
|
break outer
|
|
}
|
|
}
|
|
}
|
|
|
|
return roleMatched, nil
|
|
}
|
|
|
|
type UserModel struct {
|
|
DB *sqlx.DB
|
|
}
|
|
|
|
func (m *UserModel) GetReminderVoters(ctx context.Context) ([]*User, error) {
|
|
rows, err := m.DB.QueryxContext(
|
|
ctx,
|
|
`SELECT v.id, v.name, e.address AS reminder
|
|
FROM voters v
|
|
JOIN emails e ON v.id = e.voter
|
|
JOIN user_roles ur ON v.id = ur.voter_id
|
|
WHERE ur.role = ?
|
|
AND e.reminder = TRUE`,
|
|
RoleVoter,
|
|
)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("could not run query: %w", err)
|
|
}
|
|
|
|
defer func(rows *sqlx.Rows) {
|
|
_ = rows.Close()
|
|
}(rows)
|
|
|
|
result := make([]*User, 0)
|
|
|
|
for rows.Next() {
|
|
if err := rows.Err(); err != nil {
|
|
return nil, fmt.Errorf("could not fetch row: %w", err)
|
|
}
|
|
|
|
var user User
|
|
|
|
if err := rows.StructScan(&user); err != nil {
|
|
return nil, fmt.Errorf("could not scan row: %w", err)
|
|
}
|
|
|
|
result = append(result, &user)
|
|
}
|
|
|
|
return result, nil
|
|
}
|
|
|
|
func (m *UserModel) GetUser(ctx context.Context, emails []string) (*User, error) {
|
|
query, args, err := sqlx.In(
|
|
`WITH reminders AS (SELECT voter, address
|
|
FROM emails
|
|
WHERE reminder = TRUE)
|
|
SELECT DISTINCT v.id, v.name, reminders.address AS reminder
|
|
FROM voters v
|
|
JOIN emails e ON e.voter = v.id
|
|
LEFT JOIN reminders ON v.id = reminders.voter
|
|
WHERE e.address IN (?)`, emails)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("could not build query: %w", err)
|
|
}
|
|
|
|
rows, err := m.DB.QueryxContext(ctx, query, args...)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("could not run query: %w", err)
|
|
}
|
|
|
|
defer func(rows *sqlx.Rows) {
|
|
_ = rows.Close()
|
|
}(rows)
|
|
|
|
var (
|
|
user User
|
|
count int
|
|
)
|
|
|
|
for rows.Next() {
|
|
count++
|
|
|
|
if count > 1 {
|
|
return nil, fmt.Errorf(
|
|
"multiple voters found for addresses in certificate %s",
|
|
strings.Join(emails, ", "),
|
|
)
|
|
}
|
|
|
|
if err := rows.Err(); err != nil {
|
|
return nil, fmt.Errorf("could not fetch row: %w", err)
|
|
}
|
|
|
|
if err := rows.StructScan(&user); err != nil {
|
|
return nil, fmt.Errorf("could not get user from row: %w", err)
|
|
}
|
|
}
|
|
|
|
if user.roles, err = m.GetRoles(ctx, &user); err != nil {
|
|
return nil, fmt.Errorf("could not retrieve roles for user %s: %w", user.Name, err)
|
|
}
|
|
|
|
return &user, nil
|
|
}
|
|
|
|
type Role struct {
|
|
Name string `db:"role"`
|
|
}
|
|
|
|
func (m *UserModel) GetRoles(ctx context.Context, user *User) ([]*Role, error) {
|
|
rows, err := m.DB.QueryxContext(ctx, `SELECT role FROM user_roles WHERE voter_id=?`, user.ID)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("could not query roles for %s: %w", user.Name, err)
|
|
}
|
|
|
|
defer func(rows *sqlx.Rows) {
|
|
_ = rows.Close()
|
|
}(rows)
|
|
|
|
result := make([]*Role, 0)
|
|
|
|
for rows.Next() {
|
|
if err := rows.Err(); err != nil {
|
|
return nil, fmt.Errorf("could not retrieve row: %w", err)
|
|
}
|
|
|
|
var role Role
|
|
|
|
if err := rows.StructScan(&role); err != nil {
|
|
return nil, fmt.Errorf("could not get role from row: %w", err)
|
|
}
|
|
|
|
result = append(result, &role)
|
|
}
|
|
|
|
return result, nil
|
|
}
|
|
|
|
func (m *UserModel) CreateUser(ctx context.Context, name string, reminder string, emails []string) (int64, error) {
|
|
tx, err := m.DB.BeginTxx(ctx, nil)
|
|
if err != nil {
|
|
return 0, fmt.Errorf("could not start transaction: %w", err)
|
|
}
|
|
|
|
defer func(tx *sqlx.Tx) {
|
|
_ = tx.Rollback()
|
|
}(tx)
|
|
|
|
res, err := tx.ExecContext(
|
|
ctx,
|
|
`INSERT INTO voters (name, enabled) VALUES (?, 0)`,
|
|
name)
|
|
if err != nil {
|
|
return 0, fmt.Errorf("could not insert user: %w", err)
|
|
}
|
|
|
|
userID, err := res.LastInsertId()
|
|
if err != nil {
|
|
return 0, fmt.Errorf("could not get user id: %w", err)
|
|
}
|
|
|
|
for i := range emails {
|
|
_, err := tx.ExecContext(
|
|
ctx,
|
|
`INSERT INTO emails (voter, address, reminder)
|
|
VALUES (?, ?, ?)`,
|
|
userID,
|
|
emails[i],
|
|
emails[i] == reminder,
|
|
)
|
|
if err != nil {
|
|
return 0, fmt.Errorf("could not insert email %s for voter %s: %w", emails[i], name, err)
|
|
}
|
|
}
|
|
|
|
if err := tx.Commit(); err != nil {
|
|
return 0, fmt.Errorf("could not commit user transaction: %w", err)
|
|
}
|
|
|
|
return userID, nil
|
|
}
|
|
|
|
func (m *UserModel) PotentialVoters(ctx context.Context) ([]*User, error) {
|
|
rows, err := m.DB.QueryxContext(
|
|
ctx,
|
|
`SELECT voters.id, voters.name
|
|
FROM voters
|
|
JOIN user_roles ur ON voters.id = ur.voter_id
|
|
WHERE ur.role = 'VOTER'
|
|
ORDER BY voters.name`,
|
|
)
|
|
|
|
if err != nil {
|
|
return nil, fmt.Errorf("could not execute query: %w", err)
|
|
}
|
|
|
|
defer func(rows *sqlx.Rows) {
|
|
_ = rows.Close()
|
|
}(rows)
|
|
|
|
result := make([]*User, 0)
|
|
|
|
for rows.Next() {
|
|
if err := rows.Err(); err != nil {
|
|
return nil, fmt.Errorf("could not get row: %w", err)
|
|
}
|
|
|
|
var user User
|
|
|
|
if err := rows.StructScan(&user); err != nil {
|
|
return nil, fmt.Errorf("could not scan row: %w", err)
|
|
}
|
|
|
|
result = append(result, &user)
|
|
}
|
|
|
|
return result, nil
|
|
}
|
|
|
|
func (m *UserModel) LoadVoter(ctx context.Context, voterID int64) (*User, error) {
|
|
row := m.DB.QueryRowxContext(
|
|
ctx,
|
|
`SELECT DISTINCT v.id, v.name
|
|
FROM voters v
|
|
JOIN user_roles ur ON v.id = ur.voter_id
|
|
WHERE v.id = ?
|
|
AND ur.role = ?`,
|
|
voterID,
|
|
RoleVoter,
|
|
)
|
|
|
|
if err := row.Err(); err != nil {
|
|
return nil, fmt.Errorf("could not execute query: %w", err)
|
|
}
|
|
|
|
var user User
|
|
|
|
if err := row.StructScan(&user); err != nil {
|
|
return nil, fmt.Errorf("could not scan row: %w", err)
|
|
}
|
|
|
|
return &user, nil
|
|
}
|