cacert-boardvoting/internal/models/voters.go

313 lines
6.9 KiB
Go

/*
Copyright 2017-2022 CAcert Inc.
SPDX-License-Identifier: Apache-2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package models
import (
"context"
"errors"
"fmt"
"strings"
"github.com/jmoiron/sqlx"
)
const (
RoleAdmin string = "ADMIN"
RoleSecretary string = "SECRETARY"
RoleVoter string = "VOTER"
)
// The User type is used for mapping users from the voters table. The table
// has two columns that are obsolete:
//
// enabled -> replaced with user_roles where role is 'VOTER'
// reminder -> replaced with address from emails where reminder is true
//
// The columns cannot be dropped in SQLite without dropping and recreating
// the voters table and all foreign key indices pointing to that table.
type User struct {
ID int64 `db:"id"`
Name string `db:"name"`
Reminder string `db:"reminder"` // reminder email address
roles []*Role `db:"-"`
}
func (v *User) Roles() ([]*Role, error) {
if v.roles != nil {
return v.roles, nil
}
return nil, errors.New("call to GetRoles required")
}
func (v *User) HasRole(roles []string) (bool, error) {
userRoles, err := v.Roles()
if err != nil {
return false, err
}
roleMatched := false
outer:
for _, role := range userRoles {
for _, checkRole := range roles {
if role.Name == checkRole {
roleMatched = true
break outer
}
}
}
return roleMatched, nil
}
type UserModel struct {
DB *sqlx.DB
}
func (m *UserModel) GetReminderVoters(ctx context.Context) ([]*User, error) {
rows, err := m.DB.QueryxContext(
ctx,
`SELECT v.id, v.name, e.address AS reminder
FROM voters v
JOIN emails e ON v.id = e.voter
JOIN user_roles ur ON v.id = ur.voter_id
WHERE ur.role = ?
AND e.reminder = TRUE`,
RoleVoter,
)
if err != nil {
return nil, fmt.Errorf("could not run query: %w", err)
}
defer func(rows *sqlx.Rows) {
_ = rows.Close()
}(rows)
result := make([]*User, 0)
for rows.Next() {
if err := rows.Err(); err != nil {
return nil, fmt.Errorf("could not fetch row: %w", err)
}
var user User
if err := rows.StructScan(&user); err != nil {
return nil, fmt.Errorf("could not scan row: %w", err)
}
result = append(result, &user)
}
return result, nil
}
func (m *UserModel) GetUser(ctx context.Context, emails []string) (*User, error) {
query, args, err := sqlx.In(
`WITH reminders AS (SELECT voter, address
FROM emails
WHERE reminder = TRUE)
SELECT DISTINCT v.id, v.name, reminders.address AS reminder
FROM voters v
JOIN emails e ON e.voter = v.id
LEFT JOIN reminders ON v.id = reminders.voter
WHERE e.address IN (?)`, emails)
if err != nil {
return nil, fmt.Errorf("could not build query: %w", err)
}
rows, err := m.DB.QueryxContext(ctx, query, args...)
if err != nil {
return nil, fmt.Errorf("could not run query: %w", err)
}
defer func(rows *sqlx.Rows) {
_ = rows.Close()
}(rows)
var (
user User
count int
)
for rows.Next() {
count++
if count > 1 {
return nil, fmt.Errorf(
"multiple voters found for addresses in certificate %s",
strings.Join(emails, ", "),
)
}
if err := rows.Err(); err != nil {
return nil, fmt.Errorf("could not fetch row: %w", err)
}
if err := rows.StructScan(&user); err != nil {
return nil, fmt.Errorf("could not get user from row: %w", err)
}
}
if user.roles, err = m.GetRoles(ctx, &user); err != nil {
return nil, fmt.Errorf("could not retrieve roles for user %s: %w", user.Name, err)
}
return &user, nil
}
type Role struct {
Name string `db:"role"`
}
func (m *UserModel) GetRoles(ctx context.Context, user *User) ([]*Role, error) {
rows, err := m.DB.QueryxContext(ctx, `SELECT role FROM user_roles WHERE voter_id=?`, user.ID)
if err != nil {
return nil, fmt.Errorf("could not query roles for %s: %w", user.Name, err)
}
defer func(rows *sqlx.Rows) {
_ = rows.Close()
}(rows)
result := make([]*Role, 0)
for rows.Next() {
if err := rows.Err(); err != nil {
return nil, fmt.Errorf("could not retrieve row: %w", err)
}
var role Role
if err := rows.StructScan(&role); err != nil {
return nil, fmt.Errorf("could not get role from row: %w", err)
}
result = append(result, &role)
}
return result, nil
}
func (m *UserModel) CreateUser(ctx context.Context, name string, reminder string, emails []string) (int64, error) {
tx, err := m.DB.BeginTxx(ctx, nil)
if err != nil {
return 0, fmt.Errorf("could not start transaction: %w", err)
}
defer func(tx *sqlx.Tx) {
_ = tx.Rollback()
}(tx)
res, err := tx.ExecContext(
ctx,
`INSERT INTO voters (name, enabled) VALUES (?, 0)`,
name)
if err != nil {
return 0, fmt.Errorf("could not insert user: %w", err)
}
userID, err := res.LastInsertId()
if err != nil {
return 0, fmt.Errorf("could not get user id: %w", err)
}
for i := range emails {
_, err := tx.ExecContext(
ctx,
`INSERT INTO emails (voter, address, reminder)
VALUES (?, ?, ?)`,
userID,
emails[i],
emails[i] == reminder,
)
if err != nil {
return 0, fmt.Errorf("could not insert email %s for voter %s: %w", emails[i], name, err)
}
}
if err := tx.Commit(); err != nil {
return 0, fmt.Errorf("could not commit user transaction: %w", err)
}
return userID, nil
}
func (m *UserModel) PotentialVoters(ctx context.Context) ([]*User, error) {
rows, err := m.DB.QueryxContext(
ctx,
`SELECT voters.id, voters.name
FROM voters
JOIN user_roles ur ON voters.id = ur.voter_id
WHERE ur.role = 'VOTER'
ORDER BY voters.name`,
)
if err != nil {
return nil, fmt.Errorf("could not execute query: %w", err)
}
defer func(rows *sqlx.Rows) {
_ = rows.Close()
}(rows)
result := make([]*User, 0)
for rows.Next() {
if err := rows.Err(); err != nil {
return nil, fmt.Errorf("could not get row: %w", err)
}
var user User
if err := rows.StructScan(&user); err != nil {
return nil, fmt.Errorf("could not scan row: %w", err)
}
result = append(result, &user)
}
return result, nil
}
func (m *UserModel) LoadVoter(ctx context.Context, voterID int64) (*User, error) {
row := m.DB.QueryRowxContext(
ctx,
`SELECT DISTINCT v.id, v.name
FROM voters v
JOIN user_roles ur ON v.id = ur.voter_id
WHERE v.id = ?
AND ur.role = ?`,
voterID,
RoleVoter,
)
if err := row.Err(); err != nil {
return nil, fmt.Errorf("could not execute query: %w", err)
}
var user User
if err := row.StructScan(&user); err != nil {
return nil, fmt.Errorf("could not scan row: %w", err)
}
return &user, nil
}