|
7 | 7 | "fmt" |
8 | 8 | "reflect" |
9 | 9 | "strings" |
| 10 | + "time" |
10 | 11 |
|
11 | 12 | log "github.com/sirupsen/logrus" |
12 | 13 |
|
@@ -93,6 +94,42 @@ func clearSessionIfRequired(currentData, updatedData map[string]interface{}) { |
93 | 94 | } |
94 | 95 | } |
95 | 96 |
|
| 97 | +func updateRoles(ctx context.Context, deletedRoles []string) error { |
| 98 | + data, err := db.Provider.ListUsers(ctx, &model.Pagination{ |
| 99 | + Limit: 1, |
| 100 | + Offset: 1, |
| 101 | + }) |
| 102 | + if err != nil { |
| 103 | + return err |
| 104 | + } |
| 105 | + |
| 106 | + allData, err := db.Provider.ListUsers(ctx, &model.Pagination{ |
| 107 | + Limit: data.Pagination.Total, |
| 108 | + }) |
| 109 | + if err != nil { |
| 110 | + return err |
| 111 | + } |
| 112 | + |
| 113 | + for i := range allData.Users { |
| 114 | + now := time.Now().Unix() |
| 115 | + allData.Users[i].Roles = utils.DeleteFromArray(allData.Users[i].Roles, deletedRoles) |
| 116 | + allData.Users[i].UpdatedAt = &now |
| 117 | + } |
| 118 | + |
| 119 | + for i := range allData.Users { |
| 120 | + updatedValues := map[string]interface{}{ |
| 121 | + "roles": strings.Join(allData.Users[i].Roles, ","), |
| 122 | + "updated_at": time.Now().Unix(), |
| 123 | + } |
| 124 | + id := []string{allData.Users[i].ID} |
| 125 | + err = db.Provider.UpdateUsers(ctx, updatedValues, id) |
| 126 | + if err != nil { |
| 127 | + return err |
| 128 | + } |
| 129 | + } |
| 130 | + return nil |
| 131 | +} |
| 132 | + |
96 | 133 | // UpdateEnvResolver is a resolver for update config mutation |
97 | 134 | // This is admin only mutation |
98 | 135 | func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model.Response, error) { |
@@ -291,28 +328,38 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model |
291 | 328 | }, nil) |
292 | 329 | } |
293 | 330 |
|
| 331 | + previousRoles := strings.Split(currentData[constants.EnvKeyRoles].(string), ",") |
| 332 | + updatedRoles := strings.Split(updatedData[constants.EnvKeyRoles].(string), ",") |
| 333 | + updatedDefaultRoles := strings.Split(updatedData[constants.EnvKeyDefaultRoles].(string), ",") |
| 334 | + updatedProtectedRoles := strings.Split(updatedData[constants.EnvKeyProtectedRoles].(string), ",") |
| 335 | + |
294 | 336 | // check the roles change |
295 | | - if len(params.Roles) > 0 { |
296 | | - if len(params.DefaultRoles) > 0 { |
| 337 | + if len(updatedRoles) > 0 { |
| 338 | + if len(updatedDefaultRoles) > 0 { |
297 | 339 | // should be subset of roles |
298 | | - for _, role := range params.DefaultRoles { |
299 | | - if !utils.StringSliceContains(params.Roles, role) { |
| 340 | + for _, role := range updatedDefaultRoles { |
| 341 | + if !utils.StringSliceContains(updatedRoles, role) { |
300 | 342 | log.Debug("Default roles should be subset of roles") |
301 | 343 | return res, fmt.Errorf("default role %s is not in roles", role) |
302 | 344 | } |
303 | 345 | } |
304 | 346 | } |
305 | 347 | } |
306 | 348 |
|
307 | | - if len(params.ProtectedRoles) > 0 { |
308 | | - for _, role := range params.ProtectedRoles { |
309 | | - if utils.StringSliceContains(params.Roles, role) || utils.StringSliceContains(params.DefaultRoles, role) { |
| 349 | + if len(updatedProtectedRoles) > 0 { |
| 350 | + for _, role := range updatedProtectedRoles { |
| 351 | + if utils.StringSliceContains(updatedRoles, role) || utils.StringSliceContains(updatedDefaultRoles, role) { |
310 | 352 | log.Debug("Protected roles should not be in roles or default roles") |
311 | 353 | return res, fmt.Errorf("protected role %s found roles or default roles", role) |
312 | 354 | } |
313 | 355 | } |
314 | 356 | } |
315 | 357 |
|
| 358 | + deletedRoles := utils.FindDeletedValues(previousRoles, updatedRoles) |
| 359 | + if len(deletedRoles) > 0 { |
| 360 | + go updateRoles(ctx, deletedRoles) |
| 361 | + } |
| 362 | + |
316 | 363 | // Update local store |
317 | 364 | memorystore.Provider.UpdateEnvStore(updatedData) |
318 | 365 | jwk, err := crypto.GenerateJWKBasedOnEnv() |
|
0 commit comments