Chaos 584 integrate be fe adminmemberfunc (#593)

* temporarily override styles with classname in inputpopup component for adding members, colors were weird

* before shad cning table

* chopped ahh table

* change to use lucide icons

* shadcn dialog

* add dropdown menu component

* backend funcs

* scuffed ahh linking to frontend

* link be + fe(frontend slightly chopped)

* frontend styling changes

* frontend styling changes

* switched from using email to using user_ids

* allowed superusers to view the table and add members, thus had to enforce that only org admins can edit and delete users.

Author: Plebbaroni

backend/server/src/handler/application.rs

@@ -41,7 +41,6 @@ impl ApplicationHandler {
     ) -> Result<impl IntoResponse, ChaosError> {
         let application_id = Application::create_or_get(campaign_id, user.user_id, &mut state.snowflake_generator, &mut transaction.tx).await?;
         transaction.tx.commit().await?;
-
         Ok((StatusCode::OK, Json(json!({ "application_id": application_id.to_string() }))))
     }
 

backend/server/src/handler/organisation.rs

@@ -8,12 +8,16 @@
 //! - Logo image handling
 
 use crate::models::app::AppState;
-use crate::models::auth::SuperUser;
+use crate::models::auth::{OrganisationAdminOrSuperUser, SuperUser};
 use crate::models::auth::{AuthUser, OrganisationAdmin};
 use crate::models::campaign::{Campaign, NewCampaign};
 use crate::models::email_template::{EmailTemplate, NewEmailTemplate};
 use crate::models::error::ChaosError;
-use crate::models::organisation::{AdminToRemove, AdminUpdateList, NewOrganisation, Organisation, OrganisationDetails, SlugCheck};
+use crate::models::organisation::{
+    AdminToRemove, AdminUpdateList, NewOrganisation, Organisation, OrganisationDetails, SlugCheck, EmailRoleBody, IdRoleBody, IdBody
+};
+use crate::service::user::{user_exists_by_email};
+use crate::service::organisation::{assert_user_is_not_in_organisation};
 use crate::models::transaction::DBTransaction;
 use crate::service::auth::assert_is_super_user;
 use axum::extract::{Json, Path, State};
@@ -220,7 +224,7 @@ impl OrganisationHandler {
     pub async fn get_members(
         mut transaction: DBTransaction<'_>,
         Path(id): Path<i64>,
-        _admin: OrganisationAdmin,
+        _admin: OrganisationAdminOrSuperUser,
     ) -> Result<impl IntoResponse, ChaosError> {
         let members = Organisation::get_members(id, &mut transaction.tx).await?;
 
@@ -327,9 +331,11 @@ impl OrganisationHandler {
         mut transaction: DBTransaction<'_>,
         Path(id): Path<i64>,
         _admin: OrganisationAdmin,
-        Json(request_body): Json<AdminToRemove>,
+        Json(req): Json<IdBody>,
     ) -> Result<impl IntoResponse, ChaosError> {
-        Organisation::remove_member(id, request_body.user_id, &mut transaction.tx).await?;
+        let tx = &mut transaction.tx;
+        //let user_id = user_exists_by_email(req.email, tx).await?;
+        Organisation::remove_member(id, req.user_id, tx).await?;
 
         transaction.tx.commit().await?;
         Ok((
@@ -508,4 +514,37 @@ impl OrganisationHandler {
         transaction.tx.commit().await?;
         Ok((StatusCode::OK, Json(email_templates)))
     }
+
+    pub async fn add_member(
+        _user: OrganisationAdminOrSuperUser,
+        mut transaction: DBTransaction<'_>,
+        Path(org_id): Path<i64>,
+        Json(req): Json<EmailRoleBody>,
+    ) -> Result<impl IntoResponse, ChaosError> {
+        let tx = &mut transaction.tx;
+        let user_id = user_exists_by_email(req.email, tx).await?;
+        assert_user_is_not_in_organisation(user_id, org_id, tx).await?;
+        Organisation::add_member_or_admin_to_organisation(org_id, user_id, req.role.clone(), tx).await?;
+
+        transaction.tx.commit().await?;
+        Ok((StatusCode::OK, "Member added to organisation"))
+    }
+
+    pub async fn update_member_role(
+        _user: OrganisationAdmin,
+        mut transaction: DBTransaction<'_>,
+        Path(org_id): Path<i64>,
+        Json(req): Json<IdRoleBody>,
+    ) -> Result<impl IntoResponse, ChaosError> {
+        let tx = &mut transaction.tx;
+        Organisation::change_member_role(
+            org_id,
+            req.user_id,
+            req.role,
+            tx
+        )
+        .await?;
+        transaction.tx.commit().await?;
+        Ok(StatusCode::OK)
+    }
 }

backend/server/src/models/app.rs

@@ -195,7 +195,9 @@ pub async fn app() -> Result<Router, ChaosError> {
         )
         .route(
             "/api/v1/organisation/:organisation_id/member",
-                delete(OrganisationHandler::remove_member),
+                delete(OrganisationHandler::remove_member)
+                .put(OrganisationHandler::update_member_role)
+                .post(OrganisationHandler::add_member),
         )
         .route(
             "/api/v1/organisation/:organisation_id/admins",

backend/server/src/models/auth.rs

@@ -12,7 +12,7 @@ use crate::service::auth::{assert_is_super_user, extract_user_id_from_request};
 use crate::service::campaign::user_is_campaign_admin;
 use crate::service::email_template::user_is_email_template_admin;
 use crate::service::offer::{assert_user_is_offer_admin, assert_user_is_offer_recipient};
-use crate::service::organisation::assert_user_is_organisation_admin;
+use crate::service::organisation::{assert_user_is_organisation_admin, assert_user_is_organisation_admin_or_super_user};
 use crate::service::question::user_is_question_admin;
 use crate::service::rating::{
     assert_user_is_application_reviewer_given_rating_id, assert_user_is_organisation_member,
@@ -172,6 +172,45 @@ where
     }
 }
 
+/// Organisation admin or super user information
+/// 
+/// Contains the user ID of a user that may either be an organisation admin or a super user.
+pub struct OrganisationAdminOrSuperUser {
+    /// ID of the superuser or org admin
+    pub user_id: i64,
+}
+
+/// Extractor for organization administrators or superusers, for when a certain action can be done by both.
+/// 
+/// This extractor is used in route handlers to ensure that the request
+/// comes from a user with organization administrator privileges.
+#[async_trait]
+impl<S> FromRequestParts<S> for OrganisationAdminOrSuperUser
+where
+    AppState: FromRef<S>,
+    S: Send + Sync,
+{
+    type Rejection = ChaosError;
+
+    async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
+        let app_state = AppState::from_ref(state);
+        let user_id = extract_user_id_from_request(parts, &app_state).await?;
+
+        let organisation_id = *parts
+            .extract::<Path<HashMap<String, i64>>>()
+            .await
+            .map_err(|_| ChaosError::BadRequest)?
+            .get("organisation_id")
+            .ok_or(ChaosError::BadRequest)?;
+
+        let mut tx = app_state.db.begin().await?;
+        assert_user_is_organisation_admin_or_super_user(user_id, organisation_id, &mut tx).await?;
+        tx.commit().await?;
+
+        Ok(OrganisationAdminOrSuperUser { user_id })
+    }
+}
+
 /// Campaign administrator information.
 /// 
 /// Contains the user ID of a user with campaign administrator privileges.

backend/server/src/models/organisation.rs

@@ -99,6 +99,8 @@ pub struct Member {
     pub name: String,
     /// User's role in the organisation
     pub role: OrganisationRole,
+    /// User's email
+    pub email: String,
 }
 
 /// Collection of organisation members.
@@ -127,12 +129,52 @@ pub struct AdminUpdateList {
 /// from the administrator role.
 #[derive(Deserialize, Serialize)]
 pub struct AdminToRemove {
+    #[serde(deserialize_with = "crate::models::serde_string::deserialize")]
     /// ID of the user to remove as administrator
     pub user_id: i64,
 }
 
-/// Data structure for checking slug availability.
+/// Data structure for adding a user
 /// 
+/// This struct contains a user's email, and the role for that user.
+#[derive(Deserialize, Serialize)]
+pub struct EmailRoleBody {
+    // email
+    pub email: String,
+    // role
+    pub role: OrganisationRole
+}
+
+/// Data structure for passing in a user's email
+///
+/// This struct contains a user's email
+#[derive(Deserialize, Serialize)]
+pub struct EmailBody {
+    // email
+    pub email: String
+}
+
+/// Data structure for passing in a user's email
+///
+/// This struct contains a user's email
+#[derive(Deserialize, Serialize)]
+pub struct IdBody {
+    // email
+    #[serde(deserialize_with = "crate::models::serde_string::deserialize")]
+    pub user_id: i64
+}
+
+/// Data structure for passing in a user's email and role
+///
+/// This struct contains a user's email
+#[derive(Deserialize, Serialize)]
+pub struct IdRoleBody {
+    // email
+    #[serde(deserialize_with = "crate::models::serde_string::deserialize")]
+    pub user_id: i64,
+    pub role: OrganisationRole
+}
+
 /// This struct contains a slug to check for availability
 /// when creating a new organisation.
 #[derive(Deserialize)]
@@ -377,7 +419,7 @@ impl Organisation {
         let admin_list = sqlx::query_as!(
         Member,
         "
-            SELECT organisation_members.user_id as id, organisation_members.role AS \"role: OrganisationRole\", users.name from organisation_members
+            SELECT organisation_members.user_id as id, organisation_members.role AS \"role: OrganisationRole\", users.name, users.email from organisation_members
                 JOIN users on users.id = organisation_members.user_id
                 WHERE organisation_members.organisation_id = $1 AND organisation_members.role = $2
         ",
@@ -409,7 +451,7 @@ impl Organisation {
         let admin_list = sqlx::query_as!(
         Member,
         "
-            SELECT organisation_members.user_id as id, organisation_members.role AS \"role: OrganisationRole\", users.name from organisation_members
+            SELECT organisation_members.user_id as id, organisation_members.role AS \"role: OrganisationRole\", users.name, users.email from organisation_members
                 JOIN users on users.id = organisation_members.user_id
                 WHERE organisation_members.organisation_id = $1
         ",
@@ -678,4 +720,49 @@ impl Organisation {
 
         Ok(id)
     }
+
+    pub async fn add_member_or_admin_to_organisation(
+        organisation_id: i64,
+        member_id: i64,
+        role: OrganisationRole, //was gonna make bool but we need to extend for other members jsut brute force w/ match arm rn
+        transaction: &mut Transaction<'_, Postgres>,
+    ) -> Result<i64, ChaosError> {
+
+        let _ = sqlx::query!(
+            "INSERT INTO organisation_members(organisation_id, user_id, role)
+            VALUES ($1, $2, $3)",
+            organisation_id,
+            member_id,
+            role as OrganisationRole
+        )
+        .execute(transaction.deref_mut())
+        .await?;
+
+        Ok(member_id)
+    }
+
+    pub async fn change_member_role(
+        organisation_id: i64,
+        member_id: i64,
+        new_role: OrganisationRole,
+        transaction: &mut Transaction<'_, Postgres>,
+    ) -> Result<(), ChaosError> {
+        let result = sqlx::query!(
+            "UPDATE organisation_members
+            SET role = $1
+            WHERE organisation_id = $2 AND user_id = $3",
+            new_role as OrganisationRole,
+            organisation_id,
+            member_id
+        )
+        .execute(transaction.deref_mut())
+        .await?;
+
+        // User didn't exist if nothing is affected
+        if result.rows_affected() == 0 {
+            return Err(ChaosError::BadRequest);
+        }
+
+        Ok(())
+    }
 }

backend/server/src/service/mod.rs

@@ -28,3 +28,4 @@ pub mod organisation;
 pub mod question;
 pub mod rating;
 pub mod role;
+pub mod user;

backend/server/src/service/organisation.rs

@@ -5,6 +5,7 @@
 
 use crate::models::error::ChaosError;
 use sqlx::{Pool, Postgres, Transaction};
+use crate::models::user::UserRole;
 use std::ops::DerefMut;
 
 /// Verifies if a user has admin privileges for an organisation.
@@ -39,3 +40,81 @@ pub async fn assert_user_is_organisation_admin(
 
     Ok(())
 }
+
+/// Verifies if a user is in an organization
+/// 
+/// This function checks if the user is a member of the specified organisation.
+/// 
+/// # Arguments
+/// 
+/// * `user_id` - The ID of the user to check
+/// * `organisation_id` - The ID of the organisation
+/// * `pool` - Database connection pool
+/// 
+/// # Returns
+/// 
+/// * `Result<(), ChaosError>` - Ok if the user is a member, Unauthorized error otherwise
+pub async fn assert_user_is_not_in_organisation(
+    user_id: i64,
+    organisation_id: i64,
+    transaction: &mut Transaction<'_, Postgres>,
+) -> Result<(), ChaosError> {
+    let in_organization = sqlx::query!(
+        "SELECT EXISTS(SELECT 1 FROM organisation_members WHERE organisation_id = $1 AND user_id = $2)",
+        organisation_id,
+        user_id
+    )
+        .fetch_one(transaction.deref_mut())
+        .await?.exists.expect("`exists` should always exist in this query result");
+
+    if in_organization{
+        return Err(ChaosError::Unauthorized);
+    }
+
+    Ok(())
+}
+
+/// Verifies if a user has admin privileges for an organisation or is a super user.
+/// 
+/// This function checks if the user is an admin member of the specified organisation or is a super user.
+/// 
+/// # Arguments
+/// 
+/// * `user_id` - The ID of the user to check
+/// * `organisation_id` - The ID of the organisation
+/// * `pool` - Database connection pool
+/// 
+/// # Returns
+/// 
+/// * `Result<(), ChaosError>` - Ok if the user is an admin, Unauthorized error otherwise
+pub async fn assert_user_is_organisation_admin_or_super_user(
+    user_id: i64,
+    organisation_id: i64,
+    transaction: &mut Transaction<'_, Postgres>,
+) -> Result<(), ChaosError> {
+    let is_admin = sqlx::query!(
+        "SELECT EXISTS(SELECT 1 FROM organisation_members WHERE organisation_id = $1 AND user_id = $2 AND role = 'Admin')",
+        organisation_id,
+        user_id
+    )
+        .fetch_one(transaction.deref_mut())
+        .await?.exists.expect("`exists` should always exist in this query result");
+
+    let is_super_user = sqlx::query!(
+        "SELECT EXISTS(SELECT 1 FROM users WHERE id = $1 AND role = $2)",
+        user_id,
+        UserRole::SuperUser as UserRole
+    )
+    .fetch_one(transaction.deref_mut())
+    .await?
+    .exists
+    .expect("`exists` should always exist in this query result");
+
+    if !is_admin && !is_super_user{
+        return Err(ChaosError::Unauthorized);
+    }
+
+    Ok(())
+}
+
+

backend/server/src/service/role.rs

@@ -51,4 +51,4 @@ pub async fn user_is_role_admin(
     }
 
     Ok(())
-}
+}