Update

freckie
Commit eb335cf918b85dbe9ef569d3a8c3538c2b86d425 eb335cf9 1 parent 11c27c5d
Showing 5 changed files with 120 additions and 59 deletions
api/endpoints/cell.go
api/endpoints/reservation.go
api/endpoints/users.go
api/main.go
api/models/users.go
--- a/api/endpoints/cell.go
View file @eb335cf
+++ b/api/endpoints/cell.go
View file @eb335cf
@@ -57,7 +57,7 @@ func (e *Endpoints) CellGet(w http.ResponseWriter, r *http.Request, ps httproute
 	}
 
 	// Check Permission
- 	var _count int64
+ 	var _count, isSuper int64
 	timetable := fmt.Sprintf("%s,%s", fileID, sheetID)
 	row := e.DB.QueryRow(`
 		SELECT count(timetable_id)
@@ -72,17 +72,15 @@ func (e *Endpoints) CellGet(w http.ResponseWriter, r *http.Request, ps httproute
 	}
 
 	row = e.DB.QueryRow(`
- 		SELECT count(a.timetable_id)
- 		FROM allowlist AS a, users AS u
- 		WHERE a.user_id=u.id
- 			AND a.timetable_id=?
- 			AND u.email=?;
- 	`, timetable, email)
- 	if err := row.Scan(&_count); err == nil {
- 		if _count <= 0 {
- 			functions.ResponseError(w, 403, "timetable에 접근할 권한이 부족합니다.")
+ 		SELECT is_super FROM users WHERE email=?
+ 	`, email)
+ 	if err := row.Scan(&isSuper); err != nil {
+ 		if err == sql.ErrNoRows {
+ 			functions.ResponseError(w, 401, "해당 유저가 존재하지 않음")
 			return
 		}
+ 		functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error())
+ 		return
 	}
 
 	// Result Resp
--- a/api/endpoints/reservation.go
View file @eb335cf
+++ b/api/endpoints/reservation.go
View file @eb335cf
@@ -29,7 +29,7 @@ func (e *Endpoints) ReservationPost(w http.ResponseWriter, r *http.Request, ps h
 	sheetID := ps.ByName("sheet_id")
 
 	// Check Permission
- 	var _count, _isSuper int64
+ 	var _count int64
 	timetable := fmt.Sprintf("%s,%s", fileID, sheetID)
 	row := e.DB.QueryRow(`
 		SELECT count(timetable_id)
@@ -43,31 +43,31 @@ func (e *Endpoints) ReservationPost(w http.ResponseWriter, r *http.Request, ps h
 		}
 	}
 
- 	row = e.DB.QueryRow(`
- 		SELECT (
- 			SELECT count(a.timetable_id)
- 			FROM allowlist AS a, users AS u
- 			WHERE a.user_id=u.id
- 				AND a.timetable_id=?
- 				AND u.email=?
- 		) AS count,
- 		(
- 			SELECT is_super FROM users WHERE email=?
- 		) AS is_super;
- 	`, timetable, email, email)
- 	if err := row.Scan(&_count, &_isSuper); err == nil {
- 		if _isSuper != 1 {
- 			functions.ResponseError(w, 403, "관리자만 접근할 수 있는 기능입니다.")
- 			return
- 		}
- 		if _count <= 0 {
- 			functions.ResponseError(w, 403, "timetable에 접근할 권한이 부족합니다.")
- 			return
- 		}
- 	} else {
- 		functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error())
- 		return
- 	}
+ 	// row = e.DB.QueryRow(`
+ 	// 	SELECT (
+ 	// 		SELECT count(a.timetable_id)
+ 	// 		FROM allowlist AS a, users AS u
+ 	// 		WHERE a.user_id=u.id
+ 	// 			AND a.timetable_id=?
+ 	// 			AND u.email=?
+ 	// 	) AS count,
+ 	// 	(
+ 	// 		SELECT is_super FROM users WHERE email=?
+ 	// 	) AS is_super;
+ 	// `, timetable, email, email)
+ 	// if err := row.Scan(&_count, &_isSuper); err == nil {
+ 	// 	if _isSuper != 1 {
+ 	// 		functions.ResponseError(w, 403, "관리자만 접근할 수 있는 기능입니다.")
+ 	// 		return
+ 	// 	}
+ 	// 	if _count <= 0 {
+ 	// 		functions.ResponseError(w, 403, "timetable에 접근할 권한이 부족합니다.")
+ 	// 		return
+ 	// 	}
+ 	// } else {
+ 	// 	functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error())
+ 	// 	return
+ 	// }
 
 	// Parse Request Data
 	type reqDataStruct struct {
@@ -192,7 +192,7 @@ func (e *Endpoints) ReservationDelete(w http.ResponseWriter, r *http.Request, ps
 	reservationID := ps.ByName("reservation_id")
 
 	// Check Permission
- 	var _count, _isSuper int64
+ 	var _count, isSuper int64
 	timetable := fmt.Sprintf("%s,%s", fileID, sheetID)
 	row := e.DB.QueryRow(`
 		SELECT count(timetable_id)
@@ -207,27 +207,13 @@ func (e *Endpoints) ReservationDelete(w http.ResponseWriter, r *http.Request, ps
 	}
 
 	row = e.DB.QueryRow(`
- 		SELECT (
- 			SELECT count(a.timetable_id)
- 			FROM allowlist AS a, users AS u
- 			WHERE a.user_id=u.id
- 				AND a.timetable_id=?
- 				AND u.email=?
- 		) AS count,
- 		(
- 			SELECT is_super FROM users WHERE email=?
- 		) AS is_super;
- 	`, timetable, email, email)
- 	if err := row.Scan(&_count, &_isSuper); err == nil {
- 		if _isSuper != 1 {
- 			functions.ResponseError(w, 403, "관리자만 접근할 수 있는 기능입니다.")
- 			return
- 		}
- 		if _count <= 0 {
- 			functions.ResponseError(w, 403, "timetable에 접근할 권한이 부족합니다.")
+ 		SELECT is_super FROM users WHERE email=?
+ 	`, email)
+ 	if err := row.Scan(&isSuper); err != nil {
+ 		if err == sql.ErrNoRows {
+ 			functions.ResponseError(w, 401, "해당 유저가 존재하지 않음")
 			return
 		}
- 	} else {
 		functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error())
 		return
 	}
@@ -258,9 +244,11 @@ func (e *Endpoints) ReservationDelete(w http.ResponseWriter, r *http.Request, ps
 		functions.ResponseError(w, 500, "예기치 못한 에러 발생 : "+err.Error())
 		return
 	}
- 	if _email != email {
- 		functions.ResponseError(w, 403, "예약 접근 권한 부족")
- 		return
+ 	if isSuper == 0 {
+ 		if _email != email {
+ 			functions.ResponseError(w, 403, "예약 접근 권한 부족")
+ 			return
+ 		}
 	}
 	if _transactionType == 0 {
 		functions.ResponseError(w, 500, "이미 취소된 예약")
--- a/api/endpoints/users.go
View file @eb335cf
+++ b/api/endpoints/users.go
View file @eb335cf
@@ -3,6 +3,7 @@ package endpoints
 import (
 	"classroom/functions"
 	"classroom/models"
+ 	"database/sql"
 	"encoding/json"
 	"io/ioutil"
 	"net/http"
@@ -11,6 +12,68 @@ import (
 	"github.com/julienschmidt/httprouter"
 )
 
+ // GET /users
+ func (e *Endpoints) UsersGet(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+ 	// Get user email
+ 	var email string
+ 	if _email, ok := r.Header["X-User-Email"]; ok {
+ 		email = _email[0]
+ 	} else {
+ 		functions.ResponseError(w, 401, "X-User-Email 헤더를 보내세요.")
+ 		return
+ 	}
+ 
+ 	// Permission Check
+ 	var isSuper int
+ 	row := e.DB.QueryRow(`
+ 		SELECT is_super FROM users WHERE email=?;
+ 	`, email)
+ 	if err := row.Scan(&isSuper); err != nil {
+ 		if err == sql.ErrNoRows {
+ 			functions.ResponseError(w, 401, "해당 유저가 존재하지 않음")
+ 			return
+ 		}
+ 		functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error())
+ 		return
+ 	}
+ 	if isSuper == 0 {
+ 		functions.ResponseError(w, 403, "접근 권한 부족. 관리자만 허용된 기능입니다.")
+ 		return
+ 	}
+ 
+ 	// Result Resp
+ 	resp := models.UsersGetResponse{}
+ 	resp.Users = []models.UsersGetItem{}
+ 
+ 	// Querying
+ 	rows, err := e.DB.Query(`
+ 		SELECT id, email, is_super FROM users;`)
+ 	if err != nil {
+ 		if err == sql.ErrNoRows {
+ 			resp.UsersCount = 0
+ 			functions.ResponseOK(w, "success", resp)
+ 			return
+ 		}
+ 		functions.ResponseError(w, 500, err.Error())
+ 		return
+ 	}
+ 	defer rows.Close()
+ 
+ 	for rows.Next() {
+ 		temp := models.UsersGetItem{}
+ 		err := rows.Scan(&temp.UserID, &temp.UserEmail, &temp.IsSuper)
+ 		if err != nil {
+ 			continue
+ 		}
+ 		resp.Users = append(resp.Users, temp)
+ 	}
+ 
+ 	// Struct for response
+ 	resp.UsersCount = len(resp.Users)
+ 
+ 	functions.ResponseOK(w, "success", resp)
+ }
+ 
 // POST /users
 func (e *Endpoints) UsersPost(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	// Get user email
--- a/api/main.go
View file @eb335cf
+++ b/api/main.go
View file @eb335cf
@@ -61,6 +61,7 @@ func main() {
 	// Router Setting
 	router := httprouter.New()
 	router.GET("/api", ep.IndexGet)
+ 	router.GET("/api/users", ep.UsersGet)
 	router.POST("/api/users", ep.UsersPost)
 	router.GET("/api/timetables/:file_id/:sheet_id/cell", ep.CellGet)
 	router.POST("/api/timetables/:file_id/:sheet_id/allow", ep.AllowlistPost)
--- a/api/models/users.go
View file @eb335cf
+++ b/api/models/users.go
View file @eb335cf
 package models
 
+ type UsersGetResponse struct {
+ 	UsersCount int            `json:"users_count"`
+ 	Users      []UsersGetItem `json:"users"`
+ }
+ 
+ type UsersGetItem struct {
+ 	UserID    int64  `json:"user_id"`
+ 	UserEmail string `json:"user_email"`
+ 	IsSuper   bool   `json:"is_super"`
+ }
+ 
 type UsersPostResponse struct {
 	UserID int64 `json:"user_id"`
 }