Update

freckie
Commit eb335cf918b85dbe9ef569d3a8c3538c2b86d425 eb335cf9 1 parent 11c27c5d
Showing 5 changed files with 120 additions and 59 deletions
api/endpoints/cell.go
api/endpoints/reservation.go
api/endpoints/users.go
api/main.go
api/models/users.go
--- a/api/endpoints/cell.go
View file @eb335cf
+++ b/api/endpoints/cell.go
View file @eb335cf
@@ -57,7 +57,7 @@ func (e *Endpoints) CellGet(w http.ResponseWriter, r *http.Request, ps httproute
 	}
 	// Check Permission
-	var _count int64
+	var _count, isSuper int64
 	timetable := fmt.Sprintf("%s,%s", fileID, sheetID)
 	row := e.DB.QueryRow(`
 		SELECT count(timetable_id)
@@ -72,17 +72,15 @@ func (e *Endpoints) CellGet(w http.ResponseWriter, r *http.Request, ps httproute
 	}
 	row = e.DB.QueryRow(`
-		SELECT count(a.timetable_id)
+		SELECT is_super FROM users WHERE email=?
-		FROM allowlist AS a, users AS u
+	`, email)
-		WHERE a.user_id=u.id
+	if err := row.Scan(&isSuper); err != nil {
-			AND a.timetable_id=?
+		if err == sql.ErrNoRows {
-			AND u.email=?;
+			functions.ResponseError(w, 401, "해당 유저가 존재하지 않음")
-	`, timetable, email)
-	if err := row.Scan(&_count); err == nil {
-		if _count <= 0 {
-			functions.ResponseError(w, 403, "timetable에 접근할 권한이 부족합니다.")
 			return
 		}
+		functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error())
+		return
 	}
 	// Result Resp
--- a/api/endpoints/reservation.go
View file @eb335cf
+++ b/api/endpoints/reservation.go
View file @eb335cf
@@ -29,7 +29,7 @@ func (e *Endpoints) ReservationPost(w http.ResponseWriter, r *http.Request, ps h
 	sheetID := ps.ByName("sheet_id")
 	// Check Permission
-	var _count, _isSuper int64
+	var _count int64
 	timetable := fmt.Sprintf("%s,%s", fileID, sheetID)
 	row := e.DB.QueryRow(`
 		SELECT count(timetable_id)
@@ -43,31 +43,31 @@ func (e *Endpoints) ReservationPost(w http.ResponseWriter, r *http.Request, ps h
 		}
 	}
-	row = e.DB.QueryRow(`
+	// row = e.DB.QueryRow(`
-		SELECT (
+	// 	SELECT (
-			SELECT count(a.timetable_id)
+	// 		SELECT count(a.timetable_id)
-			FROM allowlist AS a, users AS u
+	// 		FROM allowlist AS a, users AS u
-			WHERE a.user_id=u.id
+	// 		WHERE a.user_id=u.id
-				AND a.timetable_id=?
+	// 			AND a.timetable_id=?
-				AND u.email=?
+	// 			AND u.email=?
-		) AS count,
+	// 	) AS count,
-		(
+	// 	(
-			SELECT is_super FROM users WHERE email=?
+	// 		SELECT is_super FROM users WHERE email=?
-		) AS is_super;
+	// 	) AS is_super;
-	`, timetable, email, email)
+	// `, timetable, email, email)
-	if err := row.Scan(&_count, &_isSuper); err == nil {
+	// if err := row.Scan(&_count, &_isSuper); err == nil {
-		if _isSuper != 1 {
+	// 	if _isSuper != 1 {
-			functions.ResponseError(w, 403, "관리자만 접근할 수 있는 기능입니다.")
+	// 		functions.ResponseError(w, 403, "관리자만 접근할 수 있는 기능입니다.")
-			return
+	// 		return
-		}
+	// 	}
-		if _count <= 0 {
+	// 	if _count <= 0 {
-			functions.ResponseError(w, 403, "timetable에 접근할 권한이 부족합니다.")
+	// 		functions.ResponseError(w, 403, "timetable에 접근할 권한이 부족합니다.")
-			return
+	// 		return
-		}
+	// 	}
-	} else {
+	// } else {
-		functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error())
+	// 	functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error())
-		return
+	// 	return
-	}
+	// }
 	// Parse Request Data
 	type reqDataStruct struct {
@@ -192,7 +192,7 @@ func (e *Endpoints) ReservationDelete(w http.ResponseWriter, r *http.Request, ps
 	reservationID := ps.ByName("reservation_id")
 	// Check Permission
-	var _count, _isSuper int64
+	var _count, isSuper int64
 	timetable := fmt.Sprintf("%s,%s", fileID, sheetID)
 	row := e.DB.QueryRow(`
 		SELECT count(timetable_id)
@@ -207,27 +207,13 @@ func (e *Endpoints) ReservationDelete(w http.ResponseWriter, r *http.Request, ps
 	}
 	row = e.DB.QueryRow(`
-		SELECT (
+		SELECT is_super FROM users WHERE email=?
-			SELECT count(a.timetable_id)
+	`, email)
-			FROM allowlist AS a, users AS u
+	if err := row.Scan(&isSuper); err != nil {
-			WHERE a.user_id=u.id
+		if err == sql.ErrNoRows {
-				AND a.timetable_id=?
+			functions.ResponseError(w, 401, "해당 유저가 존재하지 않음")
-				AND u.email=?
-		) AS count,
-		(
-			SELECT is_super FROM users WHERE email=?
-		) AS is_super;
-	`, timetable, email, email)
-	if err := row.Scan(&_count, &_isSuper); err == nil {
-		if _isSuper != 1 {
-			functions.ResponseError(w, 403, "관리자만 접근할 수 있는 기능입니다.")
-			return
-		}
-		if _count <= 0 {
-			functions.ResponseError(w, 403, "timetable에 접근할 권한이 부족합니다.")
 			return
 		}
-	} else {
 		functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error())
 		return
 	}
@@ -258,9 +244,11 @@ func (e *Endpoints) ReservationDelete(w http.ResponseWriter, r *http.Request, ps
 		functions.ResponseError(w, 500, "예기치 못한 에러 발생 : "+err.Error())
 		return
 	}
-	if _email != email {
+	if isSuper == 0 {
-		functions.ResponseError(w, 403, "예약 접근 권한 부족")
+		if _email != email {
-		return
+			functions.ResponseError(w, 403, "예약 접근 권한 부족")
+			return
+		}
 	}
 	if _transactionType == 0 {
 		functions.ResponseError(w, 500, "이미 취소된 예약")
--- a/api/endpoints/users.go
View file @eb335cf
+++ b/api/endpoints/users.go
View file @eb335cf
@@ -3,6 +3,7 @@ package endpoints
 import (
 	"classroom/functions"
 	"classroom/models"
+	"database/sql"
 	"encoding/json"
 	"io/ioutil"
 	"net/http"
@@ -11,6 +12,68 @@ import (
 	"github.com/julienschmidt/httprouter"
 )
+// GET /users
+func (e *Endpoints) UsersGet(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+	// Get user email
+	var email string
+	if _email, ok := r.Header["X-User-Email"]; ok {
+		email = _email[0]
+	} else {
+		functions.ResponseError(w, 401, "X-User-Email 헤더를 보내세요.")
+		return
+	}
+
+	// Permission Check
+	var isSuper int
+	row := e.DB.QueryRow(`
+		SELECT is_super FROM users WHERE email=?;
+	`, email)
+	if err := row.Scan(&isSuper); err != nil {
+		if err == sql.ErrNoRows {
+			functions.ResponseError(w, 401, "해당 유저가 존재하지 않음")
+			return
+		}
+		functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error())
+		return
+	}
+	if isSuper == 0 {
+		functions.ResponseError(w, 403, "접근 권한 부족. 관리자만 허용된 기능입니다.")
+		return
+	}
+
+	// Result Resp
+	resp := models.UsersGetResponse{}
+	resp.Users = []models.UsersGetItem{}
+
+	// Querying
+	rows, err := e.DB.Query(`
+		SELECT id, email, is_super FROM users;`)
+	if err != nil {
+		if err == sql.ErrNoRows {
+			resp.UsersCount = 0
+			functions.ResponseOK(w, "success", resp)
+			return
+		}
+		functions.ResponseError(w, 500, err.Error())
+		return
+	}
+	defer rows.Close()
+
+	for rows.Next() {
+		temp := models.UsersGetItem{}
+		err := rows.Scan(&temp.UserID, &temp.UserEmail, &temp.IsSuper)
+		if err != nil {
+			continue
+		}
+		resp.Users = append(resp.Users, temp)
+	}
+
+	// Struct for response
+	resp.UsersCount = len(resp.Users)
+
+	functions.ResponseOK(w, "success", resp)
+}
+
 // POST /users
 func (e *Endpoints) UsersPost(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	// Get user email
--- a/api/main.go
View file @eb335cf
+++ b/api/main.go
View file @eb335cf
@@ -61,6 +61,7 @@ func main() {
 	// Router Setting
 	router := httprouter.New()
 	router.GET("/api", ep.IndexGet)
+	router.GET("/api/users", ep.UsersGet)
 	router.POST("/api/users", ep.UsersPost)
 	router.GET("/api/timetables/:file_id/:sheet_id/cell", ep.CellGet)
 	router.POST("/api/timetables/:file_id/:sheet_id/allow", ep.AllowlistPost)
--- a/api/models/users.go
View file @eb335cf
+++ b/api/models/users.go
View file @eb335cf
 package models
+type UsersGetResponse struct {
+	UsersCount int            `json:"users_count"`
+	Users      []UsersGetItem `json:"users"`
+}
+
+type UsersGetItem struct {
+	UserID    int64  `json:"user_id"`
+	UserEmail string `json:"user_email"`
+	IsSuper   bool   `json:"is_super"`
+}
+
 type UsersPostResponse struct {
 	UserID int64 `json:"user_id"`
 }