(w http.ResponseWriter, r *http.Request)
| 95 | } |
| 96 | |
| 97 | func (handler UserRestHandlerImpl) CreateUser(w http.ResponseWriter, r *http.Request) { |
| 98 | decoder := json.NewDecoder(r.Body) |
| 99 | userId, err := handler.userService.GetLoggedInUser(r) |
| 100 | if userId == 0 || err != nil { |
| 101 | common.HandleUnauthorized(w, r) |
| 102 | return |
| 103 | } |
| 104 | var userInfo bean2.UserInfo |
| 105 | err = decoder.Decode(&userInfo) |
| 106 | if err != nil { |
| 107 | handler.logger.Errorw("request err, CreateUser", "err", err, "payload", userInfo) |
| 108 | common.WriteJsonResp(w, err, nil, http.StatusBadRequest) |
| 109 | return |
| 110 | } |
| 111 | userInfo.UserId = userId |
| 112 | handler.logger.Infow("request payload, CreateUser", "payload", userInfo) |
| 113 | |
| 114 | // struct Validations |
| 115 | handler.logger.Infow("request payload, CreateUser ", "payload", userInfo) |
| 116 | err = handler.validator.Struct(userInfo) |
| 117 | if err != nil { |
| 118 | handler.logger.Errorw("validation err, CreateUser", "err", err, "payload", userInfo) |
| 119 | common.WriteJsonResp(w, err, nil, http.StatusBadRequest) |
| 120 | return |
| 121 | } |
| 122 | // Doing this as api is not compatible with previous release of dashboard, groups has been migrated to userRoleGroups |
| 123 | isGroupsPresent := util2.IsGroupsPresent(userInfo.Groups) |
| 124 | if isGroupsPresent { |
| 125 | handler.logger.Errorw("validation error , createUser ", "err", err, "payload", userInfo) |
| 126 | err := &util.ApiError{Code: "406", HttpStatusCode: 406, UserMessage: "Not compatible with request", InternalMessage: "Not compatible with the request payload, as groups has been migrated to userRoleGroups"} |
| 127 | common.WriteJsonResp(w, err, nil, http.StatusNotAcceptable) |
| 128 | return |
| 129 | } |
| 130 | |
| 131 | // RBAC enforcer applying |
| 132 | token := r.Header.Get("token") |
| 133 | isAuthorised, err := handler.checkRBACForUserCreate(token, userInfo.SuperAdmin, userInfo.RoleFilters, userInfo.UserRoleGroup) |
| 134 | if err != nil { |
| 135 | common.WriteJsonResp(w, err, "", http.StatusInternalServerError) |
| 136 | return |
| 137 | } |
| 138 | if !isAuthorised { |
| 139 | response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized")) |
| 140 | return |
| 141 | } |
| 142 | |
| 143 | //RBAC enforcer Ends |
| 144 | //In create req, we also check if any email exists already. If yes, then in that case we go on and merge existing roles and groups with the ones in request |
| 145 | //but rbac is only checked on create request roles and groups as existing roles and groups are assumed to be checked when created/updated before |
| 146 | res, err := handler.userService.CreateUser(&userInfo, token, handler.CheckManagerAuth) |
| 147 | if err != nil { |
| 148 | handler.logger.Errorw("service err, CreateUser", "err", err, "payload", userInfo) |
| 149 | if _, ok := err.(*util.ApiError); ok { |
| 150 | common.WriteJsonResp(w, err, "User Creation Failed", http.StatusOK) |
| 151 | } else { |
| 152 | handler.logger.Errorw("error on creating new user", "err", err) |
| 153 | common.WriteJsonResp(w, err, "", http.StatusInternalServerError) |
| 154 | } |
nothing calls this directly
no test coverage detected