list group members & non-members

2025-08-04 13:05:23 +02:00 · 2018-02-28 14:55:36 +00:00 · 2018-02-28 14:55:36 +00:00 · 0680a72ee2
commit 0680a72ee2
parent 19b4a3de49
15 changed files with 360 additions and 60 deletions
--- a/domain/group/endpoint.go
+++ b/domain/group/endpoint.go
@ -216,3 +216,30 @@ func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {

 	response.WriteEmpty(w)
 }
+
+// GetGroupMembers returns all users associated with given group.
+func (h *Handler) GetGroupMembers(w http.ResponseWriter, r *http.Request) {
+	method := "group.GetGroupMembers"
+	ctx := domain.GetRequestContext(r)
+
+	// Should be no reason for non-admin to see members
+	if !ctx.Administrator {
+		response.WriteForbiddenError(w)
+		return
+	}
+
+	groupID := request.Param(r, "groupID")
+	if len(groupID) == 0 {
+		response.WriteMissingDataError(w, method, "groupID")
+		return
+	}
+
+	m, err := h.Store.Group.GetGroupMembers(ctx, groupID)
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	response.WriteJSON(w, m)
+}
--- a/domain/group/mysql/store.go
+++ b/domain/group/mysql/store.go
@ -59,12 +59,17 @@ func (s Scope) Get(ctx domain.RequestContext, refID string) (g group.Group, err
 // GetAll returns all user groups for current orgID.
 func (s Scope) GetAll(ctx domain.RequestContext) (groups []group.Group, err error) {
 	err = s.Runtime.Db.Select(&groups,
-		`select id, refid, orgid, role as name, purpose, created, revised FROM role WHERE orgid=? ORDER BY role`,
+		`SELECT a.id, a.refid, a.orgid, a.role as name, a.purpose, a.created, a.revised, COUNT(b.roleid) AS members
+		FROM role a
+		LEFT JOIN rolemember b ON a.refid=b.roleid
+		WHERE a.orgid=?
+		GROUP BY a.id, a.refid, a.orgid, a.role, a.purpose, a.created, a.revised
+		ORDER BY a.role`,
 		ctx.OrgID)

 	if err == sql.ErrNoRows || len(groups) == 0 {
-		groups = []group.Group{}
 		err = nil
+		groups = []group.Group{}
 	}
 	if err != nil {
 		err = errors.Wrap(err, "select groups")
@ -93,3 +98,25 @@ func (s Scope) Delete(ctx domain.RequestContext, refID string) (rows int64, err
 	b.DeleteConstrained(ctx.Transaction, "role", ctx.OrgID, refID)
 	return b.DeleteWhere(ctx.Transaction, fmt.Sprintf("DELETE FROM rolemember WHERE orgid=\"%s\" AND roleid=\"%s\"", ctx.OrgID, refID))
 }
+
+// GetGroupMembers returns all user associated with given group.
+func (s Scope) GetGroupMembers(ctx domain.RequestContext, groupID string) (members []group.Member, err error) {
+	err = s.Runtime.Db.Select(&members,
+		`SELECT a.id, a.orgid, a.roleid, a.userid, 
+		IFNULL(b.firstname, '') as firstname, IFNULL(b.lastname, '') as lastname
+		FROM rolemember a
+		LEFT JOIN user b ON b.refid=a.userid
+		WHERE a.orgid=? AND a.roleid=?
+		ORDER BY b.firstname, b.lastname`,
+		ctx.OrgID, groupID)
+
+	if err == sql.ErrNoRows || len(members) == 0 {
+		err = nil
+		members = []group.Member{}
+	}
+	if err != nil {
+		err = errors.Wrap(err, "select members")
+	}
+
+	return
+}
--- a/domain/storer.go
+++ b/domain/storer.go
@ -118,6 +118,7 @@ type UserStorer interface {
 	DeactiveUser(ctx RequestContext, userID string) (err error)
 	ForgotUserPassword(ctx RequestContext, email, token string) (err error)
 	CountActiveUsers() (c int)
+	MatchUsers(ctx RequestContext, text string, maxMatches int) (u []user.User, err error)
 }

 // AccountStorer defines required methods for account management
@ -275,4 +276,5 @@ type GroupStorer interface {
 	GetAll(ctx RequestContext) (g []group.Group, err error)
 	Update(ctx RequestContext, g group.Group) (err error)
 	Delete(ctx RequestContext, refID string) (rows int64, err error)
+	GetGroupMembers(ctx RequestContext, groupID string) (m []group.Member, err error)
 }
--- a/domain/user/endpoint.go
+++ b/domain/user/endpoint.go
@ -644,3 +644,28 @@ func (h *Handler) ResetPassword(w http.ResponseWriter, r *http.Request) {

 	response.WriteEmpty(w)
 }
+
+// MatchUsers returns users where provided text
+// matches firstname, lastname, email
+func (h *Handler) MatchUsers(w http.ResponseWriter, r *http.Request) {
+	method := "user.MatchUsers"
+	ctx := domain.GetRequestContext(r)
+
+	defer streamutil.Close(r.Body)
+	body, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		response.WriteBadRequestError(w, method, "text")
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+	searchText := string(body)
+
+	u, err := h.Store.User.MatchUsers(ctx, searchText, 100)
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	response.WriteJSON(w, u)
+}
--- a/domain/user/mysql/store.go
+++ b/domain/user/mysql/store.go
@ -14,6 +14,7 @@ package mysql
 import (
 	"database/sql"
 	"fmt"
+	"strconv"
 	"strings"
 	"time"

@ -255,3 +256,31 @@ func (s Scope) CountActiveUsers() (c int) {

 	return
 }
+
+// MatchUsers returns users that have match to either firstname, lastname or email.
+func (s Scope) MatchUsers(ctx domain.RequestContext, text string, maxMatches int) (u []user.User, err error) {
+	text = strings.TrimSpace(strings.ToLower(text))
+	likeQuery := ""
+	if len(text) > 0 {
+		likeQuery = " AND (LOWER(firstname) LIKE '%" + text + "%' OR LOWER(lastname) LIKE '%" + text + "%' OR LOWER(email) LIKE '%" + text + "%') "
+	}
+
+	err = s.Runtime.Db.Select(&u,
+		`SELECT u.id, u.refid, u.firstname, u.lastname, u.email, u.initials, u.password, u.salt, u.reset, u.created, u.revised,
+		u.global, a.active, a.editor, a.admin, a.users as viewusers
+		FROM user u, account a
+		WHERE a.orgid=? AND u.refid=a.userid AND a.active=1 `+likeQuery+
+			`ORDER BY u.firstname,u.lastname LIMIT `+strconv.Itoa(maxMatches),
+		ctx.OrgID)
+
+	if err == sql.ErrNoRows || len(u) == 0 {
+		err = nil
+		u = []user.User{}
+	}
+
+	if err != nil {
+		err = errors.Wrap(err, fmt.Sprintf("matching users for org %s", ctx.OrgID))
+	}
+
+	return
+}