meta-rare
/
metarare_api-main


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330
							package admin

import (
	"net/http"

	"github.com/gin-gonic/gin"
	"github.com/metarare/metarare_api/common"
	"github.com/metarare/metarare_api/helpers/gauth"
	"github.com/metarare/metarare_api/helpers/gerror"
	"github.com/metarare/metarare_api/models"
	"github.com/metarare/metarare_api/view"
	"gorm.io/gorm"
)

type AdminAdministratorV1Router struct {
	group *gin.RouterGroup
	mDB   *gorm.DB
	rDB   *gorm.DB
}

func NewAdminAdministratorV1Router(r common.Router, basePath string) AdminAdministratorV1Router {
	a := AdminAdministratorV1Router{
		group: r.Version.Group(basePath),
		mDB:   r.Db.MasterDB,
		rDB:   r.Db.ReadDB,
	}

	a.group.GET("", a.getAdministorList)
	a.group.PATCH("status", a.updateAdministratorStatus)
	a.group.POST("", a.registerAdministor)
	a.group.PATCH("permission", a.updatePermission)

	return a
}

// getAdministorList godoc
// @Summary get administrator list
// @Description 관리자 리스트 가져오기
// @Schemes
// @security ApiKeyAuth
// @Tags admin
// @Accept  json
// @Produce json
// @Success 200 {object} view.AdministratorList
// @Router /admin/administrator [get]
func (a AdminAdministratorV1Router) getAdministorList(c *gin.Context) {
	admin, err := gauth.ConfirmAdminInfo(c, a.rDB)
	if err != nil || admin.ID == 0 {
		gerror.IntegratedResponseToRequest(c, http.StatusUnauthorized, gerror.Unauthorized, nil, err)
		return
	}

	if admin.AdminPermission.Admin == 0 {
		gerror.IntegratedResponseToRequest(c, http.StatusUnauthorized, gerror.PermissionNotFound, nil, err)
		return
	}

	response := []view.AdministratorList{}
	if err := view.GetAdministorList(a.rDB).Find(&response).Error; err != nil {
		gerror.IntegratedResponseToRequest(c, http.StatusInternalServerError, gerror.MysqlContextError, nil, err)
		return
	}

	gerror.IntegratedResponseToRequest(c, http.StatusOK, gerror.OK, response, nil)
	return
}

// updateAdministratorStatus godoc
// @Summary update administrator status
// @Description 관리자 상태값 변경
// @Schemes
// @security ApiKeyAuth
// @Tags admin
// @Accept  json
// @Produce json
// @Param UpdateStatus body UpdateStatus true "selected target data"
// @Success 200 {string} OK
// @Router /admin/administrator/status [patch]
func (a AdminAdministratorV1Router) updateAdministratorStatus(c *gin.Context) {
	admin, err := gauth.ConfirmAdminInfo(c, a.rDB)
	if err != nil || admin.ID == 0 {
		gerror.IntegratedResponseToRequest(c, http.StatusUnauthorized, gerror.Unauthorized, nil, err)
		return
	}

	if admin.AdminPermission.Admin == 0 {
		gerror.IntegratedResponseToRequest(c, http.StatusUnauthorized, gerror.PermissionNotFound, nil, err)
		return
	}

	request := UpdateStatus{}
	if err := c.ShouldBindJSON(&request); err != nil {
		gerror.IntegratedResponseToRequest(c, http.StatusBadRequest, gerror.InvalidParameterValue, nil, err)
		return
	}

	if request.Status != "stable" && request.Status != "blocked" {
		gerror.IntegratedResponseToRequest(c, http.StatusBadRequest, gerror.InvalidParameterValue, nil, err)
		return
	}

	_admin := models.Admin{}
	if err := a.rDB.Where("id = ?", request.ID).Find(&_admin).Error; err != nil {
		gerror.IntegratedResponseToRequest(c, http.StatusInternalServerError, gerror.MysqlContextError, nil, err)
		return
	} else if _admin.ID == 0 {
		gerror.IntegratedResponseToRequest(c, http.StatusBadRequest, gerror.NotFoundRecord, nil, err)
		return
	}

	tx := a.mDB.Begin()
	defer common.DBTransaction(tx)

	//SECTION admin log
	log := Log{
		DB:            tx,
		ActionType:    "admin",
		SubActionType: "modified",
		Admin:         admin,
		TargetID:      request.ID,
		To:            request.Status,
		From:          _admin.Status,
		Target:        "status",
	}

	_admin.Status = request.Status
	if err := tx.Save(&_admin).Error; err != nil {
		gerror.IntegratedResponseToRequest(c, http.StatusInternalServerError, gerror.MysqlSaveError, nil, err)
		return
	}

	if err = StackLog(log); err != nil {
		gerror.IntegratedResponseToRequest(c, http.StatusInternalServerError, gerror.LogTrackingError, nil, err)
		tx.Rollback()
		return
	}

	if err := tx.Commit().Error; err != nil {
		gerror.IntegratedResponseToRequest(c, http.StatusInternalServerError, gerror.MysqlSaveError, nil, err)
		tx.Rollback()
		return
	}

	gerror.IntegratedResponseToRequest(c, http.StatusOK, gerror.OK, nil, nil)
	return
}

// registerAdministor godoc
// @Summary create administrator
// @Description 관리자 등록
// @Schemes
// @security ApiKeyAuth
// @Tags admin
// @Accept  json
// @Produce json
// @Param RegisterAdministratorData body RegisterAdministratorData true "body struct"
// @Success 200 {number} _admin.ID
// @Router /admin/administrator [post]
func (a AdminAdministratorV1Router) registerAdministor(c *gin.Context) {
	admin, err := gauth.ConfirmAdminInfo(c, a.rDB)
	if err != nil || admin.ID == 0 {
		gerror.IntegratedResponseToRequest(c, http.StatusUnauthorized, gerror.Unauthorized, nil, err)
		return
	}

	if admin.AdminPermission.Admin == 0 {
		gerror.IntegratedResponseToRequest(c, http.StatusUnauthorized, gerror.PermissionNotFound, nil, err)
		return
	}

	request := RegisterAdministratorData{}
	if err := c.ShouldBindJSON(&request); err != nil {
		gerror.IntegratedResponseToRequest(c, http.StatusBadRequest, gerror.InvalidParameterValue, nil, err)
		return
	}

	tx := a.mDB.Begin()
	defer common.DBTransaction(tx)

	_admin := models.Admin{
		Name:     request.Name,
		Status:   "stable",
		Email:    request.Email,
		Password: request.Password,
		Phone:    request.Phone,
		Position: request.Position,
		Chargeof: request.Chargeof,
		Team:     request.Team,
	}
	if err := a.mDB.Save(&_admin).Error; err != nil {
		gerror.IntegratedResponseToRequest(c, http.StatusBadRequest, gerror.MysqlSaveError, nil, err)
		tx.Rollback()
		return
	}

	permission := models.AdminPermission{
		AdminID: _admin.ID,
	}
	if err := a.mDB.Save(&permission).Error; err != nil {
		gerror.IntegratedResponseToRequest(c, http.StatusBadRequest, gerror.MysqlSaveError, nil, err)
		tx.Rollback()
		return
	}

	//SECTION admin log
	log := Log{
		DB:            tx,
		ActionType:    "admin",
		SubActionType: "created",
		Admin:         admin,
		TargetID:      _admin.ID,
	}
	if err = StackLog(log); err != nil {
		gerror.IntegratedResponseToRequest(c, http.StatusInternalServerError, gerror.LogTrackingError, nil, err)
		tx.Rollback()
		return
	}

	if err := tx.Commit().Error; err != nil {
		gerror.IntegratedResponseToRequest(c, http.StatusInternalServerError, gerror.MysqlSaveError, nil, err)
		tx.Rollback()
		return
	}

	gerror.IntegratedResponseToRequest(c, http.StatusOK, gerror.OK, _admin.ID, nil)
	return
}

// updatePermission godoc
// @Summary update administrator permmsion
// @Description 관리자 권한 변경
// @Schemes
// @security ApiKeyAuth
// @Tags admin
// @Accept  json
// @Produce json
// @Param UpdatePermission body UpdatePermission true "selected target data"
// @Success 200 {string} OK
// @Router /admin/administrator/permission [patch]
func (a AdminAdministratorV1Router) updatePermission(c *gin.Context) {
	admin, err := gauth.ConfirmAdminInfo(c, a.rDB)
	if err != nil || admin.ID == 0 {
		gerror.IntegratedResponseToRequest(c, http.StatusUnauthorized, gerror.Unauthorized, nil, err)
		return
	}

	if admin.AdminPermission.Admin == 0 {
		gerror.IntegratedResponseToRequest(c, http.StatusUnauthorized, gerror.PermissionNotFound, nil, err)
		return
	}

	request := UpdatePermission{}
	if err := c.ShouldBindJSON(&request); err != nil {
		gerror.IntegratedResponseToRequest(c, http.StatusBadRequest, gerror.InvalidParameterValue, nil, err)
		return
	}

	permission := models.AdminPermission{}
	if err := a.rDB.Where("admin_id = ?", request.AdminID).Find(&permission).Error; err != nil {
		gerror.IntegratedResponseToRequest(c, http.StatusBadRequest, gerror.InvalidParameterValue, nil, err)
		return
	} else if permission.ID == 0 {
		gerror.IntegratedResponseToRequest(c, http.StatusNotFound, gerror.NotFoundRecord, nil, err)
		return
	}

	if request.UserPermission {
		permission.User = 1
	} else {
		permission.User = 0
	}

	if request.CollectionPermission {
		permission.Collection = 1
	} else {
		permission.Collection = 0
	}

	if request.SystemPermission {
		permission.System = 1
	} else {
		permission.System = 0
	}

	if request.AdminPermission {
		permission.Admin = 1
	} else {
		permission.Admin = 0
	}

	if request.LogPermission {
		permission.Log = 1
	} else {
		permission.Log = 0
	}

	tx := a.mDB.Begin()
	defer common.DBTransaction(tx)

	//SECTION admin log
	log := Log{
		DB:            tx,
		ActionType:    "admin",
		SubActionType: "modified",
		Admin:         admin,
		TargetID:      request.AdminID,
		Target:        "permission",
	}

	if err := tx.Save(&permission).Error; err != nil {
		gerror.IntegratedResponseToRequest(c, http.StatusBadRequest, gerror.InvalidParameterValue, nil, err)
		tx.Rollback()
		return
	}

	if err = StackLog(log); err != nil {
		gerror.IntegratedResponseToRequest(c, http.StatusInternalServerError, gerror.LogTrackingError, nil, err)
		tx.Rollback()
		return
	}

	if err := tx.Commit().Error; err != nil {
		gerror.IntegratedResponseToRequest(c, http.StatusInternalServerError, gerror.MysqlSaveError, nil, err)
		tx.Rollback()
		return
	}

	gerror.IntegratedResponseToRequest(c, http.StatusOK, gerror.OK, nil, err)
	return
}