signet-backend/endpoints/escalateprivileges.go

package endpoints

import (
	"encoding/json"
	"net/http"

	"github.com/imosed/signet/auth"
	. "github.com/imosed/signet/data"
	"github.com/rs/zerolog/log"
)

type EscalatePrivilegesRequest struct {
	UserID     uint `json:"userID"`
	Privileges uint `json:"privileges"`
}

func ChangePrivileges(w http.ResponseWriter, r *http.Request) {
	var req EscalatePrivilegesRequest
	err := json.NewDecoder(r.Body).Decode(&req)
	if err != nil {
		log.Error().Err(err).Msg("Could not decode body in ChangePrivileges call")
		return
	}

	var resp SuccessResponse
	var user User

	var claims *auth.Claims
	claims, err = auth.GetUserClaims(r)

	if claims == nil {
		w.WriteHeader(401)
		return
	}
	if claims.Privileges > AdminPlus {
		w.WriteHeader(403)
		return
	}

	Db.Table("users").Where("id = ?", req.UserID).Find(&user)
	if req.Privileges == SuperUser {
		resp.Success = false

		err = json.NewEncoder(w).Encode(resp)
		if err != nil {
			log.Error().Err(err).Msg("Could not deliver failed escalate privileges response")
		}
		return
	}

	user.Privileges = req.Privileges
	Db.Save(user)
	resp.Success = true

	err = json.NewEncoder(w).Encode(resp)
	if err != nil {
		log.Error().Err(err).Msg("Could not deliver successful escalate privileges response")
	}
}