-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathdelete.go
133 lines (120 loc) · 3.42 KB
/
delete.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
package space
import (
"errors"
"fmt"
"net/http"
"strconv"
"github.com/factly/kavach-server/model"
"github.com/factly/kavach-server/util"
keto "github.com/factly/kavach-server/util/keto/relationTuple"
"github.com/factly/kavach-server/util/user"
"github.com/factly/x/errorx"
"github.com/factly/x/loggerx"
"github.com/factly/x/renderx"
"github.com/go-chi/chi"
)
// create - Create space application
// @Summary Create space application
// @Description Create space application
// @Tags spaceApplications
// @ID add-space-application
// @Consume json
// @Produce json
// @Param X-User header string true "User ID"
// @Param space_id path string true "space ID"
// @Success 201 {object} model.Application
// @Failure 400 {array} string
// @Router /spaces/{space_id}/applications [post]
func delete(w http.ResponseWriter, r *http.Request) {
spaceID := chi.URLParam(r, "space_id")
sID, err := strconv.Atoi(spaceID)
if err != nil {
loggerx.Error(err)
errorx.Render(w, errorx.Parser(errorx.InvalidID()))
return
}
hostID, err := strconv.Atoi(r.Header.Get("X-User"))
if err != nil {
loggerx.Error(err)
errorx.Render(w, errorx.Parser(errorx.InternalServerError()))
return
}
organisationID := chi.URLParam(r, "organisation_id")
orgID, err := strconv.Atoi(organisationID)
if err != nil {
loggerx.Error(err)
errorx.Render(w, errorx.Parser(errorx.InvalidID()))
return
}
applicationID := chi.URLParam(r, "application_id")
appID, err := strconv.Atoi(applicationID)
if err != nil {
loggerx.Error(err)
errorx.Render(w, errorx.Parser(errorx.InvalidID()))
return
}
// check the permission of host
err = util.CheckOwner(uint(hostID), uint(orgID))
if err != nil {
loggerx.Error(err)
errorx.Render(w, errorx.Parser(errorx.Unauthorized()))
return
}
// VERIFY WHETHER THE USER IS PART OF space OR NOT
objectID := fmt.Sprintf("org:%d:app:%d:space:%d", orgID, appID, sID)
isAuthorised, err := user.IsUserAuthorised(
namespace,
objectID,
fmt.Sprintf("%d", hostID),
)
if err != nil {
loggerx.Error(err)
errorx.Render(w, errorx.Parser(errorx.InternalServerError()))
return
}
if !isAuthorised {
loggerx.Error(errors.New("user is not part of the space"))
errorx.Render(w, errorx.Parser(errorx.Unauthorized()))
return
}
space := &model.Space{}
space.ID = uint(sID)
tx := model.DB.Begin()
//check if record exists or not
err = tx.Model(&model.Space{}).First(&space).Error
if err != nil {
tx.Rollback()
loggerx.Error(err)
errorx.Render(w, errorx.Parser(errorx.RecordNotFound()))
return
}
// delete the medium associated with the space
if space.MediumID != nil {
err = tx.Model(&model.Medium{}).Where("id = ?", *space.MediumID).Delete(&model.Medium{}).Error
}
err = tx.Model(&model.Space{}).Where("id = ?", space.ID).Delete(space).Error
if err != nil {
tx.Rollback()
loggerx.Error(err)
errorx.Render(w, errorx.Parser(errorx.DBError()))
return
}
// Deleting the all the relation tuple related to "space" object
tuple := &model.KetoRelationTupleWithSubjectID{
KetoSubjectSet: model.KetoSubjectSet{
Namespace: namespace,
Object: objectID,
Relation: "", // relation is an empty string to avoid addition of the relation query parameter
},
SubjectID: "",
}
err = keto.DeleteRelationTupleWithSubjectID(tuple)
if err != nil {
tx.Rollback()
loggerx.Error(err)
errorx.Render(w, errorx.Parser(errorx.InternalServerError()))
return
}
tx.Commit()
renderx.JSON(w, http.StatusOK, nil)
}