UltiSuite/ultisuite-backend
UltiSuite/ultisuite-backend
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
2bdd16fa37
ultisuite-backend/internal/users/admin.go
R3D347HR4Y f67c109f2f Admin interface
2026-06-07 21:55:22 +02:00

83 lines
2.0 KiB
Go
Raw Blame History

package users
import (
"context"
"errors"
"fmt"
"github.com/jackc/pgx/v5"
"github.com/jackc/pgx/v5/pgxpool"
"github.com/ultisuite/ulti-backend/internal/auth"
"github.com/ultisuite/ulti-backend/internal/permission"
)
// IsPlatformAdmin reports whether the user row is marked platform_admin.
func IsPlatformAdmin(ctx context.Context, db *pgxpool.Pool, externalID string) (bool, error) {
if db == nil || externalID == "" {
return false, nil
}
var admin bool
err := db.QueryRow(ctx, `
SELECT platform_admin FROM users WHERE external_id = $1
`, externalID).Scan(&admin)
if errors.Is(err, pgx.ErrNoRows) {
return false, nil
}
if err != nil {
return false, err
}
return admin, nil
}
// GrantPlatformAdmin sets platform_admin for the given external_id.
func GrantPlatformAdmin(ctx context.Context, db *pgxpool.Pool, externalID string) error {
if db == nil {
return fmt.Errorf("database not configured")
}
if externalID == "" {
return fmt.Errorf("missing external id")
}
tag, err := db.Exec(ctx, `
UPDATE users SET platform_admin = true, updated_at = NOW()
WHERE external_id = $1
`, externalID)
if err != nil {
return err
}
if tag.RowsAffected() == 0 {
return pgx.ErrNoRows
}
return nil
}
// ApplyPlatformAdminGroups adds admin RBAC groups when the user is platform_admin.
func ApplyPlatformAdminGroups(ctx context.Context, db *pgxpool.Pool, claims *auth.Claims) error {
if claims == nil || db == nil {
return nil
}
admin, err := IsPlatformAdmin(ctx, db, claims.Sub)
if err != nil {
return err
}
if admin {
claims.Groups = permission.WithPlatformAdmin(claims.Groups)
}
return nil
}
func bootstrapFirstUserAdmin(ctx context.Context, db *pgxpool.Pool, userID string) error {
var hasAdmin bool
if err := db.QueryRow(ctx, `SELECT EXISTS(SELECT 1 FROM users WHERE platform_admin = true)`).Scan(&hasAdmin); err != nil {
return err
}
if hasAdmin {
return nil
}
_, err := db.Exec(ctx, `
UPDATE users SET platform_admin = true, updated_at = NOW()
WHERE id = $1
`, userID)
return err
}
Reference in New Issue View Git Blame Copy Permalink