[server] Permissions grant and revoke

server/internal/api/v1/responses/responses.go

@@ -45,8 +45,8 @@ type User struct {
 
 type LoggedInUser struct {
 	User
-	Home        pgtype.UUID     `json:"home"`
-	Permissions user.Permission `json:"permissions"`
+	Home        pgtype.UUID      `json:"home"`
+	Permissions user.Permissions `json:"permissions"`
 }
 
 type Publink struct {

server/internal/command/admin/user/cmd.go

@@ -19,6 +19,8 @@ func SetupCommand() *cobra.Command {
 		setupPwresetResetCommand(),
 		setupModCommand(),
 		setupPasswdCommand(),
+		setupGrantCommand(),
+		setupRevokeCommand(),
 	}...)
 
 	return cmd
@@ -34,7 +36,7 @@ func setupListCommand() *cobra.Command {
 				logrus.Fatal(err)
 			}
 			for _, user := range users {
-				logrus.Infof("%24s : %s", user.Email, user.Name)
+				logrus.Infof("%24s :%.4x: %s", user.Email, user.Permissions, user.Name)
 			}
 		},
 	}

server/internal/command/admin/user/mod.go

@@ -15,7 +15,7 @@ import (
 func setupModCommand() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "mod email",
-		Short: "Add User",
+		Short: "Modify",
 		Args:  cobra.ExactArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
 			email := args[0]

server/internal/command/admin/user/passwd.go

@@ -14,7 +14,7 @@ import (
 func setupPasswdCommand() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "passwd email",
-		Short: "Change User Password",
+		Short: "Change Password",
 		Args:  cobra.ExactArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
 			email := args[0]

server/internal/command/admin/user/permissions.go

@@ -0,0 +1,64 @@
+package user
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	"github.com/shroff/phylum/server/internal/core/user"
+	"github.com/spf13/cobra"
+)
+
+func setupGrantCommand() *cobra.Command {
+	return &cobra.Command{
+		Use:   "grant <email> <permission-hex>",
+		Short: "Grant Permissions",
+		Run: func(cmd *cobra.Command, args []string) {
+			userManager := user.ManagerFromContext(context.Background())
+			u, err := userManager.UserByEmail(args[0])
+			if err != nil {
+				fmt.Println("unable to find user :" + err.Error())
+				os.Exit(1)
+			}
+			var p user.Permissions
+			_, err = fmt.Sscanf(args[1], "0x%x", &p)
+			if err != nil {
+				fmt.Println("permissions must be of the format 0x<hex>")
+				os.Exit(1)
+			}
+
+			userManager.GrantUserPermissions(u, p)
+			if err != nil {
+				fmt.Println("unable to update permissions:" + err.Error())
+				os.Exit(1)
+			}
+		},
+	}
+}
+
+func setupRevokeCommand() *cobra.Command {
+	return &cobra.Command{
+		Use:   "revoke <email> <permission-hex>",
+		Short: "Revoke Permissions",
+		Run: func(cmd *cobra.Command, args []string) {
+			userManager := user.ManagerFromContext(context.Background())
+			u, err := userManager.UserByEmail(args[0])
+			if err != nil {
+				fmt.Println("unable to find user :" + err.Error())
+				os.Exit(1)
+			}
+			var p user.Permissions
+			_, err = fmt.Sscanf(args[1], "0x%x", &p)
+			if err != nil {
+				fmt.Println("permissions must be of the format 0x<hex>")
+				os.Exit(1)
+			}
+
+			userManager.RevokeUserPermissions(u, p)
+			if err != nil {
+				fmt.Println("unable to update permissions:" + err.Error())
+				os.Exit(1)
+			}
+		},
+	}
+}

server/internal/command/admin/user/pwreset.go

@@ -12,8 +12,8 @@ import (
 
 func setupPwresetResetCommand() *cobra.Command {
 	cmd := &cobra.Command{
-		Use:   "pwreset email",
-		Short: "pwreset email",
+		Use:   "pwreset <email>",
+		Short: "Send password reset email",
 		Args:  cobra.ExactArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
 			email := args[0]

server/internal/core/user/config.go

@@ -3,7 +3,7 @@ package user
 type Config struct {
 	Password   PasswordConfig `koanf:"password"`
 	BaseDir    string         `koanf:"basedir"`
-	Permisison Permission     `koanf:"permission"`
+	Permisison Permissions    `koanf:"permission"`
 }
 
 type PasswordConfig struct {

server/internal/core/user/permission.go

@@ -1,9 +1,9 @@
 package user
 
-type Permission = int32
+type Permissions = int32
 
 const (
-	PermissionUsersInvite = Permission(0x10)
-	PermissionUsersGrant  = Permission(0x20)
-	PermissionFilesAll    = Permission(0x100)
+	PermissionUsersInvite = Permissions(0x10)
+	PermissionUsersGrant  = Permissions(0x20)
+	PermissionFilesAll    = Permissions(0x100)
 )

server/internal/core/user/update.go

@@ -37,7 +37,7 @@ func (m manager) UpdateUserPassword(user User, password string) error {
 	return nil
 }
 
-func (m manager) GrantUserPermissions(user User, permissions int) error {
+func (m manager) GrantUserPermissions(user User, permissions Permissions) error {
 	const q = "UPDATE users SET permissions = permissions | $2::INTEGER, modified = NOW() WHERE id = $1::INT"
 	if _, err := m.db.Exec(q, user.ID, permissions); err != nil {
 		return err
@@ -45,7 +45,7 @@ func (m manager) GrantUserPermissions(user User, permissions int) error {
 	return nil
 }
 
-func (m manager) RevokeUserPermissions(user User, permissions int) error {
+func (m manager) RevokeUserPermissions(user User, permissions Permissions) error {
 	const q = "UPDATE users SET permissions = permissions & ~ $2::INTEGER, modified = NOW() WHERE id = $1::INT"
 	if _, err := m.db.Exec(q, user.ID, permissions); err != nil {
 		return err

server/internal/core/user/user.go

@@ -16,7 +16,7 @@ type User struct {
 	Email       string
 	Name        string
 	Home        pgtype.UUID
-	Permissions Permission
+	Permissions Permissions
 }
 
 func scanUser(row pgx.CollectableRow) (User, error) {
@@ -48,6 +48,8 @@ type Manager interface {
 	UpdateUserHome(user User, home pgtype.UUID) error
 	UpdateUserName(user User, name string) error
 	UpdateUserPassword(user User, password string) error
+	GrantUserPermissions(user User, permissions Permissions) error
+	RevokeUserPermissions(user User, permissions Permissions) error
 
 	// auth.go
 	VerifyUserPassword(email, password string) (User, error)