Add updateAt field (closes #27)

api/group.go

@@ -18,6 +18,7 @@ type Group struct {
 	Org      string    `json:"org, omitempty"`
 	Urn      string    `json:"urn, omitempty"`
 	CreateAt time.Time `json:"createAt, omitempty"`
+	UpdateAt time.Time `json:"updateAt, omitempty"`
 }
 
 func (g Group) String() string {
@@ -254,30 +255,29 @@ func (api AuthAPI) UpdateGroup(requestInfo RequestInfo, org string, name string,
 		}
 	}
 
-	// Call repo to retrieve the group
-	group, err := api.GetGroupByName(requestInfo, org, name)
+	// Call repo to retrieve the old group
+	oldGroup, err := api.GetGroupByName(requestInfo, org, name)
 	if err != nil {
 		return nil, err
 	}
-	oldGroup := group
 
 	// Check restrictions
-	groupsFiltered, err := api.GetAuthorizedGroups(requestInfo, group.Urn, GROUP_ACTION_UPDATE_GROUP, []Group{*group})
+	groupsFiltered, err := api.GetAuthorizedGroups(requestInfo, oldGroup.Urn, GROUP_ACTION_UPDATE_GROUP, []Group{*oldGroup})
 	if err != nil {
 		return nil, err
 	}
 	if len(groupsFiltered) < 1 {
 		return nil, &Error{
 			Code: UNAUTHORIZED_RESOURCES_ERROR,
 			Message: fmt.Sprintf("User with externalId %v is not allowed to access to resource %v",
-				requestInfo.Identifier, group.Urn),
+				requestInfo.Identifier, oldGroup.Urn),
 		}
 	}
 
 	// Check if a group with "newName" already exists
 	newGroup, err := api.GetGroupByName(requestInfo, org, newName)
 
-	if err == nil && group.ID != newGroup.ID {
+	if err == nil && oldGroup.ID != newGroup.ID {
 		// Group already exists
 		return nil, &Error{
 			Code:    GROUP_ALREADY_EXIST,
@@ -286,29 +286,40 @@ func (api AuthAPI) UpdateGroup(requestInfo RequestInfo, org string, name string,
 	}
 
 	if err != nil {
-		if apiError := err.(*Error); apiError.Code == UNAUTHORIZED_RESOURCES_ERROR || apiError.Code == UNKNOWN_API_ERROR {
+		if apiError := err.(*Error); apiError.Code != GROUP_BY_ORG_AND_NAME_NOT_FOUND {
 			return nil, err
 		}
 	}
 
-	// Get Group updated
-	groupToUpdate := createGroup(org, newName, newPath)
+	auxGroup := Group{
+		Urn: CreateUrn(org, RESOURCE_GROUP, newPath, newName),
+	}
 
 	// Check restrictions
-	groupsFiltered, err = api.GetAuthorizedGroups(requestInfo, groupToUpdate.Urn, GROUP_ACTION_UPDATE_GROUP, []Group{groupToUpdate})
+	groupsFiltered, err = api.GetAuthorizedGroups(requestInfo, auxGroup.Urn, GROUP_ACTION_UPDATE_GROUP, []Group{auxGroup})
 	if err != nil {
 		return nil, err
 	}
 	if len(groupsFiltered) < 1 {
 		return nil, &Error{
 			Code: UNAUTHORIZED_RESOURCES_ERROR,
 			Message: fmt.Sprintf("User with externalId %v is not allowed to access to resource %v",
-				requestInfo.Identifier, groupToUpdate.Urn),
+				requestInfo.Identifier, auxGroup.Urn),
 		}
 	}
 
 	// Update group
-	group, err = api.GroupRepo.UpdateGroup(*group, newName, newPath, groupToUpdate.Urn)
+	group := Group{
+		ID:       oldGroup.ID,
+		Name:     newName,
+		Path:     newPath,
+		Org:      oldGroup.Org,
+		Urn:      auxGroup.Urn,
+		CreateAt: oldGroup.CreateAt,
+		UpdateAt: time.Now().UTC(),
+	}
+
+	updatedGroup, err := api.GroupRepo.UpdateGroup(group)
 
 	// Check unexpected DB error
 	if err != nil {
@@ -320,8 +331,8 @@ func (api AuthAPI) UpdateGroup(requestInfo RequestInfo, org string, name string,
 		}
 	}
 
-	LogOperation(api.Logger, requestInfo, fmt.Sprintf("Group updated from %+v to %+v", oldGroup, group))
-	return group, nil
+	LogOperation(api.Logger, requestInfo, fmt.Sprintf("Group updated from %+v to %+v", oldGroup, updatedGroup))
+	return updatedGroup, nil
 
 }
 
@@ -725,6 +736,7 @@ func createGroup(org string, name string, path string) Group {
 		Name:     name,
 		Path:     path,
 		CreateAt: time.Now().UTC(),
+		UpdateAt: time.Now().UTC(),
 		Urn:      urn,
 		Org:      org,
 	}

api/manager.go

@@ -161,9 +161,9 @@ type UserRepo interface {
 	// if there are problems with database.
 	GetUsersFiltered(filter *Filter) ([]User, int, error)
 
-	// Update user stored in database with new pathPrefix. Throw error if the database restrictions
+	// Update user stored in database with new fields. Throw error if the database restrictions
 	// are not satisfied or unexpected error happen.
-	UpdateUser(user User, newPath string, newUrn string) (*User, error)
+	UpdateUser(user User) (*User, error)
 
 	// Remove user stored in database with its group relationships.
 	// Throw error if there are problems during transactions.
@@ -186,9 +186,9 @@ type GroupRepo interface {
 	// if there are problems with database.
 	GetGroupsFiltered(org string, filter *Filter) ([]Group, int, error)
 
-	// Update group stored in database with new name and pathPrefix.
+	// Update group stored in database with new fields.
 	// Throw error if there are problems with database.
-	UpdateGroup(group Group, newName string, newPath string, newUrn string) (*Group, error)
+	UpdateGroup(group Group) (*Group, error)
 
 	// Remove group stored in database with its user and policy relationships.
 	// Throw error if there are problems during transactions.
@@ -237,9 +237,9 @@ type PolicyRepo interface {
 	// if there are problems with database.
 	GetPoliciesFiltered(org string, filter *Filter) ([]Policy, int, error)
 
-	// Update policy stored in database with new name and pathPrefix. Also it overrides statements.
+	// Update policy stored in database with new fields. Also it overrides statements if it has.
 	// Throw error if there are problems with database.
-	UpdatePolicy(policy Policy, newName string, newPath string, newUrn string, newStatements []Statement) (*Policy, error)
+	UpdatePolicy(policy Policy) (*Policy, error)
 
 	// Remove policy stored in database with its groups relationships.
 	// Throw error if there are problems during transactions.

api/policy.go

@@ -18,6 +18,7 @@ type Policy struct {
 	Org        string       `json:"org, omitempty"`
 	Urn        string       `json:"urn, omitempty"`
 	CreateAt   time.Time    `json:"createAt, omitempty"`
+	UpdateAt   time.Time    `json:"updateAt, omitempty"`
 	Statements *[]Statement `json:"statements, omitempty"`
 }
 
@@ -278,59 +279,72 @@ func (api AuthAPI) UpdatePolicy(requestInfo RequestInfo, org string, policyName
 
 	}
 
-	// Call repo to retrieve the policy
-	policyDB, err := api.GetPolicyByName(requestInfo, org, policyName)
+	// Call repo to retrieve the old policy
+	oldPolicy, err := api.GetPolicyByName(requestInfo, org, policyName)
 	if err != nil {
 		return nil, err
 	}
 
 	// Check restrictions
-	policiesFiltered, err := api.GetAuthorizedPolicies(requestInfo, policyDB.Urn, POLICY_ACTION_UPDATE_POLICY, []Policy{*policyDB})
+	policiesFiltered, err := api.GetAuthorizedPolicies(requestInfo, oldPolicy.Urn, POLICY_ACTION_UPDATE_POLICY, []Policy{*oldPolicy})
 	if err != nil {
 		return nil, err
 	}
 	if len(policiesFiltered) < 1 {
 		return nil, &Error{
 			Code: UNAUTHORIZED_RESOURCES_ERROR,
 			Message: fmt.Sprintf("User with externalId %v is not allowed to access to resource %v",
-				requestInfo.Identifier, policyDB.Urn),
+				requestInfo.Identifier, oldPolicy.Urn),
 		}
 	}
 
 	// Check if policy with "newName" exists
 	targetPolicy, err := api.GetPolicyByName(requestInfo, org, newName)
 
-	if err == nil && targetPolicy.ID != policyDB.ID {
+	if err == nil && targetPolicy.ID != oldPolicy.ID {
 		// Policy already exists
 		return nil, &Error{
 			Code:    POLICY_ALREADY_EXIST,
 			Message: fmt.Sprintf("Policy name: %v already exists", newName),
 		}
 	}
+
 	if err != nil {
-		if apiError := err.(*Error); apiError.Code == UNAUTHORIZED_RESOURCES_ERROR || apiError.Code == UNKNOWN_API_ERROR {
+		if apiError := err.(*Error); apiError.Code != POLICY_BY_ORG_AND_NAME_NOT_FOUND {
 			return nil, err
 		}
 	}
 
-	// Get Policy Updated
-	policyToUpdate := createPolicy(newName, newPath, org, &newStatements)
+	auxPolicy := Policy{
+		Urn: CreateUrn(org, RESOURCE_POLICY, newPath, newName),
+	}
 
 	// Check restrictions
-	policiesFiltered, err = api.GetAuthorizedPolicies(requestInfo, policyToUpdate.Urn, POLICY_ACTION_UPDATE_POLICY, []Policy{policyToUpdate})
+	policiesFiltered, err = api.GetAuthorizedPolicies(requestInfo, auxPolicy.Urn, POLICY_ACTION_UPDATE_POLICY, []Policy{auxPolicy})
 	if err != nil {
 		return nil, err
 	}
 	if len(policiesFiltered) < 1 {
 		return nil, &Error{
 			Code: UNAUTHORIZED_RESOURCES_ERROR,
 			Message: fmt.Sprintf("User with externalId %v is not allowed to access to resource %v",
-				requestInfo.Identifier, policyToUpdate.Urn),
+				requestInfo.Identifier, auxPolicy.Urn),
 		}
 	}
 
+	policy := Policy{
+		ID:         oldPolicy.ID,
+		Name:       newName,
+		Path:       newPath,
+		Org:        oldPolicy.Org,
+		Urn:        auxPolicy.Urn,
+		CreateAt:   oldPolicy.CreateAt,
+		UpdateAt:   time.Now().UTC(),
+		Statements: &newStatements,
+	}
+
 	// Update policy
-	policy, err := api.PolicyRepo.UpdatePolicy(*policyDB, newName, newPath, policyToUpdate.Urn, newStatements)
+	updatedPolicy, err := api.PolicyRepo.UpdatePolicy(policy)
 
 	// Check unexpected DB error
 	if err != nil {
@@ -342,8 +356,8 @@ func (api AuthAPI) UpdatePolicy(requestInfo RequestInfo, org string, policyName
 		}
 	}
 
-	LogOperation(api.Logger, requestInfo, fmt.Sprintf("Policy updated from %+v to %+v", policyDB, policy))
-	return policy, nil
+	LogOperation(api.Logger, requestInfo, fmt.Sprintf("Policy updated from %+v to %+v", oldPolicy, updatedPolicy))
+	return updatedPolicy, nil
 }
 
 func (api AuthAPI) RemovePolicy(requestInfo RequestInfo, org string, name string) error {
@@ -443,9 +457,10 @@ func createPolicy(name string, path string, org string, statements *[]Statement)
 		ID:         uuid.NewV4().String(),
 		Name:       name,
 		Path:       path,
+		CreateAt:   time.Now().UTC(),
+		UpdateAt:   time.Now().UTC(),
 		Org:        org,
 		Urn:        urn,
-		CreateAt:   time.Now().UTC(),
 		Statements: statements,
 	}
 

api/testutils_test.go

@@ -159,10 +159,8 @@ func (t TestRepo) AddUser(user User) (*User, error) {
 	return created, err
 }
 
-func (t TestRepo) UpdateUser(user User, newPath string, newUrn string) (*User, error) {
+func (t TestRepo) UpdateUser(user User) (*User, error) {
 	t.ArgsIn[UpdateUserMethod][0] = user
-	t.ArgsIn[UpdateUserMethod][1] = newPath
-	t.ArgsIn[UpdateUserMethod][2] = newUrn
 	var updated *User
 	if t.ArgsOut[UpdateUserMethod][0] != nil {
 		updated = t.ArgsOut[UpdateUserMethod][0].(*User)
@@ -363,11 +361,8 @@ func (t TestRepo) RemoveMember(userID string, groupID string) error {
 	return err
 }
 
-func (t TestRepo) UpdateGroup(group Group, newName string, newPath string, newUrn string) (*Group, error) {
+func (t TestRepo) UpdateGroup(group Group) (*Group, error) {
 	t.ArgsIn[UpdateGroupMethod][0] = group
-	t.ArgsIn[UpdateGroupMethod][1] = newName
-	t.ArgsIn[UpdateGroupMethod][2] = newPath
-	t.ArgsIn[UpdateGroupMethod][3] = newUrn
 
 	var updated *Group
 	if t.ArgsOut[UpdateGroupMethod][0] != nil {
@@ -433,12 +428,8 @@ func (t TestRepo) AddPolicy(policy Policy) (*Policy, error) {
 	return created, err
 }
 
-func (t TestRepo) UpdatePolicy(policy Policy, newName string, newPath string, newUrn string, newStatements []Statement) (*Policy, error) {
+func (t TestRepo) UpdatePolicy(policy Policy) (*Policy, error) {
 	t.ArgsIn[UpdatePolicyMethod][0] = policy
-	t.ArgsIn[UpdatePolicyMethod][1] = newName
-	t.ArgsIn[UpdatePolicyMethod][2] = newPath
-	t.ArgsIn[UpdatePolicyMethod][3] = newUrn
-	t.ArgsIn[UpdatePolicyMethod][4] = newStatements
 
 	var updated *Policy
 	if t.ArgsOut[UpdatePolicyMethod][0] != nil {

api/user.go

@@ -17,6 +17,7 @@ type User struct {
 	Path       string    `json:"path, omitempty"`
 	Urn        string    `json:"urn, omitempty"`
 	CreateAt   time.Time `json:"createAt, omitempty"`
+	UpdateAt   time.Time `json:"updateAt, omitempty"`
 }
 
 func (u User) String() string {
@@ -203,40 +204,51 @@ func (api AuthAPI) UpdateUser(requestInfo RequestInfo, externalId string, newPat
 	}
 
 	// Call repo to retrieve the user
-	userDB, err := api.GetUserByExternalID(requestInfo, externalId)
+	oldUser, err := api.GetUserByExternalID(requestInfo, externalId)
 	if err != nil {
 		return nil, err
 	}
 
 	// Check restrictions
-	usersFiltered, err := api.GetAuthorizedUsers(requestInfo, userDB.Urn, USER_ACTION_UPDATE_USER, []User{*userDB})
+	usersFiltered, err := api.GetAuthorizedUsers(requestInfo, oldUser.Urn, USER_ACTION_UPDATE_USER, []User{*oldUser})
 	if err != nil {
 		return nil, err
 	}
 	if len(usersFiltered) < 1 {
 		return nil, &Error{
 			Code: UNAUTHORIZED_RESOURCES_ERROR,
 			Message: fmt.Sprintf("User with externalId %v is not allowed to access to resource %v",
-				requestInfo.Identifier, userDB.Urn),
+				requestInfo.Identifier, oldUser.Urn),
 		}
 	}
 
-	userToUpdate := createUser(externalId, newPath)
+	auxUser := User{
+		Urn: CreateUrn("", RESOURCE_USER, newPath, externalId),
+	}
 
 	// Check restrictions
-	usersFiltered, err = api.GetAuthorizedUsers(requestInfo, userToUpdate.Urn, USER_ACTION_GET_USER, []User{userToUpdate})
+	usersFiltered, err = api.GetAuthorizedUsers(requestInfo, auxUser.Urn, USER_ACTION_GET_USER, []User{auxUser})
 	if err != nil {
 		return nil, err
 	}
 	if len(usersFiltered) < 1 {
 		return nil, &Error{
 			Code: UNAUTHORIZED_RESOURCES_ERROR,
 			Message: fmt.Sprintf("User with externalId %v is not allowed to access to resource %v",
-				requestInfo.Identifier, userToUpdate.Urn),
+				requestInfo.Identifier, auxUser.Urn),
 		}
 	}
 
-	user, err := api.UserRepo.UpdateUser(*userDB, newPath, userToUpdate.Urn)
+	user := User{
+		ID:         oldUser.ID,
+		ExternalID: oldUser.ExternalID,
+		Path:       newPath,
+		CreateAt:   oldUser.CreateAt,
+		UpdateAt:   time.Now().UTC(),
+		Urn:        auxUser.Urn,
+	}
+
+	updatedUser, err := api.UserRepo.UpdateUser(user)
 
 	// Check unexpected DB error
 	if err != nil {
@@ -248,8 +260,8 @@ func (api AuthAPI) UpdateUser(requestInfo RequestInfo, externalId string, newPat
 		}
 	}
 
-	LogOperation(api.Logger, requestInfo, fmt.Sprintf("User updated from %+v to %+v", userDB, user))
-	return user, nil
+	LogOperation(api.Logger, requestInfo, fmt.Sprintf("User updated from %+v to %+v", oldUser, updatedUser))
+	return updatedUser, nil
 
 }
 
@@ -355,6 +367,7 @@ func createUser(externalId string, path string) User {
 		ExternalID: externalId,
 		Path:       path,
 		CreateAt:   time.Now().UTC(),
+		UpdateAt:   time.Now().UTC(),
 		Urn:        urn,
 	}