reintroduce user update api path

internal/api/rest.go

@@ -79,6 +79,8 @@ func (api *RestAPI) MountAPIRoutes(r chi.Router) {
 	// REST API Uses TokenAuth
 	// User List
 	r.Get("/users/", api.getUsers)
+	// User Edit
+	r.Post("/user/{id}", api.updateUserByRequest)
 	// Cluster List
 	r.Get("/clusters/", api.getClusters)
 	// Slurm node state
@@ -152,7 +154,7 @@ func (api *RestAPI) MountConfigAPIRoutes(r chi.Router) {
 		r.Put("/config/users/", api.createUser)
 		r.Get("/config/users/", api.getUsers)
 		r.Delete("/config/users/", api.deleteUser)
-		r.Post("/config/user/{id}", api.updateUser)
+		r.Post("/config/user/{id}", api.updateUserByForm)
 		r.Post("/config/notice/", api.editNotice)
 		r.Get("/config/taggers/", api.getTaggers)
 		r.Post("/config/taggers/run/", api.runTagger)

internal/api/user.go

@@ -24,6 +24,14 @@ type APIReturnedUser struct {
 	Projects []string `json:"projects"`
 }
 
+// JobMetaRequest model
+type UpdateUserAPIRequest struct {
+	NewRole string `json:"add-role" example:"user"`          // Role to add to user $ID
+	DelRole string `json:"remove-role" example:"user"`       // Role to remove from user $ID
+	NewProj string `json:"add-project" example:"abcd100"`    // Project to add to user $ID managed array
+	DelProj string `json:"remove-project" example:"abcd100"` // Project to remove from user $ID managed array
+}
+
 // getUsers godoc
 // @summary     Returns a list of users
 // @tags User
@@ -58,22 +66,74 @@ func (api *RestAPI) getUsers(rw http.ResponseWriter, r *http.Request) {
 	}
 }
 
-// updateUser godoc
+// updateUserByJson godoc
 // @summary     Update user roles and projects
 // @tags User
 // @description Allows admins to add/remove roles and projects for a user
-// @produce     plain
+// @accept      json
-// @param       id          path   string  true  "Username"
+// @produce     json
-// @param       add-role    formData string false "Role to add"
+// @param       id      path string                    true "Username"
-// @param       remove-role formData string false "Role to remove"
+// @param       request body api.UpdateUserAPIRequest  true "Single Field Changes"
-// @param       add-project formData string false "Project to add"
-// @param       remove-project formData string false "Project to remove"
 // @success     200     {string} string "Success message"
 // @failure     403     {object} api.ErrorResponse "Forbidden"
 // @failure     422     {object} api.ErrorResponse "Unprocessable Entity"
 // @security    ApiKeyAuth
 // @router      /api/user/{id} [post]
-func (api *RestAPI) updateUser(rw http.ResponseWriter, r *http.Request) {
+func (api *RestAPI) updateUserByRequest(rw http.ResponseWriter, r *http.Request) {
+
+	if user := repository.GetUserFromContext(r.Context()); !user.HasRole(schema.RoleAdmin) {
+		handleError(fmt.Errorf("only admins are allowed to update a user"), http.StatusForbidden, rw)
+		return
+	}
+
+	// Get Values
+	var req UpdateUserAPIRequest
+	if err := decode(r.Body, &req); err != nil {
+		handleError(fmt.Errorf("decoding request failed: %w", err), http.StatusBadRequest, rw)
+		return
+	}
+
+	rw.Header().Set("Content-Type", "application/json")
+
+	// Handle role updates
+	if req.NewRole != "" {
+		if err := repository.GetUserRepository().AddRole(r.Context(), chi.URLParam(r, "id"), req.NewRole); err != nil {
+			handleError(fmt.Errorf("adding role failed: %w", err), http.StatusUnprocessableEntity, rw)
+			return
+		}
+		if err := json.NewEncoder(rw).Encode(DefaultAPIResponse{Message: fmt.Sprintf("Add Role Success for user %s", chi.URLParam(r, "id"))}); err != nil {
+			cclog.Errorf("Failed to encode response: %v", err)
+		}
+	} else if req.DelRole != "" {
+		if err := repository.GetUserRepository().RemoveRole(r.Context(), chi.URLParam(r, "id"), req.DelRole); err != nil {
+			handleError(fmt.Errorf("removing role failed: %w", err), http.StatusUnprocessableEntity, rw)
+			return
+		}
+		if err := json.NewEncoder(rw).Encode(DefaultAPIResponse{Message: fmt.Sprintf("Remove Role Success for user %s", chi.URLParam(r, "id"))}); err != nil {
+			cclog.Errorf("Failed to encode response: %v", err)
+		}
+	} else if req.NewProj != "" {
+		if err := repository.GetUserRepository().AddProject(r.Context(), chi.URLParam(r, "id"), req.NewProj); err != nil {
+			handleError(fmt.Errorf("adding project failed: %w", err), http.StatusUnprocessableEntity, rw)
+			return
+		}
+		if err := json.NewEncoder(rw).Encode(DefaultAPIResponse{Message: fmt.Sprintf("Add Project Success for user %s", chi.URLParam(r, "id"))}); err != nil {
+			cclog.Errorf("Failed to encode response: %v", err)
+		}
+	} else if req.DelProj != "" {
+		if err := repository.GetUserRepository().RemoveProject(r.Context(), chi.URLParam(r, "id"), req.DelProj); err != nil {
+			handleError(fmt.Errorf("removing project failed: %w", err), http.StatusUnprocessableEntity, rw)
+			return
+		}
+		if err := json.NewEncoder(rw).Encode(DefaultAPIResponse{Message: fmt.Sprintf("Remove Project Success for user %s", chi.URLParam(r, "id"))}); err != nil {
+			cclog.Errorf("Failed to encode response: %v", err)
+		}
+	} else {
+		handleError(fmt.Errorf("no operation specified: must provide add-role, remove-role, add-project, or remove-project"), http.StatusBadRequest, rw)
+	}
+}
+
+func (api *RestAPI) updateUserByForm(rw http.ResponseWriter, r *http.Request) {
 	// SecuredCheck() only worked with TokenAuth: Removed
 
 	if user := repository.GetUserFromContext(r.Context()); !user.HasRole(schema.RoleAdmin) {

internal/auth/auth.go

@@ -632,7 +632,7 @@ func securedCheck(user *schema.User, r *http.Request) error {
 	}
 	// If SplitHostPort fails, IPAddress is already just a host (no port)
 
-	// If nothing declared in config: Continue
+	// If nothing declared in config: Continue // FIXME: Allow All If Not Declared?
 	if len(config.Keys.APIAllowedIPs) == 0 {
 		return nil
 	}