influxdb/server/me.go

package server

import (
	"encoding/json"
	"fmt"
	"net/http"
	"strconv"

	"golang.org/x/net/context"

	"github.com/influxdata/chronograf"
	"github.com/influxdata/chronograf/oauth2"
	"github.com/influxdata/chronograf/organizations"
)

type meLinks struct {
	Self string `json:"self"` // Self link mapping to this resource
}

type meResponse struct {
	*chronograf.User
	Links meLinks `json:"links"`
}

// If new user response is nil, return an empty meResponse because it
// indicates authentication is not needed
func newMeResponse(usr *chronograf.User) meResponse {
	base := "/chronograf/v1/users"
	name := "me"
	if usr != nil {
		name = PathEscape(usr.Name)
	}

	return meResponse{
		User: usr,
		Links: meLinks{
			Self: fmt.Sprintf("%s/%s", base, name),
		},
	}
}

// getUsername not currently used
func getUsername(ctx context.Context) (string, error) {
	principal, err := getPrincipal(ctx)
	if err != nil {
		return "", err
	}
	if principal.Subject == "" {
		return "", fmt.Errorf("Token not found")
	}
	return principal.Subject, nil
}

// getProvider not currently used
func getProvider(ctx context.Context) (string, error) {
	principal, err := getPrincipal(ctx)
	if err != nil {
		return "", err
	}
	if principal.Issuer == "" {
		return "", fmt.Errorf("Token not found")
	}
	return principal.Issuer, nil
}

// TODO: This Scheme value is hard-coded temporarily since we only currently
// support OAuth2. This hard-coding should be removed whenever we add
// support for other authentication schemes.
func getScheme(ctx context.Context) (string, error) {
	return "oauth2", nil
}

func getPrincipal(ctx context.Context) (oauth2.Principal, error) {
	principal, ok := ctx.Value(oauth2.PrincipalKey).(oauth2.Principal)
	if !ok {
		return oauth2.Principal{}, fmt.Errorf("Token not found")
	}

	return principal, nil
}

func getValidPrincipal(ctx context.Context) (oauth2.Principal, error) {
	p, err := getPrincipal(ctx)
	if err != nil {
		return p, err
	}
	if p.Subject == "" {
		return oauth2.Principal{}, fmt.Errorf("Token not found")
	}
	if p.Issuer == "" {
		return oauth2.Principal{}, fmt.Errorf("Token not found")
	}
	return p, nil
}

type meOrganizationRequest struct {
	// Organization is the OrganizationID
	Organization string `json:"organization"`
}

// MeOrganization changes the user's current organization on the JWT and responds
// with the same semantics as Me
func (s *Service) MeOrganization(auth oauth2.Authenticator) func(http.ResponseWriter, *http.Request) {
	return func(w http.ResponseWriter, r *http.Request) {
		ctx := r.Context()
		principal, err := auth.Validate(ctx, r)
		if err != nil {
			s.Logger.Error("Invalid principal")
			w.WriteHeader(http.StatusForbidden)
			return
		}
		var req meOrganizationRequest
		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
			invalidJSON(w, s.Logger)
			return
		}

		// validate that the organization exists
		orgID, err := strconv.ParseUint(req.Organization, 10, 64)
		if err != nil {
			Error(w, http.StatusInternalServerError, err.Error(), s.Logger)
			return
		}
		_, err = s.Store.Organizations(ctx).Get(ctx, chronograf.OrganizationQuery{ID: &orgID})
		if err != nil {
			Error(w, http.StatusBadRequest, err.Error(), s.Logger)
			return
		}

		p, err := getValidPrincipal(ctx)
		if err != nil {
			invalidData(w, err, s.Logger)
			return
		}
		scheme, err := getScheme(ctx)
		if err != nil {
			invalidData(w, err, s.Logger)
			return
		}
		// validate that user belongs to organization
		ctx = context.WithValue(ctx, organizations.ContextKey, req.Organization)
		_, err = s.Store.Users(ctx).Get(ctx, chronograf.UserQuery{
			Name:     &p.Subject,
			Provider: &p.Issuer,
			Scheme:   &scheme,
		})
		if err == chronograf.ErrUserNotFound {
			Error(w, http.StatusBadRequest, err.Error(), s.Logger)
			return
		}
		if err != nil {
			Error(w, http.StatusBadRequest, err.Error(), s.Logger)
			return
		}

		// TODO: change to principal.CurrentOrganization
		principal.Organization = req.Organization

		if err := auth.Authorize(ctx, w, principal); err != nil {
			Error(w, http.StatusInternalServerError, err.Error(), s.Logger)
			return
		}

		ctx = context.WithValue(ctx, oauth2.PrincipalKey, principal)

		s.Me(w, r.WithContext(ctx))
	}
}

// Me does a findOrCreate based on the username in the context
func (s *Service) Me(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()
	if !s.UseAuth {
		// If there's no authentication, return an empty user
		res := newMeResponse(nil)
		encodeJSON(w, http.StatusOK, res, s.Logger)
		return
	}

	p, err := getValidPrincipal(ctx)
	if err != nil {
		invalidData(w, err, s.Logger)
		return
	}
	scheme, err := getScheme(ctx)
	if err != nil {
		invalidData(w, err, s.Logger)
		return
	}
	ctx = context.WithValue(ctx, organizations.ContextKey, p.Organization)
	ctx = context.WithValue(ctx, SuperAdminKey, true)

	usr, err := s.Store.Users(ctx).Get(ctx, chronograf.UserQuery{
		Name:     &p.Subject,
		Provider: &p.Issuer,
		Scheme:   &scheme,
	})
	if err != nil && err != chronograf.ErrUserNotFound {
		unknownErrorWithMessage(w, err, s.Logger)
		return
	}

	if usr != nil {
		usr.CurrentOrganization = p.Organization
		res := newMeResponse(usr)
		encodeJSON(w, http.StatusOK, res, s.Logger)
		return
	}

	// Because we didnt find a user, making a new one
	user := &chronograf.User{
		Name:     p.Subject,
		Provider: p.Issuer,
		// TODO: This Scheme value is hard-coded temporarily since we only currently
		// support OAuth2. This hard-coding should be removed whenever we add
		// support for other authentication schemes.
		Scheme: scheme,
		Roles: []chronograf.Role{
			{
				Name: MemberRoleName,
				// This is the ID of the default organization
				Organization: "0",
			},
		},
		SuperAdmin: s.firstUser(),
	}

	newUser, err := s.Store.Users(ctx).Add(ctx, user)
	if err != nil {
		msg := fmt.Errorf("error storing user %s: %v", user.Name, err)
		unknownErrorWithMessage(w, msg, s.Logger)
		return
	}

	newUser.CurrentOrganization = p.Organization
	res := newMeResponse(newUser)
	encodeJSON(w, http.StatusOK, res, s.Logger)
}

// TODO(desa): very slow
func (s *Service) firstUser() bool {
	ctx := context.WithValue(context.Background(), SuperAdminKey, true)
	users, err := s.Store.Users(ctx).All(ctx)
	if err != nil {
		return false
	}

	return len(users) == 0
}
Update user/role responses to return empty arrays 2017-03-10 19:24:48 +00:00			`package server`

			`import (`
Provide route to change current users organization Add current Organization to JWT. Use OrganizationUsersStore to retrieve Users that are not me. Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-26 22:01:20 +00:00			`"encoding/json"`
Update user/role responses to return empty arrays 2017-03-10 19:24:48 +00:00			`"fmt"`
			`"net/http"`
Validate Organization and that User belongs to Org in MeOrganization Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 17:02:02 +00:00			`"strconv"`
Update user/role responses to return empty arrays 2017-03-10 19:24:48 +00:00
			`"golang.org/x/net/context"`

			`"github.com/influxdata/chronograf"`
			`"github.com/influxdata/chronograf/oauth2"`
User explicit type when setting context 2017-11-01 13:49:02 +00:00			`"github.com/influxdata/chronograf/organizations"`
Update user/role responses to return empty arrays 2017-03-10 19:24:48 +00:00			`)`

			`type meLinks struct {`
			Self string `json:"self"` // Self link mapping to this resource
			`}`

			`type meResponse struct {`
			`*chronograf.User`
			Links meLinks `json:"links"`
			`}`

			`// If new user response is nil, return an empty meResponse because it`
			`// indicates authentication is not needed`
			`func newMeResponse(usr *chronograf.User) meResponse {`
			`base := "/chronograf/v1/users"`
			`name := "me"`
			`if usr != nil {`
Fix PathEscape work for go 1.7 2017-04-07 20:32:35 +00:00			`name = PathEscape(usr.Name)`
Update user/role responses to return empty arrays 2017-03-10 19:24:48 +00:00			`}`

			`return meResponse{`
			`User: usr,`
			`Links: meLinks{`
			`Self: fmt.Sprintf("%s/%s", base, name),`
			`},`
			`}`
			`}`

Slightly DRYer code for getting fields off Principal Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 19:48:51 +00:00			`// getUsername not currently used`
Rename getEmail func & email var to getUsername & username Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-16 23:55:09 +00:00			`func getUsername(ctx context.Context) (string, error) {`
Update user/role responses to return empty arrays 2017-03-10 19:24:48 +00:00			`principal, err := getPrincipal(ctx)`
			`if err != nil {`
			`return "", err`
			`}`
			`if principal.Subject == "" {`
			`return "", fmt.Errorf("Token not found")`
			`}`
			`return principal.Subject, nil`
			`}`

Slightly DRYer code for getting fields off Principal Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 19:48:51 +00:00			`// getProvider not currently used`
Modify /me to match User via UsersStore.All & principal's Issuer Signed-off-by: Jared Scheib <jared.scheib@gmail.com> 2017-10-17 00:30:23 +00:00			`func getProvider(ctx context.Context) (string, error) {`
			`principal, err := getPrincipal(ctx)`
			`if err != nil {`
			`return "", err`
			`}`
			`if principal.Issuer == "" {`
			`return "", fmt.Errorf("Token not found")`
			`}`
			`return principal.Issuer, nil`
			`}`

Set Scheme to be OAuth2 explicitly for all users Add Provider to Users authenticated via /me Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-19 18:17:40 +00:00			`// TODO: This Scheme value is hard-coded temporarily since we only currently`
			`// support OAuth2. This hard-coding should be removed whenever we add`
			`// support for other authentication schemes.`
			`func getScheme(ctx context.Context) (string, error) {`
Lowercase Provider & Scheme & Role values for consistency The client was being sent lowercase values for Role & Provider, but not Scheme. This change makes all the above lowercase. 2017-10-24 23:17:59 +00:00			`return "oauth2", nil`
Set Scheme to be OAuth2 explicitly for all users Add Provider to Users authenticated via /me Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-19 18:17:40 +00:00			`}`

Update user/role responses to return empty arrays 2017-03-10 19:24:48 +00:00			`func getPrincipal(ctx context.Context) (oauth2.Principal, error) {`
			`principal, ok := ctx.Value(oauth2.PrincipalKey).(oauth2.Principal)`
			`if !ok {`
			`return oauth2.Principal{}, fmt.Errorf("Token not found")`
			`}`

			`return principal, nil`
			`}`

Slightly DRYer code for getting fields off Principal Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 19:48:51 +00:00			`func getValidPrincipal(ctx context.Context) (oauth2.Principal, error) {`
			`p, err := getPrincipal(ctx)`
Provide route to change current users organization Add current Organization to JWT. Use OrganizationUsersStore to retrieve Users that are not me. Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-26 22:01:20 +00:00			`if err != nil {`
Slightly DRYer code for getting fields off Principal Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 19:48:51 +00:00			`return p, err`
			`}`
			`if p.Subject == "" {`
			`return oauth2.Principal{}, fmt.Errorf("Token not found")`
			`}`
			`if p.Issuer == "" {`
			`return oauth2.Principal{}, fmt.Errorf("Token not found")`
Provide route to change current users organization Add current Organization to JWT. Use OrganizationUsersStore to retrieve Users that are not me. Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-26 22:01:20 +00:00			`}`
Slightly DRYer code for getting fields off Principal Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 19:48:51 +00:00			`return p, nil`
Provide route to change current users organization Add current Organization to JWT. Use OrganizationUsersStore to retrieve Users that are not me. Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-26 22:01:20 +00:00			`}`

			`type meOrganizationRequest struct {`
Change OrganizationID to Organization in Me req 2017-11-01 14:37:32 +00:00			`// Organization is the OrganizationID`
			Organization string `json:"organization"`
Provide route to change current users organization Add current Organization to JWT. Use OrganizationUsersStore to retrieve Users that are not me. Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-26 22:01:20 +00:00			`}`

Validate Organization and that User belongs to Org in MeOrganization Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 17:02:02 +00:00			`// MeOrganization changes the user's current organization on the JWT and responds`
			`// with the same semantics as Me`
Provide route to change current users organization Add current Organization to JWT. Use OrganizationUsersStore to retrieve Users that are not me. Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-26 22:01:20 +00:00			`func (s Service) MeOrganization(auth oauth2.Authenticator) func(http.ResponseWriter, http.Request) {`
			`return func(w http.ResponseWriter, r *http.Request) {`
			`ctx := r.Context()`
			`principal, err := auth.Validate(ctx, r)`
			`if err != nil {`
			`s.Logger.Error("Invalid principal")`
			`w.WriteHeader(http.StatusForbidden)`
			`return`
			`}`
			`var req meOrganizationRequest`
			`if err := json.NewDecoder(r.Body).Decode(&req); err != nil {`
			`invalidJSON(w, s.Logger)`
			`return`
			`}`

Validate Organization and that User belongs to Org in MeOrganization Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 17:02:02 +00:00			`// validate that the organization exists`
Change OrganizationID to Organization in Me req 2017-11-01 14:37:32 +00:00			`orgID, err := strconv.ParseUint(req.Organization, 10, 64)`
Validate Organization and that User belongs to Org in MeOrganization Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 17:02:02 +00:00			`if err != nil {`
			`Error(w, http.StatusInternalServerError, err.Error(), s.Logger)`
			`return`
			`}`
Refactor data stores into a common interface 2017-10-31 20:41:17 +00:00			`_, err = s.Store.Organizations(ctx).Get(ctx, chronograf.OrganizationQuery{ID: &orgID})`
Validate Organization and that User belongs to Org in MeOrganization Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 17:02:02 +00:00			`if err != nil {`
			`Error(w, http.StatusBadRequest, err.Error(), s.Logger)`
			`return`
			`}`

Slightly DRYer code for getting fields off Principal Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 19:48:51 +00:00			`p, err := getValidPrincipal(ctx)`
Validate Organization and that User belongs to Org in MeOrganization Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 17:02:02 +00:00			`if err != nil {`
			`invalidData(w, err, s.Logger)`
			`return`
			`}`
			`scheme, err := getScheme(ctx)`
			`if err != nil {`
			`invalidData(w, err, s.Logger)`
			`return`
			`}`
			`// validate that user belongs to organization`
Change OrganizationID to Organization in Me req 2017-11-01 14:37:32 +00:00			`ctx = context.WithValue(ctx, organizations.ContextKey, req.Organization)`
Refactor data stores into a common interface 2017-10-31 20:41:17 +00:00			`_, err = s.Store.Users(ctx).Get(ctx, chronograf.UserQuery{`
Slightly DRYer code for getting fields off Principal Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 19:48:51 +00:00			`Name: &p.Subject,`
			`Provider: &p.Issuer,`
Validate Organization and that User belongs to Org in MeOrganization Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 17:02:02 +00:00			`Scheme: &scheme,`
			`})`
			`if err == chronograf.ErrUserNotFound {`
Test MeOrganization for valid org with invalid user, and invalid org Signed-off-by: Jared Scheib <jared.scheib@gmail.com> 2017-10-27 17:14:14 +00:00			`Error(w, http.StatusBadRequest, err.Error(), s.Logger)`
Validate Organization and that User belongs to Org in MeOrganization Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 17:02:02 +00:00			`return`
			`}`
			`if err != nil {`
			`Error(w, http.StatusBadRequest, err.Error(), s.Logger)`
			`return`
			`}`

Change organization in meOrganizationRequest to currentOrganization Signed-off-by: Jared Scheib <jared.scheib@gmail.com> 2017-10-26 23:02:29 +00:00			`// TODO: change to principal.CurrentOrganization`
Change OrganizationID to Organization in Me req 2017-11-01 14:37:32 +00:00			`principal.Organization = req.Organization`
Provide route to change current users organization Add current Organization to JWT. Use OrganizationUsersStore to retrieve Users that are not me. Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-26 22:01:20 +00:00
			`if err := auth.Authorize(ctx, w, principal); err != nil {`
			`Error(w, http.StatusInternalServerError, err.Error(), s.Logger)`
			`return`
			`}`

			`ctx = context.WithValue(ctx, oauth2.PrincipalKey, principal)`

			`s.Me(w, r.WithContext(ctx))`
			`}`
			`}`

Rename getEmail func & email var to getUsername & username Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-16 23:55:09 +00:00			`// Me does a findOrCreate based on the username in the context`
Rename vestigial receiver 'h' on Service to 's' Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-10 22:27:58 +00:00			`func (s Service) Me(w http.ResponseWriter, r http.Request) {`
Update user/role responses to return empty arrays 2017-03-10 19:24:48 +00:00			`ctx := r.Context()`
Rename vestigial receiver 'h' on Service to 's' Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-10 22:27:58 +00:00			`if !s.UseAuth {`
Update user/role responses to return empty arrays 2017-03-10 19:24:48 +00:00			`// If there's no authentication, return an empty user`
			`res := newMeResponse(nil)`
Rename vestigial receiver 'h' on Service to 's' Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-10 22:27:58 +00:00			`encodeJSON(w, http.StatusOK, res, s.Logger)`
Update user/role responses to return empty arrays 2017-03-10 19:24:48 +00:00			`return`
			`}`

Slightly DRYer code for getting fields off Principal Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 19:48:51 +00:00			`p, err := getValidPrincipal(ctx)`
Modify /me to match User via UsersStore.All & principal's Issuer Signed-off-by: Jared Scheib <jared.scheib@gmail.com> 2017-10-17 00:30:23 +00:00			`if err != nil {`
			`invalidData(w, err, s.Logger)`
			`return`
			`}`
Set Scheme to be OAuth2 explicitly for all users Add Provider to Users authenticated via /me Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-19 18:17:40 +00:00			`scheme, err := getScheme(ctx)`
			`if err != nil {`
			`invalidData(w, err, s.Logger)`
			`return`
			`}`
User explicit type when setting context 2017-11-01 13:49:02 +00:00			`ctx = context.WithValue(ctx, organizations.ContextKey, p.Organization)`
			`ctx = context.WithValue(ctx, SuperAdminKey, true)`
Remove RawUsers from DataStore 2017-10-31 21:49:35 +00:00
			`usr, err := s.Store.Users(ctx).Get(ctx, chronograf.UserQuery{`
Slightly DRYer code for getting fields off Principal Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 19:48:51 +00:00			`Name: &p.Subject,`
			`Provider: &p.Issuer,`
Set Scheme to be OAuth2 explicitly for all users Add Provider to Users authenticated via /me Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-19 18:17:40 +00:00			`Scheme: &scheme,`
			`})`
Use new chonograf.UserStore Get method when needed Refactor tests that were dependent of old implementation of UsersStore 2017-10-18 18:45:33 +00:00			`if err != nil && err != chronograf.ErrUserNotFound {`
Extract logic for getting user by name & provider 2017-10-18 16:34:23 +00:00			`unknownErrorWithMessage(w, err, s.Logger)`
Modify /me to match User via UsersStore.All & principal's Issuer Signed-off-by: Jared Scheib <jared.scheib@gmail.com> 2017-10-17 00:30:23 +00:00			`return`
			`}`
Update user/role responses to return empty arrays 2017-03-10 19:24:48 +00:00
Modify /me to match User via UsersStore.All & principal's Issuer Signed-off-by: Jared Scheib <jared.scheib@gmail.com> 2017-10-17 00:30:23 +00:00			`if usr != nil {`
Slightly DRYer code for getting fields off Principal Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 19:48:51 +00:00			`usr.CurrentOrganization = p.Organization`
Update user/role responses to return empty arrays 2017-03-10 19:24:48 +00:00			`res := newMeResponse(usr)`
Rename vestigial receiver 'h' on Service to 's' Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-10 22:27:58 +00:00			`encodeJSON(w, http.StatusOK, res, s.Logger)`
Update user/role responses to return empty arrays 2017-03-10 19:24:48 +00:00			`return`
			`}`

			`// Because we didnt find a user, making a new one`
			`user := &chronograf.User{`
Slightly DRYer code for getting fields off Principal Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 19:48:51 +00:00			`Name: p.Subject,`
			`Provider: p.Issuer,`
Set Scheme to be OAuth2 explicitly for all users Add Provider to Users authenticated via /me Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-19 18:17:40 +00:00			`// TODO: This Scheme value is hard-coded temporarily since we only currently`
			`// support OAuth2. This hard-coding should be removed whenever we add`
			`// support for other authentication schemes.`
Slightly DRYer code for getting fields off Principal Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 19:48:51 +00:00			`Scheme: scheme,`
WIP make app usable by frontend 2017-10-31 23:50:03 +00:00			`Roles: []chronograf.Role{`
			`{`
Add superAdmin to users CRUD 2017-11-01 13:12:19 +00:00			`Name: MemberRoleName,`
WIP cleanup 2017-11-01 00:58:40 +00:00			`// This is the ID of the default organization`
			`Organization: "0",`
WIP make app usable by frontend 2017-10-31 23:50:03 +00:00			`},`
			`},`
Add superAdmin to users CRUD 2017-11-01 13:12:19 +00:00			`SuperAdmin: s.firstUser(),`
Update user/role responses to return empty arrays 2017-03-10 19:24:48 +00:00			`}`

Remove RawUsers from DataStore 2017-10-31 21:49:35 +00:00			`newUser, err := s.Store.Users(ctx).Add(ctx, user)`
Update user/role responses to return empty arrays 2017-03-10 19:24:48 +00:00			`if err != nil {`
			`msg := fmt.Errorf("error storing user %s: %v", user.Name, err)`
Rename vestigial receiver 'h' on Service to 's' Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-10 22:27:58 +00:00			`unknownErrorWithMessage(w, msg, s.Logger)`
Update user/role responses to return empty arrays 2017-03-10 19:24:48 +00:00			`return`
			`}`

Slightly DRYer code for getting fields off Principal Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-27 19:48:51 +00:00			`newUser.CurrentOrganization = p.Organization`
Update user/role responses to return empty arrays 2017-03-10 19:24:48 +00:00			`res := newMeResponse(newUser)`
Rename vestigial receiver 'h' on Service to 's' Signed-off-by: Michael de Sa <mjdesa@gmail.com> 2017-10-10 22:27:58 +00:00			`encodeJSON(w, http.StatusOK, res, s.Logger)`
Update user/role responses to return empty arrays 2017-03-10 19:24:48 +00:00			`}`
Add superAdmin to users CRUD 2017-11-01 13:12:19 +00:00
			`// TODO(desa): very slow`
			`func (s *Service) firstUser() bool {`
User explicit type when setting context 2017-11-01 13:49:02 +00:00			`ctx := context.WithValue(context.Background(), SuperAdminKey, true)`
Add superAdmin to users CRUD 2017-11-01 13:12:19 +00:00			`users, err := s.Store.Users(ctx).All(ctx)`
			`if err != nil {`
			`return false`
			`}`

			`return len(users) == 0`
			`}`