/packages/backend/services/workspace/update_user.go at 3ef3e56de9dfcbdc244e67a8f633262d20c158d6

// SPDX-FileCopyrightText: 2025 Shota FUJI <pockawoooh@gmail.com>
// SPDX-License-Identifier: AGPL-3.0-only

package workspace

import (
	"context"
	"slices"
	"strings"

	"connectrpc.com/connect"
	"google.golang.org/protobuf/proto"

	eventV1 "pocka.jp/x/yamori/proto/go/backend/events/v1"
	"pocka.jp/x/yamori/proto/go/backend/workspace/v1/types"
	errorV1 "pocka.jp/x/yamori/proto/go/error/v1"
	workspaceV2 "pocka.jp/x/yamori/proto/go/workspace/v2"

	"pocka.jp/x/yamori/backend/core/event"
	"pocka.jp/x/yamori/backend/core/projection"
	workspaceEvent "pocka.jp/x/yamori/backend/events/workspace"
)

func updateUserSystemError(message string) *connect.Response[workspaceV2.UpdateUserResponse] {
	return connect.NewResponse(&workspaceV2.UpdateUserResponse{
		Result: &workspaceV2.UpdateUserResponse_SystemError{
			SystemError: &errorV1.SystemError{
				Message: proto.String(message),
			},
		},
	})
}

func updateUserAuthError() *connect.Response[workspaceV2.UpdateUserResponse] {
	return connect.NewResponse(&workspaceV2.UpdateUserResponse{
		Result: &workspaceV2.UpdateUserResponse_AuthenticationError{
			AuthenticationError: &errorV1.AuthenticationError{},
		},
	})
}

func updateUserMissingField(path string) *connect.Response[workspaceV2.UpdateUserResponse] {
	return connect.NewResponse(&workspaceV2.UpdateUserResponse{
		Result: &workspaceV2.UpdateUserResponse_MissingFieldError{
			MissingFieldError: &errorV1.MissingFieldError{
				Path: proto.String(path),
			},
		},
	})
}

func updateUserPermError() *connect.Response[workspaceV2.UpdateUserResponse] {
	return connect.NewResponse(&workspaceV2.UpdateUserResponse{
		Result: &workspaceV2.UpdateUserResponse_PermissionError{
			PermissionError: &errorV1.PermissionError{},
		},
	})
}

func (s *Service) UpdateUser(
	ctx context.Context,
	req *connect.Request[workspaceV2.UpdateUserRequest],
) (*connect.Response[workspaceV2.UpdateUserResponse], error) {
	logger := s.core.Logger.With(
		"service", "yamori.workspace.v2.WorkspaceService",
		"method", "UpdateUser",
	)

	header := req.Header()
	token, err := s.core.LoadTokenFromCookie(&header)
	if err != nil || token == nil {
		return updateUserAuthError(), nil
	}

	tx, err := s.core.DB.Begin()
	if err != nil {
		logger.Error("Failed to begin transaction", "error", err)
		return updateUserSystemError("Database error"), nil
	}
	defer tx.Rollback()

	secret, err := projection.GetLoginJwtSecret(tx)
	if err != nil {
		logger.Error("Failed to read login_jwt_secret projection", "error", err)
		return updateUserSystemError("Database error"), nil
	}

	workspace, err := projection.GetWorkspace(tx)
	if err != nil {
		logger.Error("Failed to read workspace projection", "error", err)
		return updateUserSystemError("Database error"), nil
	}

	users, err := projection.GetUsers(tx)
	if err != nil {
		logger.Error("Failed to read users projection", "error", err)
		return updateUserSystemError("Database error"), nil
	}

	if err := event.UpdateProjections(tx, workspace, secret, users); err != nil {
		logger.Error("Failed to update projections", "error", err)
		return updateUserSystemError("Database error"), nil
	}

	loginUser, err := token.FindUser(secret, users)
	if err != nil {
		logger.Warn("Malformed token found", "error", err)
		return updateUserAuthError(), nil
	}

	if req.Msg.Id == nil {
		return updateUserMissingField("id"), nil
	}

	id := req.Msg.Id.GetValue()
	if id == "" {
		return updateUserMissingField("id.value"), nil
	}

	updateFields := req.Msg.UpdateFields
	if len(updateFields) == 0 {
		updateFields = []int32{4, 5, 6, 7}
	}

	name := ""
	if slices.Contains(updateFields, 4) {
		name = req.Msg.GetName()
		if strings.Trim(name, " \r\n\t") != name {
			return connect.NewResponse(&workspaceV2.UpdateUserResponse{
				Result: &workspaceV2.UpdateUserResponse_NameSurroundedBySpaces{
					NameSurroundedBySpaces: "Name cannot contain space, CR, LF, Tab",
				},
			}), nil
		}

		for _, u := range users.Projection.Users {
			if u.GetId() != id && u.GetName() == name {
				return connect.NewResponse(&workspaceV2.UpdateUserResponse{
					Result: &workspaceV2.UpdateUserResponse_DuplicatedName{
						DuplicatedName: name,
					},
				}), nil
			}
		}
	}

	displayName := ""
	if slices.Contains(updateFields, 5) {
		displayName = strings.Trim(req.Msg.GetDisplayName(), " \r\n\t")
	}

	for _, u := range users.Projection.Users {
		if u.GetId() == id {
			requiredPerm := types.Permission_PERMISSION_UPDATE_REGULAR_USER_PROFILE
			if u.GetIsAdmin() {
				requiredPerm = types.Permission_PERMISSION_UPDATE_REGULAR_USER_PROFILE
			}
			if id == loginUser.GetId() {
				requiredPerm = types.Permission_PERMISSION_UPDATE_SELF_PROFILE
			}

			if !slices.Contains(loginUser.Permissions, requiredPerm) {
				return updateUserPermError(), nil
			}

			events := make([]*eventV1.Event, 0, 3)

			if name != "" || displayName != "" {
				events = append(events, workspaceEvent.UpdateUser(id, name, displayName))
			}

			if slices.Contains(updateFields, 6) {
				if req.Msg.GetIsAdmin() {
					if !slices.Contains(loginUser.Permissions, types.Permission_PERMISSION_ADD_ADMIN_USER) {
						return updateUserPermError(), nil
					}

					if !u.GetIsAdmin() {
						events = append(events, workspaceEvent.GrantAdminAccess(id))
					}
				} else {
					if u.GetIsAdmin() {
						if workspace.Projection.GetNumberOfAdmins() == 1 {
							logger.Warn("Attempt to remove admin role from only admin in the workspace", "userID", id)
							return updateUserSystemError("This operation results in no admin. Aborted."), nil
						}

						events = append(events, workspaceEvent.RevokeAdminAccess(id))
					}
				}
			}

			if slices.Contains(updateFields, 7) {
				permissionUpdateFields := req.Msg.PermissionUpdateFields
				if len(permissionUpdateFields) == 0 {
					permissionUpdateFields = []int32{
						1, 2, 3, 4, 5, 6, 7,
					}
				}

				perms := req.Msg.Permissions
				if perms == nil {
					perms = &workspaceV2.UserPermissions{}
				}

				permissionsToAdd := make([]types.Permission, 0)
				permissionsToRemove := make([]types.Permission, 0)

				for _, num := range permissionUpdateFields {
					switch num {
					case 1:
						if perms.GetCanAddUser() {
							permissionsToAdd = append(permissionsToAdd, types.Permission_PERMISSION_ADD_REGULAR_USER)
						} else {
							permissionsToRemove = append(permissionsToRemove, types.Permission_PERMISSION_ADD_REGULAR_USER)
						}
					case 2:
						if perms.GetCanDeleteRegularUser() {
							permissionsToAdd = append(permissionsToAdd, types.Permission_PERMISSION_DELETE_REGULAR_USER)
						} else {
							permissionsToRemove = append(permissionsToRemove, types.Permission_PERMISSION_DELETE_REGULAR_USER)
						}
					case 3:
						if perms.GetCanReadOtherUserProfile() {
							permissionsToAdd = append(permissionsToAdd, types.Permission_PERMISSION_READ_REGULAR_USER_PROFILE)
						} else {
							permissionsToRemove = append(permissionsToRemove, types.Permission_PERMISSION_READ_REGULAR_USER_PROFILE)
						}
					case 4:
						if perms.GetCanUpdateOtherRegularUserProfile() {
							permissionsToAdd = append(permissionsToAdd, types.Permission_PERMISSION_UPDATE_REGULAR_USER_PROFILE)
						} else {
							permissionsToRemove = append(permissionsToRemove, types.Permission_PERMISSION_UPDATE_REGULAR_USER_PROFILE)
						}
					case 5:
						if perms.GetCanUpdateSelfProfile() {
							permissionsToAdd = append(permissionsToAdd, types.Permission_PERMISSION_UPDATE_SELF_PROFILE)
						} else {
							permissionsToRemove = append(permissionsToRemove, types.Permission_PERMISSION_UPDATE_SELF_PROFILE)
						}
					case 6:
						if perms.GetCanUpdateOtherRegularUserLoginMethod() {
							permissionsToAdd = append(permissionsToAdd, types.Permission_PERMISSION_UPDATE_REGULAR_USER_LOGIN_METHOD)
						} else {
							permissionsToRemove = append(permissionsToRemove, types.Permission_PERMISSION_UPDATE_REGULAR_USER_LOGIN_METHOD)
						}
					case 7:
						if perms.GetCanUpdateWorkspace() {
							permissionsToAdd = append(permissionsToAdd, types.Permission_PERMISSION_EDIT_WORKSPACE_PROFILE)
						} else {
							permissionsToRemove = append(permissionsToRemove, types.Permission_PERMISSION_EDIT_WORKSPACE_PROFILE)
						}
					}
				}

				for _, perm := range permissionsToAdd {
					if !slices.Contains(loginUser.Permissions, perm) {
						return updateUserPermError(), nil
					}
				}

				if len(permissionsToAdd) > 0 {
					events = append(events, workspaceEvent.GrantPermission(id, permissionsToAdd))
				}

				if len(permissionsToRemove) > 0 {
					events = append(events, workspaceEvent.RevokePermission(id, permissionsToRemove))
				}
			}

			if err := event.AppendEvents(tx, events); err != nil {
				logger.Error("Failed to append user update events", "error", err)
				return updateUserSystemError("Database error"), nil
			}

			if err := event.UpdateProjections(tx, workspace, users); err != nil {
				logger.Error("Failed to update workspace and users projection")
				return updateUserSystemError("Database error"), nil
			}

			if err := tx.Commit(); err != nil {
				logger.Error("Failed to commit transaction", "error", err)
				return updateUserSystemError("Database error"), nil
			}

			for _, updated := range users.Projection.Users {
				if updated.GetId() == id {
					return connect.NewResponse(&workspaceV2.UpdateUserResponse{
						Result: &workspaceV2.UpdateUserResponse_Ok{
							Ok: projectionUserToMessage(updated),
						},
					}), nil
				}
			}

			return updateUserSystemError("Updated user not found"), nil
		}
	}

	return connect.NewResponse(&workspaceV2.UpdateUserResponse{
		Result: &workspaceV2.UpdateUserResponse_NotFound{
			NotFound: &errorV1.NotFound{
				TypeName: proto.String("yamori.workspace.v2.User"),
			},
		},
	}), nil
}