diff --git a/internal/dis/component/auth/policy/grants.go b/internal/dis/component/auth/policy/grants.go index 70109c4..3cebab3 100644 --- a/internal/dis/component/auth/policy/grants.go +++ b/internal/dis/component/auth/policy/grants.go @@ -13,7 +13,10 @@ var ( ErrInvalid = errors.New("invalid parameters") ) -// Set sets a specific grant, overwriting a previous grant (if any) +// Set sets a specific grant, overwriting any previous grant. +// +// User and Slug must not be empty. +// If DrupalUsername is empty, sets the username to be equal to the user. func (policy *Policy) Set(ctx context.Context, grant models.Grant) error { if grant.DrupalUsername == "" { grant.DrupalUsername = grant.User @@ -37,9 +40,9 @@ func (policy *Policy) Set(ctx context.Context, grant models.Grant) error { } // and create or update the given user / slug combination - return table.Clauses(clause.OnConflict{ - UpdateAll: true, - }).Create(&grant).Error + return table.Clauses( + clause.OnConflict{OnConstraint: "user_slug", UpdateAll: true}, + ).Create(&grant).Error } // Remove removes access for the given username form the given instance. diff --git a/internal/models/grant.go b/internal/models/grant.go index 6daf423..201beeb 100644 --- a/internal/models/grant.go +++ b/internal/models/grant.go @@ -7,9 +7,9 @@ const GrantTable = "grant" type Grant struct { Pk uint `gorm:"column:pk;primaryKey"` - User string `gorm:"column:user;not null;uniqueIndex:user_slug"` // (distillery) username - Slug string `gorm:"column:slug;not null;uniqueIndex:user_slug"` // (distillery) instance slug + User string `gorm:"column:user;not null;index:user_slug,unique"` // (distillery) username + Slug string `gorm:"column:slug;not null;index:user_slug;index:drupal_slug"` // (distillery) instance slug - DrupalUsername string `gorm:"column:drupal_user;not null"` // drupal username - DrupalAdminRole bool `gorm:"column:admin;not null"` // drupal admin rights + DrupalUsername string `gorm:"column:drupal_user;not null;index:drupal_slug,unique"` // drupal username + DrupalAdminRole bool `gorm:"column:admin;not null"` // drupal admin rights }