github-code-scanning[bot] commented on code in PR #7079:
URL: https://github.com/apache/trafficcontrol/pull/7079#discussion_r988365003
##########
traffic_ops/traffic_ops_golang/server/servers_server_capability.go:
##########
@@ -453,77 +454,167 @@
}
defer inf.Close()
- var msc tc.MultipleServerCapabilities
- if err := json.NewDecoder(r.Body).Decode(&msc); err != nil {
- api.HandleErr(w, r, tx, http.StatusBadRequest, err, nil)
+ var mssc tc.MultipleServersCapabilities
+ if err := json.NewDecoder(r.Body).Decode(&mssc); err != nil {
+ api.HandleErr(w, r, tx, http.StatusBadRequest,
fmt.Errorf("error decoding POST request body into MultipleServersCapabilities
struct %w", err), nil)
return
}
- // Check existence prior to checking type
- _, exists, err := dbhelpers.GetServerNameFromID(tx, int64(msc.ServerID))
- if err != nil {
- api.HandleErr(w, r, tx, http.StatusInternalServerError, nil,
err)
- }
- if !exists {
- userErr := fmt.Errorf("server %d does not exist", msc.ServerID)
- api.HandleErr(w, r, tx, http.StatusNotFound, userErr, nil)
- return
+ if len(mssc.ServerIDs) == 1 {
+ errCode, userErr, sysErr = checkExistingServer(tx,
mssc.ServerIDs[0], inf.User.UserName)
+ if userErr != nil || sysErr != nil {
+ api.HandleErr(w, r, inf.Tx.Tx, errCode, userErr, sysErr)
+ return
+ }
}
- // Ensure type is correct
- correctType := true
- if err := tx.QueryRow(scCheckServerTypeQuery(),
msc.ServerID).Scan(&correctType); err != nil {
+ //Check if the server type is MID and/or EDGE
+ var servArray []int64
+ queryType := `SELECT array_agg(s.id)
+ FROM server s
+ JOIN type t ON s.type = t.id
+ WHERE s.id = any ($1)
+ AND t.use_in_table = 'server'
+ AND (t.name LIKE 'MID%' OR t.name LIKE 'EDGE%')`
+ if err := tx.QueryRow(queryType,
pq.Array(mssc.ServerIDs)).Scan(pq.Array(&servArray)); err != nil {
api.HandleErr(w, r, tx, http.StatusInternalServerError, nil,
fmt.Errorf("checking server type: %w", err))
return
}
- if !correctType {
- userErr := fmt.Errorf("server %d has an incorrect server type.
Server capabilities can only be assigned to EDGE or MID servers", msc.ServerID)
- api.HandleErr(w, r, tx, http.StatusBadRequest, userErr, nil)
- return
+ cmp := make(map[int64]bool)
+ for _, item := range servArray {
+ cmp[item] = true
+ }
+ for _, sid := range mssc.ServerIDs {
+ if _, ok := cmp[sid]; !ok {
+ userErr := fmt.Errorf("server id: %d has an incorrect
server type. Server capability can only be assigned to EDGE or MID servers",
sid)
+ api.HandleErr(w, r, tx, http.StatusBadRequest, userErr,
nil)
+ return
+ }
+ }
+
+ // Insert rows in DB
+ sid := make([]int64, len(mssc.ServerCapabilities))
+ scs := make([]string, len(mssc.ServerIDs))
+ if len(mssc.ServerIDs) == 1 {
+ if len(mssc.ServerCapabilities) >= 1 {
+ for i := range mssc.ServerCapabilities {
+ sid[i] = mssc.ServerIDs[0]
+ }
+ scs = mssc.ServerCapabilities
+ }
+ } else if len(mssc.ServerCapabilities) == 1 {
+ if len(mssc.ServerIDs) >= 1 {
+ for i := range mssc.ServerIDs {
+ scs[i] = mssc.ServerCapabilities[0]
+ }
+ sid = mssc.ServerIDs
+ }
+ } else {
+ scs = mssc.ServerCapabilities
+ sid = mssc.ServerIDs
}
- cdnName, err := dbhelpers.GetCDNNameFromServerID(tx,
int64(msc.ServerID))
+ msscQuery := `INSERT INTO server_server_capability
+ select "server_capability", "server"
+ FROM UNNEST($1::text[], $2::int[]) AS
tmp("server_capability", "server")`
+ _, err := tx.Query(msscQuery, pq.Array(scs), pq.Array(sid))
if err != nil {
- api.HandleErr(w, r, tx, http.StatusInternalServerError, nil,
err)
+ useErr, sysErr, statusCode := api.ParseDBError(err)
+ api.HandleErr(w, r, tx, statusCode, useErr, sysErr)
return
}
- userErr, sysErr, errCode = dbhelpers.CheckIfCurrentUserCanModifyCDN(tx,
string(cdnName), inf.User.UserName)
+ var alerts tc.Alerts
+ if len(mssc.ServerCapabilities) == 1 && len(mssc.ServerIDs) == 1 {
+ alerts = tc.CreateAlerts(tc.SuccessLevel, "Assigned either a
Server Capability to a server or a Server to a capability")
+ } else if len(mssc.ServerCapabilities) > 1 && len(mssc.ServerIDs) == 1 {
+ alerts = tc.CreateAlerts(tc.SuccessLevel, "Multiple Server
Capabilities assigned to a server")
+ } else if len(mssc.ServerCapabilities) == 1 && len(mssc.ServerIDs) > 1 {
+ alerts = tc.CreateAlerts(tc.SuccessLevel, "Multiple Servers
assigned to a capability")
+ } else {
+ alerts = tc.CreateAlerts(tc.SuccessLevel, "Multiple Servers
assigned to multiple capabilities")
+ }
+ api.WriteAlertsObj(w, r, http.StatusOK, alerts, mssc)
+ return
+}
+
+// DeleteMultipleServersCapabilities deletes multiple servers to a capability
or multiple server capabilities to a server
+func DeleteMultipleServersCapabilities(w http.ResponseWriter, r *http.Request)
{
+ inf, userErr, sysErr, errCode := api.NewInfo(r, nil, nil)
+ tx := inf.Tx.Tx
if userErr != nil || sysErr != nil {
- api.HandleErr(w, r, tx, errCode, userErr, sysErr)
+ api.HandleErr(w, r, inf.Tx.Tx, errCode, userErr, sysErr)
return
}
+ defer inf.Close()
- //Delete existing rows from server_server_capability for a given server
- _, err = tx.Exec("DELETE FROM server_server_capability ssc WHERE
ssc.server=$1", msc.ServerID)
- if err != nil {
- useErr, sysErr, statusCode := api.ParseDBError(err)
- api.HandleErr(w, r, tx, statusCode, useErr, sysErr)
+ var mssc tc.MultipleServersCapabilities
+ if err := json.NewDecoder(r.Body).Decode(&mssc); err != nil {
+ api.HandleErr(w, r, tx, http.StatusBadRequest,
fmt.Errorf("error decoding DELETE request body into MultipleServersCapabilities
struct %w", err), nil)
return
}
- multipleServerCapabilities := make([]string, 0,
len(msc.ServerCapabilities))
+ if len(mssc.ServerIDs) == 1 {
+ errCode, userErr, sysErr = checkExistingServer(tx,
mssc.ServerIDs[0], inf.User.UserName)
+ if userErr != nil || sysErr != nil {
+ api.HandleErr(w, r, inf.Tx.Tx, errCode, userErr, sysErr)
+ return
+ }
+ }
- mscQuery := `WITH inserted AS (
- INSERT INTO server_server_capability
- SELECT "server_capability", $2
- FROM UNNEST($1::text[]) AS tmp("server_capability")
- RETURNING server_capability
- )
- SELECT ARRAY_AGG(server_capability)
- FROM (
- SELECT server_capability
- FROM inserted
- ) AS returned(server_capability)`
+ //Delete existing rows from server_server_capability for a given server
or for a given capability
+ var where string
+ if len(mssc.ServerCapabilities) == 1 && len(mssc.ServerIDs) == 1 {
+ where = fmt.Sprintf("WHERE ssc.server_capability='%s' AND
ssc.server=%v", mssc.ServerCapabilities[0], mssc.ServerIDs[0])
+ } else if len(mssc.ServerCapabilities) == 1 {
+ where = fmt.Sprintf("WHERE ssc.server_capability='%s'",
mssc.ServerCapabilities[0])
+ } else if len(mssc.ServerIDs) == 1 {
+ where = fmt.Sprintf("WHERE ssc.server=%v", mssc.ServerIDs[0])
+ }
- err = tx.QueryRow(mscQuery, pq.Array(msc.ServerCapabilities),
msc.ServerID).Scan(pq.Array(&multipleServerCapabilities))
+ delString := "DELETE FROM server_server_capability ssc " + where
+ result, err := tx.Exec(delString)
Review Comment:
## Database query built from user-controlled sources
This query depends on a [user-provided value](1).
[Show more
details](https://github.com/apache/trafficcontrol/security/code-scanning/234)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@trafficcontrol.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
