1 files changed, 115 insertions, 29 deletions

diff --git a/src/guff.cr b/src/guff.cr
index b36abc4..923f8f6 100644
--- a/src/guff.cr
+++ b/src/guff.cr
@@ -199,6 +199,16 @@ module Guff
     end
   end
 
+  module Password
+    def self.create(password : String) : String
+      Crypto::Bcrypt::Password.create(password).to_s
+    end
+
+    def self.test(hash : String, password : String) : Bool
+      Crypto::Bcrypt::Password.new(hash) == password
+    end
+  end
+
   module Models
     abstract class Model
       def initialize(@context : Context)
@@ -351,6 +361,30 @@ module Guff
     end
 
     class UserModel < Model
+      SQL = {
+        add_user: "
+          INSERT INTO users(
+            role_id,
+            name,
+            email,
+            password,
+            is_active
+          ) VALUES (
+            (SELECT role_id FROM roles where role = ?),
+            ?,
+            ?,
+            ?,
+            ?
+          )
+        ",
+
+        set_user: "
+          UPDATE users
+             SET %s
+           WHERE user_id = ?
+        ",
+      }
+
       def login(user : String, pass : String) : String?
         if @context.development?
           if user == "test" && pass == "test"
@@ -380,39 +414,67 @@ module Guff
       end
 
       def add_user(
-        name      : String?         = nil,
-        email     : String?         = nil,
-        password  : String?         = nil,
-        groups    : Array(String)?  = nil,
-        active    : Bool?           = nil,
+        name      : String,
+        email     : String,
+        password  : String,
+        role      : String,
+        active    : Bool,
       ) : Int64
-        # TODO create user
-        user_id = 0_i64
-
-        # set user attributes
-        set_user(
-          user_id:  user_id,
-          email:    email,
-          password: password,
-          groups:   groups,
-          active:   active,
-        )
+        @context.dbs.rw.query(SQL[:add_user], [
+          role,
+          name,
+          email,
+          Password.create(password),
+          active ? "1" : "0",
+        ])
 
-        # return user id
-        user_id
+        @context.dbs.rw.last_insert_row_id.to_i64
       end
 
       def set_user(
         user_id   : Int64,
-        name      : String?         = nil,
-        email     : String?         = nil,
-        password  : String?         = nil,
-        groups    : Array(String)?  = nil,
-        active    : Bool?           = nil,
+        name      : String? = nil,
+        email     : String? = nil,
+        password  : String? = nil,
+        role      : String? = nil,
+        active    : Bool?   = nil,
       )
+        sets = [] of String
+        args = [] of String
+
+        if name
+          sets << "name = ?"
+          args << name
+        end
+
+        if email
+          sets << "email = ?"
+          args << email
+        end
+
+        if role
+          sets << "role_id = (SELECT role_id FROM roles WHERE role = ?)"
+          args << role
+        end
+
+        if password
+          sets << "password = ?"
+          args << Password.create(password)
+        end
+
+        if active != nil
+          sets << "is_active = ?"
+          args << (active ? "1" : "0")
+        end
+
+        if sets.size > 0
+          args << user_id.to_s
+          @context.dbs.rw.query(SQL[:set_user] % sets.join(", "), args)
+        end
       end
 
       def get_users
+        # TODO
       end
     end
 
@@ -684,14 +746,32 @@ module Guff
     module UserAPI
       def do_user_add_user(params : HTTP::Params)
         user_id = @context.models.user.add_user(
-          name:     params["name"]?,
+          name:     params["name"],
           email:    params["email"],
+          password: params["password"],
+          active:   (params["active"] == "t"),
+          role:     params["role"],
+        )
+
+        { "user_id": user_id }
+      end
+
+      def do_user_set_user(params : HTTP::Params)
+        @context.models.user.set_user(
+          user_id:  params["user_id"].to_i64,
+          name:     params["name"]?,
+          email:    params["email"]?,
           password: params["password"]?,
           active:   params["active"]? ? (params["active"] == "t") : nil,
-          # groups:   params["groups"]? ? JSON.parse(params["groups"]) : nil,
+          role:     params["role"]?,
         )
 
-        { "user_id": user_id }
+        nil
+      end
+
+      def do_user_get_users(params : HTTP::Params)
+        # @context.models.user.get_users
+        nil
       end
     end
   end
@@ -879,7 +959,13 @@ module Guff
            (@context.development? && context.request.method == "GET")
           if md = PATH_RE.match(context.request.path.not_nil!)
             namespace, method = %w{namespace method}.map { |k| md[k] }
-            params = HTTP::Params.parse(context.request.body || "")
+
+            # get query parameteres
+            params = if (context.request.method == "GET")
+              context.request.query_params
+            else
+              HTTP::Params.parse(context.request.body || "")
+            end
 
             code, data = begin
               { 200, api_method_dispatch(API_MODULES) }
@@ -1383,7 +1469,7 @@ module Guff
           CREATE TABLE sites (
             site_id     INTEGER PRIMARY KEY,
 
-            name        TEXT UNIQUE NOT NULL 
+            name        TEXT UNIQUE NOT NULL
                         CHECK (LENGTH(name) > 0),
 
             is_active   BOOLEAN NOT NULL DEFAULT false,
@@ -1571,7 +1657,7 @@ module Guff
         }
 
         private def add_admin_user(db : Database, password : String)
-          pass_hash = Crypto::Bcrypt::Password.create(password).to_s
+          pass_hash = Password.create(password)
           # STDERR.puts "DEBUG: adding admin user (pass_hash = #{pass_hash}"
           db.query(ADD_ADMIN_USER_SQL, [pass_hash])
         end