internal/users: implement logic to enable/disable user

shiv-tyagi · shiv-tyagi · commit 37f97ba6c639 · 2025-02-19T01:45:25.000+05:30
This also adds tests for the same.
diff --git a/internal/users/db/db_test.go b/internal/users/db/db_test.go
@@ -462,6 +462,20 @@ func TestUpdateBrokerForUser(t *testing.T) {
 	require.Error(t, err, "UpdateBrokerForUser for a nonexistent user should return an error")
 }
 
+func TestUpdateDisabledFieldForUser(t *testing.T) {
+	t.Parallel()
+
+	c := initDB(t, "one_user_and_group")
+
+	// Update broker for existent user
+	err := c.UpdateDisabledFieldForUser("user1", true)
+	require.NoError(t, err, "UpdateDisabledFieldForUser for an existent user should not return an error")
+
+	// Error when updating broker for nonexistent user
+	err = c.UpdateDisabledFieldForUser("nonexistent", false)
+	require.Error(t, err, "UpdateDisabledFieldForUser for a nonexistent user should return an error")
+}
+
 func TestRemoveDb(t *testing.T) {
 	t.Parallel()
 
diff --git a/internal/users/db/update.go b/internal/users/db/update.go
@@ -165,3 +165,21 @@ func (m *Manager) UpdateBrokerForUser(username, brokerID string) error {
 
 	return nil
 }
+
+// UpdateDisabledFieldForUser sets the Disabled field to a given value for a user
+func (m *Manager) UpdateDisabledFieldForUser(username string, disabled bool) error {
+	query := `UPDATE users SET disabled = ? WHERE name = ?`
+	res, err := m.db.Exec(query, disabled, username)
+	if err != nil {
+		return fmt.Errorf("failed to update disabled field for user: %w", err)
+	}
+	rowsAffected, err := res.RowsAffected()
+	if err != nil {
+		return fmt.Errorf("failed to get rows affected: %w", err)
+	}
+	if rowsAffected == 0 {
+		return NoDataFoundError{table: "users", key: username}
+	}
+
+	return nil
+}
diff --git a/internal/users/manager.go b/internal/users/manager.go
@@ -334,6 +334,24 @@ func (m *Manager) UpdateBrokerForUser(username, brokerID string) error {
 	return nil
 }
 
+// DisableUser sets the Disabled field to true for the given user.
+func (m *Manager) DisableUser(username string) error {
+	if err := m.db.UpdateDisabledFieldForUser(username, true); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// EnableUser sets the Disabled field to false for the given user.
+func (m *Manager) EnableUser(username string) error {
+	if err := m.db.UpdateDisabledFieldForUser(username, false); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 // IsUserDisabled returns true if the user with the given user name is disabled, false otherwise.
 func (m *Manager) IsUserDisabled(username string) (bool, error) {
 	u, err := m.db.UserByName(username)
diff --git a/internal/users/manager_test.go b/internal/users/manager_test.go
@@ -325,6 +325,96 @@ func TestUpdateBrokerForUser(t *testing.T) {
 	}
 }
 
+func TestDisableUser(t *testing.T) {
+	tests := map[string]struct {
+		username string
+
+		dbFile string
+
+		wantErr     bool
+		wantErrType error
+	}{
+		"Successfully_update_broker_for_user": {},
+
+		"Error_if_user_does_not_exist": {username: "doesnotexist", wantErrType: db.NoDataFoundError{}},
+	}
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			// We don't care about the output of gpasswd in this test, but we still need to mock it.
+			_ = localgroupstestutils.SetupGPasswdMock(t, "empty.group")
+
+			if tc.username == "" {
+				tc.username = "user1"
+			}
+			if tc.dbFile == "" {
+				tc.dbFile = "multiple_users_and_groups"
+			}
+
+			dbDir := t.TempDir()
+			err := db.Z_ForTests_CreateDBFromYAML(filepath.Join("testdata", "db", tc.dbFile+".db.yaml"), dbDir)
+			require.NoError(t, err, "Setup: could not create database from testdata")
+			m := newManagerForTests(t, dbDir)
+
+			err = m.DisableUser(tc.username)
+
+			requireErrorAssertions(t, err, tc.wantErrType, tc.wantErr)
+			if tc.wantErrType != nil || tc.wantErr {
+				return
+			}
+
+			got, err := db.Z_ForTests_DumpNormalizedYAML(userstestutils.GetManagerDB(m))
+			require.NoError(t, err, "Created database should be valid yaml content")
+
+			golden.CheckOrUpdate(t, got)
+		})
+	}
+}
+
+func TestEnableUser(t *testing.T) {
+	tests := map[string]struct {
+		username string
+
+		dbFile string
+
+		wantErr     bool
+		wantErrType error
+	}{
+		"Successfully_update_broker_for_user": {},
+
+		"Error_if_user_does_not_exist": {username: "doesnotexist", wantErrType: db.NoDataFoundError{}},
+	}
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			// We don't care about the output of gpasswd in this test, but we still need to mock it.
+			_ = localgroupstestutils.SetupGPasswdMock(t, "empty.group")
+
+			if tc.username == "" {
+				tc.username = "user1"
+			}
+			if tc.dbFile == "" {
+				tc.dbFile = "disabled_user"
+			}
+
+			dbDir := t.TempDir()
+			err := db.Z_ForTests_CreateDBFromYAML(filepath.Join("testdata", "db", tc.dbFile+".db.yaml"), dbDir)
+			require.NoError(t, err, "Setup: could not create database from testdata")
+			m := newManagerForTests(t, dbDir)
+
+			err = m.EnableUser(tc.username)
+
+			requireErrorAssertions(t, err, tc.wantErrType, tc.wantErr)
+			if tc.wantErrType != nil || tc.wantErr {
+				return
+			}
+
+			got, err := db.Z_ForTests_DumpNormalizedYAML(userstestutils.GetManagerDB(m))
+			require.NoError(t, err, "Created database should be valid yaml content")
+
+			golden.CheckOrUpdate(t, got)
+		})
+	}
+}
+
 //nolint:dupl // This is not a duplicate test
 func TestUserByIDAndName(t *testing.T) {
 	tests := map[string]struct {
diff --git a/internal/users/testdata/db/disabled_user.db.yaml b/internal/users/testdata/db/disabled_user.db.yaml
@@ -0,0 +1,18 @@
+users:
+    - name: user1
+      uid: 1111
+      gid: 11111
+      gecos: |-
+        User1 gecos
+        On multiple lines
+      dir: /home/user1
+      shell: /bin/bash
+      broker_id: broker-id
+      disabled: true
+groups:
+    - name: group1
+      gid: 11111
+      ugid: "12345678"
+users_to_groups:
+    - uid: 1111
+      gid: 11111
diff --git a/internal/users/testdata/golden/TestDisableUser/Successfully_update_broker_for_user b/internal/users/testdata/golden/TestDisableUser/Successfully_update_broker_for_user
@@ -0,0 +1,64 @@
+users:
+    - name: user1
+      uid: 1111
+      gid: 11111
+      gecos: |-
+        User1 gecos
+        On multiple lines
+      dir: /home/user1
+      shell: /bin/bash
+      broker_id: broker-id
+      disabled: true
+    - name: user2
+      uid: 2222
+      gid: 22222
+      gecos: User2
+      dir: /home/user2
+      shell: /bin/dash
+      broker_id: broker-id
+    - name: user3
+      uid: 3333
+      gid: 33333
+      gecos: User3
+      dir: /home/user3
+      shell: /bin/zsh
+      broker_id: broker-id
+    - name: userwithoutbroker
+      uid: 4444
+      gid: 44444
+      gecos: userwithoutbroker
+      dir: /home/userwithoutbroker
+      shell: /bin/sh
+groups:
+    - name: group1
+      gid: 11111
+      ugid: "12345678"
+    - name: group2
+      gid: 22222
+      ugid: "56781234"
+    - name: group3
+      gid: 33333
+      ugid: "34567812"
+    - name: group4
+      gid: 44444
+      ugid: "45678123"
+    - name: commongroup
+      gid: 99999
+      ugid: "87654321"
+users_to_groups:
+    - uid: 1111
+      gid: 11111
+    - uid: 1111
+      gid: 99999
+    - uid: 2222
+      gid: 22222
+    - uid: 2222
+      gid: 99999
+    - uid: 3333
+      gid: 33333
+    - uid: 3333
+      gid: 99999
+    - uid: 4444
+      gid: 44444
+    - uid: 4444
+      gid: 99999
diff --git a/internal/users/testdata/golden/TestEnableUser/Successfully_update_broker_for_user b/internal/users/testdata/golden/TestEnableUser/Successfully_update_broker_for_user
@@ -0,0 +1,17 @@
+users:
+    - name: user1
+      uid: 1111
+      gid: 11111
+      gecos: |-
+        User1 gecos
+        On multiple lines
+      dir: /home/user1
+      shell: /bin/bash
+      broker_id: broker-id
+groups:
+    - name: group1
+      gid: 11111
+      ugid: "12345678"
+users_to_groups:
+    - uid: 1111
+      gid: 11111
