fixed some endpoint consistency bugs, now works properly

Author: Hubtrick-Git

controllers/admin_controller.go

@@ -94,12 +94,11 @@ func (controller *AdminController) AddAdminToOrg(ctx shared.Context) error {
 	orgID := ctx.Param("orgID")
 	parsedOrgID, err := uuid.Parse(orgID)
 	if err != nil {
-		return echo.NewHTTPError(400, "missing or invalid user id")
+		return echo.NewHTTPError(400, "missing or invalid org id")
 	}
 
-	user := ctx.Param("userID")
-
-	if !utils.IsEmail(user) {
+	user, err := extractMailFromRequest(ctx)
+	if err != nil {
 		return echo.NewHTTPError(400, "user is not a valid mail address")
 	}
 
@@ -124,43 +123,32 @@ func (controller *AdminController) AddAdminToOrg(ctx shared.Context) error {
 	if err != nil {
 		return echo.NewHTTPError(500, "could not add admin to organization").WithInternal(err)
 	}
-	return ctx.JSON(201, nil)
+	return ctx.NoContent(201)
 }
 
 func (controller *AdminController) RevokeAdmin(ctx shared.Context) error {
 	orgID := ctx.Param("orgID")
 	parsedOrgID, err := uuid.Parse(orgID)
 	if err != nil {
-		return echo.NewHTTPError(400, "missing or invalid user id")
+		return echo.NewHTTPError(400, "missing or invalid org id")
 	}
 
-	user := ctx.Param("userID")
-
-	if !utils.IsEmail(user) {
-		return echo.NewHTTPError(400, "user is not a valid mail address")
+	userID := ctx.Param("userID")
+	parsedUserID, err := uuid.Parse(userID)
+	if err != nil {
+		return echo.NewHTTPError(400, "missing or invalid user id")
 	}
 
 	authAdminClient := shared.GetAuthAdminClient(ctx)
 	if authAdminClient == nil {
 		return echo.NewHTTPError(500, "could not get auth client")
 	}
-	userID, err := controller.adminService.GetUserIDFromMail(context.Background(), authAdminClient, user)
-	if err != nil {
-		switch err.Error() {
-		case dtos.CouldNotFindUserWithMail:
-			return echo.NewHTTPError(404, "could not find a user associated with this email")
-		case dtos.CouldNotFindDefinitiveUserWithMail:
-			return echo.NewHTTPError(400, "could not find a definitive user associated with this email")
-		default:
-			return echo.NewHTTPError(500, "could not determine user based on email")
-		}
-	}
 
-	err = controller.adminService.RevokeAdminFromOrg(context.Background(), parsedOrgID, userID)
+	err = controller.adminService.RevokeAdminFromOrg(context.Background(), parsedOrgID, parsedUserID)
 	if err != nil {
 		return echo.NewHTTPError(500, "could not revoke admin role from user")
 	}
-	return ctx.JSON(204, nil)
+	return ctx.NoContent(204)
 }
 
 // checkCooldown reads the config DB for the last trigger time and returns an
@@ -420,3 +408,15 @@ func (controller *AdminController) runDaemonSSE(
 	// Return nil so Echo does not try to write again.
 	return nil
 }
+
+func extractMailFromRequest(ctx shared.Context) (string, error) {
+	userID, err := shared.GetURLDecodedParam(ctx, "userMail")
+	if err != nil {
+		return "", err
+	}
+
+	if !utils.IsEmail(userID) {
+		return "", fmt.Errorf("mail is invalid")
+	}
+	return userID, nil
+}

router/admin_router.go

@@ -35,9 +35,9 @@ func NewAdminRouter(apiV1Router APIV1Router, adminController *controllers.AdminC
 		return ctx.JSON(200, map[string]string{"status": "ok"})
 	})
 
-	adminRouter.GET("/external-orgs", adminController.GetAdminsForExternalOrgs)
-	adminRouter.PUT("/external-orgs/:orgID/admins/:userID", adminController.AddAdminToOrg)
-	adminRouter.DELETE("/external-orgs/:orgID/admins/:userID", adminController.RevokeAdmin)
+	adminRouter.GET("/external-orgs/", adminController.GetAdminsForExternalOrgs)
+	adminRouter.PUT("/external-orgs/:orgID/admins/:userMail/", adminController.AddAdminToOrg)
+	adminRouter.DELETE("/external-orgs/:orgID/admins/:userID/", adminController.RevokeAdmin)
 
 	// Daemon trigger endpoints – each daemon has its own SSE trigger route
 	daemonGroup := adminRouter.Group("/daemons")