From 3ca80e76500af348132e30f49eca6315ab0b7011 Mon Sep 17 00:00:00 2001
From: Ada Conway <ada@conway.engineer>
Date: Sun, 9 Nov 2025 23:12:51 -0700
Subject: [PATCH] feat: get user table

---
 .../middleware/authorization_middleware.go    |  1 +
 api/controllers/userController.go             | 47 ++++++++++++++++++-
 api/dto/user_response.go                      | 10 ++++
 api/main.go                                   |  4 +-
 api/queries/UserQueries.go                    | 14 ++++++
 5 files changed, 73 insertions(+), 3 deletions(-)
 create mode 100644 api/dto/user_response.go

diff --git a/api/auth/middleware/authorization_middleware.go b/api/auth/middleware/authorization_middleware.go
index ac50402..df5c31f 100644
--- a/api/auth/middleware/authorization_middleware.go
+++ b/api/auth/middleware/authorization_middleware.go
@@ -18,6 +18,7 @@ func IsAdmin(pool *pgxpool.Pool) gin.HandlerFunc {
 			log.Println(conn_err)
 			ctx.AbortWithStatus(http.StatusInternalServerError)
 		}
+		defer conn.Release()
 
 		user_profile, _ := ctx.Get("user_profile")
 
diff --git a/api/controllers/userController.go b/api/controllers/userController.go
index 42e16cf..42742c2 100644
--- a/api/controllers/userController.go
+++ b/api/controllers/userController.go
@@ -6,12 +6,13 @@ import (
 	"net/http"
 	"ordr-api/dto"
 	"ordr-api/queries"
+	"strconv"
 
 	"github.com/gin-gonic/gin"
 	"github.com/jackc/pgx/v5/pgxpool"
 )
 
-func CreateUser(pool *pgxpool.Pool) gin.HandlerFunc {
+func SetUserName(pool *pgxpool.Pool) gin.HandlerFunc {
 	return func(ctx *gin.Context) {
 		conn, err := pool.Acquire(ctx)
 		defer conn.Release()
@@ -96,8 +97,52 @@ func DeactivateUser(pool *pgxpool.Pool) gin.HandlerFunc {
 		user_id := ctx.Query("user_id")
 		if user_id == "" {
 			ctx.String(http.StatusBadRequest, "DeactivateUser(): User id not supplied")
+			return
 		}
 
 		conn.Exec(context.Background(), queries.USER_SET_INACTIVE_QUERY, user_id)
 	}
 }
+
+func GetUserTable(pool *pgxpool.Pool) gin.HandlerFunc {
+	return func(ctx *gin.Context) {
+		conn, conn_err := pool.Acquire(ctx)
+		if conn_err != nil {
+			log.Printf("GetUserTable(): ERROR: Failed to connect... %s", conn_err.Error())
+			ctx.AbortWithStatus(http.StatusInternalServerError)
+		}
+		defer conn.Release()
+
+		page := ctx.Query("page")
+		if page == "" {
+			ctx.String(http.StatusBadRequest, "GetUserTable(): Missing page")
+			return
+		}
+		page_int, conv_err := strconv.Atoi(page)
+		if conv_err != nil {
+			ctx.String(http.StatusBadRequest, "GetUserTable(): Not an integer")
+			return
+		}
+		rows, query_err := conn.Query(context.Background(), queries.USER_GET_TABLE_DATA, page_int*10, 10)
+		if query_err != nil {
+			ctx.String(http.StatusInternalServerError, "GetUserTable(): Failed to query database...")
+			log.Printf("GetUserTable(): ERROR... %s", query_err.Error())
+		}
+		defer rows.Close()
+
+		var users []dto.UserResponse
+		for rows.Next() {
+			var user dto.UserResponse
+			scan_err := rows.Scan(&user.Id, &user.Name, &user.Job_Position, &user.Active, &user.Admin)
+			if scan_err != nil {
+				ctx.String(http.StatusInternalServerError, "GetUserTable(): ERROR: Failed to scan..")
+				log.Printf("GetUserTable(): ERROR... %s", scan_err.Error())
+				return
+			}
+
+			users = append(users, user)
+		}
+
+		ctx.JSON(http.StatusOK, users)
+	}
+}
diff --git a/api/dto/user_response.go b/api/dto/user_response.go
new file mode 100644
index 0000000..8ed71f7
--- /dev/null
+++ b/api/dto/user_response.go
@@ -0,0 +1,10 @@
+package dto
+
+// User response for exposing to the front-end
+type UserResponse struct {
+	Id           int
+	Name         string
+	Job_Position string
+	Active       bool
+	Admin        bool
+}
diff --git a/api/main.go b/api/main.go
index f44976f..87a9a4a 100644
--- a/api/main.go
+++ b/api/main.go
@@ -62,9 +62,9 @@ func main() {
 	router.GET("/auth/logout", auth.LogoutHandler)
 	router.GET("/auth/logout_callback", auth.LogoutCallbackHandler(store))
 	router.GET("/callback", auth.AuthenticationCallbackHandler(authenticator))
-	router.GET("/public", controllers.PublicEndpoint)
+	router.GET("/users", middleware.IsAuthenticated(authenticator), middleware.GetUserProfile, middleware.UserInDatabase(pool), middleware.UserIsActive(pool), middleware.IsAdmin(pool), controllers.GetUserTable(pool))
 
-	router.POST("/user/create", middleware.IsAuthenticated(authenticator), middleware.GetUserProfile, middleware.UserInDatabase(pool), middleware.UserIsActive(pool), controllers.CreateUser(pool))
+	router.POST("/user/name", middleware.IsAuthenticated(authenticator), middleware.GetUserProfile, middleware.UserInDatabase(pool), middleware.UserIsActive(pool), controllers.SetUserName(pool))
 
 	router.PUT("/user/promote", middleware.IsAuthenticated(authenticator), middleware.GetUserProfile, middleware.UserInDatabase(pool), middleware.UserIsActive(pool), middleware.IsAdmin(pool), controllers.PromoteUser(pool))
 	router.PUT("/user/demote", middleware.IsAuthenticated(authenticator), middleware.GetUserProfile, middleware.UserInDatabase(pool), middleware.UserIsActive(pool), middleware.IsAdmin(pool), controllers.DemoteUser(pool))
diff --git a/api/queries/UserQueries.go b/api/queries/UserQueries.go
index 376d890..62a281a 100644
--- a/api/queries/UserQueries.go
+++ b/api/queries/UserQueries.go
@@ -19,3 +19,17 @@ UPDATE ordr_user SET is_admin = FALSE WHERE id = $1;
 const USER_SET_INACTIVE_QUERY string = `
 UPDATE ordr_user SET active = FALSE WHERE id = $1;
 `
+
+const USER_GET_TABLE_DATA string = `
+SELECT
+	id,
+	user_name,
+	job_position,
+	active,
+	is_admin
+FROM
+	ordr_user
+ORDER BY user_name
+OFFSET $2
+LIMIT $3;
+`