backend added struct merging and FieldPermissionsOnRoleId

internal/controllers/user_controller.go

@@ -91,9 +91,35 @@ func (uc *UserController) UpdateHandler(c *gin.Context) {
 	user = updateData.User
 
 	if !utils.HasPrivilige(requestUser, constants.Priviliges.Update) && user.ID != requestUser.ID {
-		utils.RespondWithError(c, errors.ErrNotAuthorized, "Not allowed to update user", http.StatusForbidden, "user.user", "server.error.unauthorized")
+		utils.RespondWithError(c, errors.ErrNotAuthorized, "Not allowed to update user", http.StatusUnauthorized, "user.user", "server.error.unauthorized")
 		return
 	}
+	existingUser, err := uc.Service.GetUserByID(user.ID)
+	if err != nil {
+		utils.RespondWithError(c, err, "Error finding an existing user", http.StatusNotFound, "user.user", "server.error.not_found")
+		return
+	}
+	// user.Membership.ID = existingUser.Membership.ID
+
+	// user.MembershipID = existingUser.MembershipID
+	// if existingUser.Licence != nil {
+	// 	user.Licence.ID = existingUser.Licence.ID
+	// }
+	// user.LicenceID = existingUser.LicenceID
+	// user.BankAccount.ID = existingUser.BankAccount.ID
+	// user.BankAccountID = existingUser.BankAccountID
+
+	if requestUser.RoleID <= constants.Priviliges.View {
+		existingUser.Password = ""
+		if err := utils.FilterAllowedStructFields(&user, existingUser, constants.MemberUpdateFields, ""); err != nil {
+			if err.Error() == "Not authorized" {
+				utils.RespondWithError(c, errors.ErrNotAuthorized, "Trying to update unauthorized fields", http.StatusUnauthorized, "user.user", "server.error.unauthorized")
+				return
+			}
+			utils.RespondWithError(c, err, "Error filtering users input fields", http.StatusInternalServerError, "user.user", "server.error.internal_server_error")
+			return
+		}
+	}
 
 	updatedUser, err := uc.Service.UpdateUser(&user)
 	if err != nil {