add: Privilige check

internal/constants/constants.go

@@ -1,31 +1,5 @@
 package constants
 
-type roles struct {
-	Member int8
-	Viewer int8
-	Editor int8
-	Admin  int8
-}
-
-type licences struct {
-	AM  string
-	A1  string
-	A2  string
-	A   string
-	B   string
-	C1  string
-	C   string
-	D1  string
-	D   string
-	BE  string
-	C1E string
-	CE  string
-	D1E string
-	DE  string
-	L   string
-	T   string
-}
-
 const (
 	UnverifiedStatus = iota + 1
 	VerifiedStatus
@@ -41,14 +15,36 @@ const (
 	MailContactSubject      = "Jemand hat das Kontaktformular gefunden"
 )
 
-var Roles = roles{
+var Roles = struct {
+	Member int8
+	Viewer int8
+	Editor int8
+	Admin  int8
+}{
 	Member: 0,
 	Viewer: 1,
 	Editor: 4,
 	Admin:  8,
 }
 
-var Licences = licences{
+var Licences = struct {
+	AM  string
+	A1  string
+	A2  string
+	A   string
+	B   string
+	C1  string
+	C   string
+	D1  string
+	D   string
+	BE  string
+	C1E string
+	CE  string
+	D1E string
+	DE  string
+	L   string
+	T   string
+}{
 	AM:  "AM",
 	A1:  "A1",
 	A2:  "A2",
@@ -67,6 +63,18 @@ var Licences = licences{
 	T:   "T",
 }
 
+var Priviliges = struct {
+	View   int8
+	Create int8
+	Update int8
+	Delete int8
+}{
+	View:   0,
+	Update: 10,
+	Create: 20,
+	Delete: 30,
+}
+
 const PRIV_VIEW = 1
 const PRIV_ADD = 2
 const PRIV_EDIT = 4

internal/controllers/controllers_test.go

@@ -258,7 +258,7 @@ func getBaseUser() models.User {
 		Phone:          "01738484993",
 		BankAccount:    models.BankAccount{IBAN: "DE89370400440532013000"},
 		Membership:     models.Membership{SubscriptionModel: models.SubscriptionModel{Name: "Basic"}},
-		Licence:        models.Licence{},
+		Licence:        nil,
 		ProfilePicture: "",
 		Password:       "password123",
 		Company:        "",

internal/controllers/licenceController.go

@@ -2,7 +2,7 @@ package controllers
 
 import (
 	"GoMembership/internal/services"
-	"GoMembership/pkg/logger"
+	"GoMembership/internal/utils"
 	"net/http"
 
 	"github.com/gin-gonic/gin"
@@ -17,14 +17,9 @@ func (lc *LicenceController) GetAllCategories(c *gin.Context) {
 	categories, err := lc.Service.GetAllCategories()
 
 	if err != nil {
-		logger.Error.Printf("Error retrieving licence categories: %v", err)
+		utils.RespondWithError(c, err, "Error retrieving licence categories", http.StatusInternalServerError, "general", "server.error.internal_server_error")
-		c.JSON(http.StatusInternalServerError, gin.H{"errors": []gin.H{{
-			"field": "general",
-			"key":   "validation.internal_server_error",
-		}}})
 		return
 	}
-	logger.Error.Printf("categories: %v", categories)
 	c.JSON(http.StatusOK, gin.H{
 		"licence_categories": categories,
 	})

internal/controllers/user_controller.go

@@ -7,12 +7,13 @@ import (
 	"GoMembership/internal/models"
 	"GoMembership/internal/services"
 	"GoMembership/internal/utils"
+	"GoMembership/internal/validation"
+	"fmt"
 	"strings"
 
 	"net/http"
 
 	"github.com/gin-gonic/gin"
-	"github.com/go-playground/validator/v10"
 
 	"GoMembership/pkg/errors"
 	"GoMembership/pkg/logger"
@@ -32,49 +33,21 @@ type RegistrationData struct {
 }
 
 func (uc *UserController) CurrentUserHandler(c *gin.Context) {
-	userIDInterface, ok := c.Get("user_id")
+	requestUser, err := uc.extractUserFromContext(c)
-	if !ok || userIDInterface == nil {
-		logger.Error.Printf("Error getting user_id from header")
-		c.JSON(http.StatusInternalServerError, gin.H{"errors": []gin.H{{
-			"field": "general",
-			"key":   "server.validation.no_user_id_provided",
-		}}})
-		return
-	}
-	userID, ok := userIDInterface.(uint)
-
-	if !ok {
-		logger.Error.Printf("Error: user_id is not of type uint")
-		c.JSON(http.StatusInternalServerError, gin.H{"errors": []gin.H{{
-			"field": "user",
-			"key":   "server.error.internal_server_error",
-		}}})
-		return
-	}
-
-	user, err := uc.Service.GetUserByID(uint(userID))
 	if err != nil {
-		logger.Error.Printf("Error retrieving valid user: %v", err)
+		utils.RespondWithError(c, err, "Error extracting user from context in CurrentUserHandler", http.StatusBadRequest, "general", "server.error.internal_server_error")
-		c.JSON(http.StatusInternalServerError, gin.H{"errors": []gin.H{{
-			"field": "general",
-			"key":   "server.error.internal_server_error",
-		}}})
 		return
 	}
 
 	c.JSON(http.StatusOK, gin.H{
-		"user": user.Safe(),
+		"user": requestUser.Safe(),
 	})
 }
 
 func (uc *UserController) GetAllUsers(c *gin.Context) {
 	users, err := uc.Service.GetUsers(nil)
 	if err != nil {
-		logger.Error.Printf("Error retrieving users: %v", err)
+		utils.RespondWithError(c, err, "Error getting users in GetAllUsers", http.StatusInternalServerError, "user", "server.error.internal_server_error")
-		c.JSON(http.StatusInternalServerError, gin.H{"errors": []gin.H{{
-			"field": "general",
-			"key":   "server.error.internal_server_error",
-		}}})
 		return
 	}
 
@@ -84,113 +57,59 @@ func (uc *UserController) GetAllUsers(c *gin.Context) {
 }
 
 func (uc *UserController) UpdateHandler(c *gin.Context) {
+	// 1. Extract and validate the user ID from the route
+	requestUser, err := uc.extractUserFromContext(c)
+	if err != nil {
+		utils.RespondWithError(c, err, "Error extracting user from context in UpdateHandler", http.StatusBadRequest, "general", "server.validation.no_auth_tokenw")
+		return
+	}
+
 	var user models.User
 	if err := c.ShouldBindJSON(&user); err != nil {
-		logger.Error.Printf("Couldn't decode input: %v", err)
+		utils.HandleValidationError(c, err)
-		var validationErrors []gin.H
-		if ve, ok := err.(validator.ValidationErrors); ok {
-			for _, e := range ve {
-
-				validationErrors = append(validationErrors, gin.H{
-					"field": e.Field(),
-					"key":   "server.validation." + e.Tag(),
-				})
-			}
-		} else {
-			validationErrors = append(validationErrors, gin.H{
-				"field": "general",
-				"key":   "server.error.invalid_json",
-			})
-		}
-		logger.Error.Printf("ValidationErrors: %#v", validationErrors)
-		c.JSON(http.StatusBadRequest, gin.H{"errors": validationErrors})
-		c.Abort()
-		return
-	}
-	logger.Error.Print("Continuing...")
-	tokenString, err := c.Cookie("jwt")
-	if err != nil {
-		logger.Error.Printf("No Auth token: %v\n", err)
-		c.JSON(http.StatusUnauthorized, gin.H{"errors": []gin.H{{
-			"field": "general",
-			"key":   "server.error.no_auth_token",
-		}}})
-		c.Abort()
-		return
-	}
-	_, claims, err := middlewares.ExtractContentFrom(tokenString)
-	if err != nil {
-
-		logger.Error.Printf("Error retrieving token and claims from JWT")
-		c.JSON(http.StatusInternalServerError, gin.H{"errors": []gin.H{{
-			"field": "general",
-			"key":   "server.error.jwt_parsing_error",
-		}}})
-		return
-	}
-	jwtUserID := uint((*claims)["user_id"].(float64))
-	userRole := int8((*claims)["role_id"].(float64))
-
-	if user.ID == 0 {
-		logger.Error.Printf("No User.ID in request from user with id: %v, aborting", jwtUserID)
-		c.JSON(http.StatusBadRequest, gin.H{"errors": []gin.H{{
-			"field": "id",
-			"key":   "server.validation.no_user_id_provided",
-		}}})
-		return
-	}
-	if user.ID != jwtUserID && userRole < constants.Roles.Editor {
-		c.JSON(http.StatusForbidden, gin.H{"errors": []gin.H{{
-			"field": "general",
-			"key":   "server.error.unauthorized_update",
-		}}})
 		return
 	}
 
+	if !utils.HasPrivilige(requestUser, constants.Priviliges.Update) && user.ID != requestUser.ID {
+		utils.RespondWithError(c, errors.ErrNotAuthorized, "Not allowed to update user", http.StatusForbidden, "user", "server.error.unauthorized")
+		return
+	}
+
+	// Validate subscription model
 	selectedModel, err := uc.MembershipService.GetModelByName(&user.Membership.SubscriptionModel.Name)
 	if err != nil {
-		logger.Error.Printf("%v:No subscription model found: %#v", user.Email, err)
+		utils.RespondWithError(c, err, "Error in UpdateHandler", http.StatusNotFound, "subscription_model", "server.validation.subscription_model_not_found")
-		c.JSON(http.StatusNotFound, gin.H{"errors": []gin.H{{
-			"field": "subscription_model",
-			"key":   "server.validation.invalid_subscription_model",
-		}}})
 		return
 	}
 	user.Membership.SubscriptionModel = *selectedModel
-	// TODO: If it's not an admin, prevent changes to critical fields
-	// if userRole != constants.Roles.Admin {
-	// 	existingUser, err := uc.Service.GetUserByID(jwtUserID)
-	// 	if err != nil {
-	// 		c.JSON(http.StatusInternalServerError, gin.H{"error": "Error retrieving user data"})
-	// 		return
-	// 	}
-	// 	user.Email = existingUser.Email
-	// 	user.RoleID = existingUser.RoleID
-	// }
-	updatedUser, err := uc.Service.UpdateUser(&user, userRole)
 
+	updatedUser, err := uc.Service.UpdateUser(&user)
 	if err != nil {
-		switch err {
+		utils.HandleUpdateError(c, err)
-		case errors.ErrUserNotFound:
-			c.JSON(http.StatusNotFound, gin.H{"errors": []gin.H{{
-				"field": user.FirstName + " " + user.LastName,
-				"key":   "server.validation.user_not_found",
-			}}})
-		case errors.ErrInvalidUserData:
-			c.JSON(http.StatusBadRequest, gin.H{"errors": []gin.H{{
-				"field": "user",
-				"key":   "server.validation.invalid_user_data",
-			}}})
-		default:
-			logger.Error.Printf("Failed to update user: %v", err)
-			c.JSON(http.StatusInternalServerError, gin.H{"errors": []gin.H{{
-				"field": "general",
-				"key":   "server.error.internal_server_error",
-			}}})
 		return
 	}
+
+	logger.Info.Printf("User %d updated successfully by user %d", updatedUser.ID, requestUser.ID)
+
+	c.JSON(http.StatusAccepted, gin.H{"message": "User updated successfully", "user": updatedUser.Safe()})
+}
+
+func (uc *UserController) extractUserFromContext(c *gin.Context) (*models.User, error) {
+
+	tokenString, err := c.Cookie("jwt")
+	if err != nil {
+		return nil, err
 	}
-	c.JSON(http.StatusAccepted, gin.H{"message": "User updated successfully", "user": updatedUser})
+	_, claims, err := middlewares.ExtractContentFrom(tokenString)
+	if err != nil {
+		return nil, err
+	}
+	jwtUserID := uint((*claims)["user_id"].(float64))
+	user, err := uc.Service.GetUserByID(jwtUserID)
+	if err != nil {
+		return nil, err
+	}
+	return user, nil
 }
 
 func (uc *UserController) LogoutHandler(c *gin.Context) {
@@ -212,51 +131,36 @@ func (uc *UserController) LoginHandler(c *gin.Context) {
 	}
 
 	if err := c.ShouldBindJSON(&input); err != nil {
-		logger.Error.Printf("Couldn't decode input: %v", err.Error())
+		utils.RespondWithError(c, err, "Error in LoginHandler", http.StatusBadRequest, "general", "server.validation.invalid_json")
-		c.JSON(http.StatusBadRequest, gin.H{"errors": []gin.H{{
-			"field": "general",
-			"key":   "server.error.invalid_json",
-		}}})
 		return
 	}
 
 	user, err := uc.Service.GetUserByEmail(input.Email)
 	if err != nil {
-		logger.Error.Printf("Error during user(%v) retrieval: %v\n", input.Email, err)
+		utils.RespondWithError(c, err, "Login Error; user not found", http.StatusNotFound,
-		c.JSON(http.StatusNotFound, gin.H{"errors": []gin.H{{
+			errors.Responses.Fields.Login,
-			"field": "login",
+			errors.Responses.Keys.UserNotFoundWrongPassword)
-			"key":   "server.validation.user_not_found_or_wrong_password",
-		}}})
 		return
 	}
 
 	ok, err := user.PasswordMatches(input.Password)
 	if err != nil {
-
+		utils.RespondWithError(c, err, "Login Error; password comparisson failed", http.StatusInternalServerError, errors.Responses.Fields.General, errors.Responses.Keys.InternalServerError)
-		logger.Error.Printf("Error during Password comparison: %v", err.Error())
-		c.JSON(http.StatusInternalServerError, gin.H{"errors": []gin.H{{
-			"field": "general",
-			"key":   "server.error.internal_server_error",
-		}}})
 		return
 	}
 	if !ok {
-
+		utils.RespondWithError(c, fmt.Errorf("%v %v", user.FirstName, user.LastName),
-		logger.Error.Printf("Wrong Password: %v %v", user.FirstName, user.LastName)
+			"Login Error; wrong password",
-		c.JSON(http.StatusNotAcceptable, gin.H{"errors": []gin.H{{
+			http.StatusNotAcceptable,
-			"field": "login",
+			errors.Responses.Fields.Login,
-			"key":   "server.validation.user_not_found_or_wrong_password",
+			errors.Responses.Keys.UserNotFoundWrongPassword)
-		}}})
 		return
 	}
 
-	logger.Error.Printf("jwtsevret: %v", config.Auth.JWTSecret)
+	logger.Error.Printf("jwtsecret: %v", config.Auth.JWTSecret)
 	token, err := middlewares.GenerateToken(config.Auth.JWTSecret, user, "")
 	if err != nil {
-		c.JSON(http.StatusInternalServerError, gin.H{"errors": []gin.H{{
+		utils.RespondWithError(c, err, "Error generating token in LoginHandler", http.StatusInternalServerError, errors.Responses.Fields.General, errors.Responses.Keys.JwtGenerationFailed)
-			"field": "general",
-			"key":   "server.error.jwt_generation_failed",
-		}}})
 		return
 	}
 
@@ -272,36 +176,23 @@ func (uc *UserController) RegisterUser(c *gin.Context) {
 	var regData RegistrationData
 
 	if err := c.ShouldBindJSON(&regData); err != nil {
-		logger.Error.Printf("Couldn't decode Userdata: %v", err)
+		utils.HandleValidationError(c, err)
-		var validationErrors []gin.H
-		if ve, ok := err.(validator.ValidationErrors); ok {
-			for _, e := range ve {
-				validationErrors = append(validationErrors, gin.H{
-					"field": e.Field(),
-					"key":   "server.validation." + e.Tag(),
-				})
-			}
-		} else {
-			validationErrors = append(validationErrors, gin.H{
-				"field": "general",
-				"key":   "server.error.invalid_json",
-			})
-		}
-		c.JSON(http.StatusBadRequest, gin.H{"error": validationErrors})
 		return
 	}
 
+	logger.Info.Printf("Registering user %v", regData.User.Email)
 	selectedModel, err := uc.MembershipService.GetModelByName(&regData.User.Membership.SubscriptionModel.Name)
 	if err != nil {
-		logger.Error.Printf("%v:No subscription model found: %#v", regData.User.Email, err)
+		utils.RespondWithError(c, err, "Error in Registeruser, couldn't get selected model", http.StatusNotFound, "subscription_model", "server.validation.subscription_model_not_found")
-		c.JSON(http.StatusNotFound, gin.H{"errors": []gin.H{{
-			"field": "subscription_model",
-			"key":   "server.validation.invalid_subscription_model",
-		}}})
 		return
 	}
 	regData.User.Membership.SubscriptionModel = *selectedModel
-
+	if selectedModel.RequiredMembershipField != "" {
+		if err := validation.CheckParentMembershipID(regData.User.Membership); err != nil {
+			utils.RespondWithError(c, err, "Error in RegisterUser, couldn't check parent membership id", http.StatusBadRequest, "parent_membership_id", "server.validation.parent_membership_id_not_found")
+			return
+		}
+	}
 	regData.User.RoleID = constants.Roles.Member
 
 	// Register User
@@ -309,16 +200,9 @@ func (uc *UserController) RegisterUser(c *gin.Context) {
 	if err != nil {
 		logger.Error.Printf("Couldn't register User(%v): %v", regData.User.Email, err)
 		if strings.Contains(err.Error(), "UNIQUE constraint failed: users.email") {
-			c.JSON(http.StatusConflict, gin.H{"errors": []gin.H{{
+			utils.RespondWithError(c, err, "Error in RegisterUser, couldn't register user", http.StatusConflict, "email", "server.validation.email_already_exists")
-				"field": "email",
-				"key":   "server.validation.email_already_registered",
-			}}})
 		} else {
-			logger.Error.Printf("Failed to register user: %v", err)
+			utils.RespondWithError(c, err, "Error in RegisterUser, couldn't register user", http.StatusConflict, "general", "server.error.internal_server_error")
-			c.JSON(http.StatusInternalServerError, gin.H{"errors": []gin.H{{
-				"field": "general",
-				"key":   "server.error.internal_server_error",
-			}}})
 		}
 		return
 	}
@@ -342,11 +226,7 @@ func (uc *UserController) RegisterUser(c *gin.Context) {
 	for _, consent := range consents {
 		_, err = uc.ConsentService.RegisterConsent(&consent)
 		if err != nil {
-			logger.Error.Printf("%v, Couldn't register consent: %v", regData.User.Email, err)
+			utils.RespondWithError(c, err, "Error in RegisterUser, couldn't register consent", http.StatusInternalServerError, "general", "server.error.internal_server_error")
-			c.JSON(http.StatusInternalServerError, gin.H{"errors": []gin.H{{
-				"field": "general",
-				"key":   "server.error.internal_server_error",
-			}}})
 			return
 		}
 	}
@@ -355,12 +235,14 @@ func (uc *UserController) RegisterUser(c *gin.Context) {
 	if err := uc.EmailService.SendVerificationEmail(&regData.User, &token); err != nil {
 		logger.Error.Printf("Failed to send email verification email to user(%v): %v", regData.User.Email, err)
 		// Proceed without returning error since user registration is successful
+		// TODO Notify Admin
 	}
 
 	// Notify admin of new user registration
 	if err := uc.EmailService.SendRegistrationNotification(&regData.User); err != nil {
 		logger.Error.Printf("Failed to notify admin of new user(%v) registration: %v", regData.User.Email, err)
 		// Proceed without returning error since user registration is successful
+		// TODO Notify Admin
 	}
 	c.JSON(http.StatusCreated, gin.H{
 		"message": "Registration successuful",

internal/controllers/user_controller_test.go

@@ -221,8 +221,8 @@ func testLoginHandler(t *testing.T) (string, http.Cookie) {
 					}
 					assert.NotEmpty(t, loginCookie)
 				} else {
-					assert.Contains(t, response, "error")
+					assert.Contains(t, response, "errors")
-					assert.NotEmpty(t, response["error"])
+					assert.NotEmpty(t, response["errors"])
 				}
 			})
 
@@ -425,7 +425,14 @@ func testUpdateUser(t *testing.T, loginCookie http.Cookie) {
 		t.Fatalf("Failed to get test user: %v", err)
 	}
 	user := (*users)[0]
-
+	if user.Licence == nil {
+		user.Licence = &models.Licence{
+			Number:         "Z021AB37X13",
+			ExpirationDate: time.Now().UTC().AddDate(1, 0, 0),
+			IssuedDate:     time.Now().UTC().AddDate(-1, 0, 0),
+			IssuingCountry: "Deutschland",
+		}
+	}
 	tests := []struct {
 		name           string
 		setupCookie    func(*http.Request)
@@ -578,7 +585,7 @@ func testUpdateUser(t *testing.T, loginCookie http.Cookie) {
 			},
 			expectedStatus: http.StatusForbidden,
 			expectedErrors: []map[string]string{
-				{"field": "general", "key": "server.error.unauthorized_update"},
+				{"field": "user", "key": "server.error.unauthorized"},
 			},
 		},
 		{
@@ -616,6 +623,7 @@ func testUpdateUser(t *testing.T, loginCookie http.Cookie) {
 		t.Run(tt.name, func(t *testing.T) {
 			// Create a copy of the user and apply the updates
 			updatedUser := user
+			logger.Error.Printf("user to be updated: %+v", user.Licence)
 			tt.updateFunc(&updatedUser)
 			// Convert user to JSON
 			jsonData, err := json.Marshal(updatedUser)
@@ -713,9 +721,6 @@ func testUpdateUser(t *testing.T, loginCookie http.Cookie) {
 				assert.Equal(t, updatedUser.Membership.SubscriptionModelID, updatedUserFromDB.Membership.SubscriptionModelID, "Membership.SubscriptionModelID mismatch")
 				assert.Equal(t, updatedUser.Membership.ParentMembershipID, updatedUserFromDB.Membership.ParentMembershipID, "Membership.ParentMembershipID mismatch")
 
-				if updatedUser.Licence.Status == 0 {
-					updatedUser.Licence.Status = constants.UnverifiedStatus
-				}
 				assert.Equal(t, updatedUser.Licence.Status, updatedUserFromDB.Licence.Status, "Licence.Status mismatch")
 				assert.Equal(t, updatedUser.Licence.Number, updatedUserFromDB.Licence.Number, "Licence.Number mismatch")
 				assert.Equal(t, updatedUser.Licence.IssuedDate, updatedUserFromDB.Licence.IssuedDate, "Licence.IssuedDate mismatch")
@@ -1094,7 +1099,11 @@ func getTestUsers() []RegisterUserTest {
 			Assert:       false,
 			Input: GenerateInputJSON(customizeInput(func(user models.User) models.User {
 				user.Email = "john.wronglicence.doe@example.com"
-				user.Licence.Number = "AAAA12345AA"
+				user.Licence = &models.Licence{
+					Number:         "AAAA12345AA",
+					ExpirationDate: time.Now().AddDate(1, 0, 0),
+					IssuedDate:     time.Now().AddDate(-1, 0, 0),
+				}
 				return user
 			})),
 		},
@@ -1105,7 +1114,11 @@ func getTestUsers() []RegisterUserTest {
 			Assert:       true,
 			Input: GenerateInputJSON(customizeInput(func(user models.User) models.User {
 				user.Email = "john.correctLicenceNumber@example.com"
-				user.Licence.Number = "B072RRE2I55"
+				user.Licence = &models.Licence{
+					Number:         "B072RRE2I55",
+					ExpirationDate: time.Now().AddDate(1, 0, 0),
+					IssuedDate:     time.Now().AddDate(-1, 0, 0),
+				}
 				return user
 			})),
 		},

internal/database/db.go

@@ -51,9 +51,15 @@ func Open(dbPath string, adminMail string) error {
 
 	var subscriptionsCount int64
 	db.Model(&models.SubscriptionModel{}).Count(&subscriptionsCount)
-	if subscriptionsCount == 0 {
 	subscriptionModels := createSubscriptionModels()
 	for _, model := range subscriptionModels {
+		var exists int64
+		db.
+			Model(&models.SubscriptionModel{}).
+			Where("name = ?", model.Name).
+			Count(&exists)
+		logger.Error.Printf("looked for model.name %v and found %v", model.Name, exists)
+		if exists == 0 {
 			result := db.Create(&model)
 			if result.Error != nil {
 				return result.Error
@@ -154,7 +160,7 @@ func createAdmin(userMail string, subscriptionModelID uint) (*models.User, error
 			SubscriptionModelID: subscriptionModelID,
 		},
 		BankAccount: models.BankAccount{},
-		Licence: models.Licence{
+		Licence: &models.Licence{
 			Status: constants.UnverifiedStatus,
 		},
 	}, nil

internal/models/bank_account.go

@@ -8,8 +8,8 @@ type BankAccount struct {
 	MandateDateSigned time.Time `gorm:"not null" json:"mandate_date_signed"`
 	Bank              string    `json:"bank_name" binding:"omitempty,alphanumunicode,safe_content"`
 	AccountHolderName string    `json:"account_holder_name" binding:"omitempty,alphaunicode,safe_content"`
-	IBAN              string    `gorm:"not null" json:"iban" binding:"iban"`
+	IBAN              string    `json:"iban"`
-	BIC               string    `json:"bic" binding:"omitempty,bic"`
+	BIC               string    `json:"bic"`
 	MandateReference  string    `gorm:"not null" json:"mandate_reference"`
 	ID                uint      `gorm:"primaryKey"`
 }

internal/models/drivers_licence.go

@@ -7,11 +7,11 @@ import (
 type Licence struct {
 	ID             uint       `json:"id" gorm:"primaryKey"`
 	Status         int8       `json:"status" binding:"omitempty,number"`
-	Number         string     `json:"number" binding:"omitempty,euDriversLicence,safe_content"`
+	Number         string     `json:"number" binding:"omitempty,safe_content"`
-	IssuedDate     time.Time  `json:"issued_date" binding:"omitempty,lte"`
+	IssuedDate     time.Time  `json:"issued_date" binding:"omitempty"`
-	ExpirationDate time.Time  `json:"expiration_date" binding:"omitempty,gt"`
+	ExpirationDate time.Time  `json:"expiration_date" binding:"omitempty"`
 	IssuingCountry string     `json:"country" binding:"safe_content"`
-	Categories     []Category `json:"licence_categories" gorm:"many2many:licence_2_categories"`
+	Categories     []Category `json:"categories" gorm:"many2many:licence_2_categories"`
 }
 
 type Category struct {

internal/models/user.go

@@ -29,7 +29,7 @@ type User struct {
 	VerificationID uint
 	Membership     Membership `gorm:"constraint:OnUpdate:CASCADE,OnDelete:CASCADE;" json:"membership"`
 	MembershipID   uint
-	Licence        Licence `gorm:"constraint:OnUpdate:CASCADE,OnDelete:CASCADE;" json:"licence"`
+	Licence        *Licence `gorm:"constraint:OnUpdate:CASCADE,OnDelete:CASCADE;" json:"licence"`
 	LicenceID      uint
 	ID             uint `json:"id"`
 	PaymentStatus  int8 `json:"payment_status"`
@@ -60,7 +60,7 @@ func (u *User) PasswordMatches(plaintextPassword string) (bool, error) {
 }
 
 func (u *User) Safe() map[string]interface{} {
-	return map[string]interface{}{
+	result := map[string]interface{}{
 		"email":         u.Email,
 		"first_name":    u.FirstName,
 		"last_name":     u.LastName,
@@ -90,6 +90,9 @@ func (u *User) Safe() map[string]interface{} {
 				"included_per_month": u.Membership.SubscriptionModel.IncludedPerMonth,
 			},
 		},
+		"licence": map[string]interface{}{
+			"id": 0,
+		},
 		"bank_account": map[string]interface{}{
 			"id":                  u.BankAccount.ID,
 			"mandate_date_signed": u.BankAccount.MandateDateSigned,
@@ -99,7 +102,10 @@ func (u *User) Safe() map[string]interface{} {
 			"bic":                 u.BankAccount.BIC,
 			"mandate_reference":   u.BankAccount.MandateReference,
 		},
-		"licence": map[string]interface{}{
+	}
+
+	if u.Licence != nil {
+		result["licence"] = map[string]interface{}{
 			"id":                 u.Licence.ID,
 			"number":             u.Licence.Number,
 			"status":             u.Licence.Status,
@@ -107,6 +113,8 @@ func (u *User) Safe() map[string]interface{} {
 			"expiration_date":    u.Licence.ExpirationDate,
 			"country":            u.Licence.IssuingCountry,
 			"licence_categories": u.Licence.Categories,
-		},
 		}
+	}
+
+	return result
 }

internal/repositories/licence_repository.go

@@ -26,6 +26,6 @@ func (r *LicenceRepository) FindCategoriesByIDs(ids []uint) ([]models.Category,
 
 func (r *LicenceRepository) FindCategoryByName(categoryName string) (models.Category, error) {
 	var category models.Category
-	err := database.DB.Where("category = ?", categoryName).First(&category).Error
+	err := database.DB.Where("name = ?", categoryName).First(&category).Error
 	return category, err
 }

internal/repositories/user_repository.go

@@ -42,7 +42,8 @@ func (ur *UserRepository) UpdateUser(user *models.User) (*models.User, error) {
 	err := database.DB.Transaction(func(tx *gorm.DB) error {
 		// Check if the user exists in the database
 		var existingUser models.User
-		if err := tx.Preload("Licence.Categories").
+		if err := tx.Preload("Licence").
+			Preload("Licence.Categories").
 			Preload("Membership").
 			First(&existingUser, user.ID).Error; err != nil {
 			return err
@@ -56,13 +57,29 @@ func (ur *UserRepository) UpdateUser(user *models.User) (*models.User, error) {
 			return errors.ErrNoRowsAffected
 		}
 
-		// Handle the update of the LicenceCategories explicitly
+		// Handle the update or creation of Licence and its Categories
-		if user.Licence.ID != 0 {
+		// if user.Licence != nil {
-			// Replace the Categories with the new list
+		// 	if existingUser.Licence == nil {
-			if err := tx.Model(&existingUser.Licence).Association("Categories").Replace(user.Licence.Categories); err != nil {
+		// 		// Create new Licence if it doesn't exist
-				return err
+		// 		logger.Error.Printf("Licence creation: %+v", user.Licence)
-			}
+		// 		if err := tx.Create(user.Licence).Error; err != nil {
-		}
+		// 			return err
+		// 		}
+		// 		// Update user with new licence ID
+		// 		// if err := tx.Model(&existingUser).Update("licence_id", user.Licence.ID).Error; err != nil {
+		// 		// 	return err
+		// 		// }
+		// 	} else {
+		// 		// Update existing licence
+		// 		if err := tx.Model(&existingUser.Licence).Updates(user.Licence).Error; err != nil {
+		// 			return err
+		// 		}
+		// 	}
+		// 	// Replace the Categories with the new list
+		// 	if err := tx.Model(&existingUser.Licence).Association("Categories").Replace(user.Licence.Categories); err != nil {
+		// 		return err
+		// 	}
+		// }
 
 		// Update the Membership if provided
 		if user.Membership.ID != 0 {
@@ -71,13 +88,6 @@ func (ur *UserRepository) UpdateUser(user *models.User) (*models.User, error) {
 			}
 		}
 
-		// Update the Licence fields if provided
-		if user.Licence.ID != 0 {
-			if err := tx.Model(&existingUser.Licence).Updates(user.Licence).Error; err != nil {
-				return err
-			}
-		}
-
 		return nil
 	})
 

internal/routes/routes.go

@@ -18,7 +18,7 @@ func RegisterRoutes(router *gin.Engine, userController *controllers.UserControll
 	apiRouter := router.Group("/api")
 	apiRouter.Use(middlewares.APIKeyMiddleware())
 	{
-		router.POST("/v1/subscription", membershipcontroller.RegisterSubscription)
+		apiRouter.POST("/v1/subscription", membershipcontroller.RegisterSubscription)
 	}
 
 	userRouter := router.Group("/backend/users")

internal/services/user_service.go

@@ -23,7 +23,7 @@ type UserServiceInterface interface {
 	GetUserByID(id uint) (*models.User, error)
 	GetUsers(where map[string]interface{}) (*[]models.User, error)
 	VerifyUser(token *string) (*models.User, error)
-	UpdateUser(user *models.User, userRole int8) (*models.User, error)
+	UpdateUser(user *models.User) (*models.User, error)
 }
 
 type UserService struct {
@@ -31,17 +31,20 @@ type UserService struct {
 	Licences repositories.LicenceInterface
 }
 
-func (service *UserService) UpdateUser(user *models.User, userRole int8) (*models.User, error) {
+func (service *UserService) UpdateUser(user *models.User) (*models.User, error) {
+
+	if user.ID == 0 {
+		return nil, errors.ErrUserNotFound
+	}
 
 	if user.Password != "" {
 		setPassword(user.Password, user)
 	}
 
-	user.UpdatedAt = time.Now()
+	// if user.Licence.Status == 0 {
-	if user.Licence.Status == 0 {
+	// 	// This is a new drivers licence
-		// This is a new drivers licence
+	// 	user.Licence.Status = constants.UnverifiedStatus
-		user.Licence.Status = constants.UnverifiedStatus
+	// }
-	}
 
 	updatedUser, err := service.Repo.UpdateUser(user)
 
@@ -66,7 +69,9 @@ func (service *UserService) RegisterUser(user *models.User) (uint, string, error
 	user.CreatedAt = time.Now()
 	user.UpdatedAt = time.Now()
 	user.PaymentStatus = constants.AwaitingPaymentStatus
-	user.Licence.Status = constants.UnverifiedStatus
+	// if user.Licence == nil {
+	// 	user.Licence = &models.Licence{Status: constants.UnverifiedStatus}
+	// }
 	user.BankAccount.MandateDateSigned = time.Now()
 	id, err := service.Repo.CreateUser(user)
 

internal/utils/priviliges.go

@@ -0,0 +1,22 @@
+package utils
+
+import (
+	"GoMembership/internal/constants"
+	"GoMembership/internal/models"
+)
+
+func HasPrivilige(user *models.User, privilige int8) bool {
+	switch privilige {
+	case constants.Priviliges.View:
+		return user.RoleID >= constants.Roles.Viewer
+	case constants.Priviliges.Update:
+		return user.RoleID >= constants.Roles.Editor
+	case constants.Priviliges.Create:
+		return user.RoleID >= constants.Roles.Editor
+	case constants.Priviliges.Delete:
+		return user.RoleID >= constants.Roles.Editor
+	default:
+		return false
+	}
+
+}

internal/utils/response_handler.go

@@ -1,35 +1,48 @@
 package utils
 
 import (
-	"encoding/json"
+	"GoMembership/pkg/errors"
+	"GoMembership/pkg/logger"
 	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/go-playground/validator/v10"
 )
 
-type ResponseHandler struct {
+func RespondWithError(c *gin.Context, err error, context string, code int, field string, key string) {
-	Writer http.ResponseWriter
+	logger.Error.Printf("Sending %v Error Response(Field: %v Key: %v) %v: %v", code, field, key, context, err.Error())
+	c.JSON(code, gin.H{"errors": []gin.H{{
+		"field": field,
+		"key":   key,
+	}}})
 }
 
-type Response struct {
+func HandleValidationError(c *gin.Context, err error) {
-	Status  string `json:"status"`
+	var validationErrors []gin.H
-	Message string `json:"message"`
+	logger.Error.Printf("Sending validation error response Error %v", err.Error())
-}
+	if ve, ok := err.(validator.ValidationErrors); ok {
-
+		for _, e := range ve {
-func NewResponseHandler(w http.ResponseWriter) *ResponseHandler {
+			validationErrors = append(validationErrors, gin.H{
-	return &ResponseHandler{Writer: w}
+				"field": e.Field(),
-}
+				"key":   "server.validation." + e.Tag(),
-
+			})
-func (rh *ResponseHandler) RespondWithError(code int, message string) {
-	response := Response{
-		Status:  "error",
-		Message: message,
 		}
-	rh.Writer.Header().Set("Content-Type", "application/json")
+	} else {
-	rh.Writer.WriteHeader(code)
+		validationErrors = append(validationErrors, gin.H{
-	json.NewEncoder(rh.Writer).Encode(response)
+			"field": "general",
+			"key":   "server.error.invalid_json",
+		})
+	}
+	c.JSON(http.StatusBadRequest, gin.H{"errors": validationErrors})
 }
 
-func (rh *ResponseHandler) RespondWithJSON(code int, payload interface{}) {
+func HandleUpdateError(c *gin.Context, err error) {
-	rh.Writer.Header().Set("Content-Type", "application/json")
+	switch err {
-	rh.Writer.WriteHeader(code)
+	case errors.ErrUserNotFound:
-	json.NewEncoder(rh.Writer).Encode(payload)
+		RespondWithError(c, err, "Error while updating user", http.StatusNotFound, "user", "server.validation.user_not_found")
+	case errors.ErrInvalidUserData:
+		RespondWithError(c, err, "Error while updating user", http.StatusBadRequest, "user", "server.validation.invalid_user_data")
+	default:
+		RespondWithError(c, err, "Error while updating user", http.StatusInternalServerError, "user", "server.error.internal_server_error")
+	}
 }

internal/validation/DriversLicence_validation.go

@@ -1,13 +1,27 @@
 package validation
 
 import (
+	"GoMembership/internal/models"
 	"strconv"
+	"time"
 
 	"github.com/go-playground/validator/v10"
 )
 
-func ValidateLicence(fl validator.FieldLevel) bool {
+func validateDriverslicence(sl validator.StructLevel) {
-	fieldValue := fl.Field().String()
+	dl := sl.Current().Interface().(models.User).Licence
+	if !validateLicence(dl.Number) {
+		sl.ReportError(dl.Number, "licence_number", "", "invalid", "")
+	}
+	if dl.IssuedDate.After(time.Now()) {
+		sl.ReportError(dl.IssuedDate, "issued_date", "", "invalid", "")
+	}
+	if dl.ExpirationDate.Before(time.Now().AddDate(0, 0, 3)) {
+		sl.ReportError(dl.ExpirationDate, "expiration_date", "", "too_soon", "")
+	}
+}
+
+func validateLicence(fieldValue string) bool {
 	if len(fieldValue) != 11 {
 		return false
 	}

internal/validation/bankAccount_validation.go

@@ -1,19 +1,27 @@
 package validation
 
 import (
+	"GoMembership/internal/models"
+
 	"github.com/go-playground/validator/v10"
 	"github.com/jbub/banking/iban"
 	"github.com/jbub/banking/swift"
 )
 
-func IBANValidator(fl validator.FieldLevel) bool {
+func validateBankAccount(sl validator.StructLevel) {
-	fieldValue := fl.Field().String()
+	ba := sl.Current().Interface().(models.User).BankAccount
+	if !ibanValidator(ba.IBAN) {
+		sl.ReportError(ba.IBAN, "IBAN", "BankAccount.IBAN", "required", "")
+	}
+	if ba.BIC != "" && !bicValidator(ba.BIC) {
+		sl.ReportError(ba.IBAN, "IBAN", "BankAccount.IBAN", "required", "")
+	}
+}
 
+func ibanValidator(fieldValue string) bool {
 	return iban.Validate(fieldValue) == nil
 }
 
-func BICValidator(fl validator.FieldLevel) bool {
+func bicValidator(fieldValue string) bool {
-	fieldValue := fl.Field().String()
-
 	return swift.Validate(fieldValue) == nil
 }

internal/validation/membership_validation.go

@@ -3,28 +3,40 @@ package validation
 import (
 	"GoMembership/internal/models"
 	"GoMembership/internal/repositories"
+	"GoMembership/pkg/errors"
+	"GoMembership/pkg/logger"
 
 	"github.com/go-playground/validator/v10"
 )
 
-func validateMembership(sl validator.StructLevel, membership models.Membership) {
+func validateMembership(sl validator.StructLevel) {
+	membership := sl.Current().Interface().(models.User).Membership
 	if membership.SubscriptionModel.RequiredMembershipField != "" {
 		switch membership.SubscriptionModel.RequiredMembershipField {
 		case "ParentMembershipID":
-			if membership.ParentMembershipID == 0 {
+			if err := CheckParentMembershipID(membership); err != nil {
+				logger.Error.Printf(err.Error())
 				sl.ReportError(membership.ParentMembershipID, membership.SubscriptionModel.RequiredMembershipField,
-					"RequiredMembershipField", "required", "")
+					"RequiredMembershipField", "invalid", "")
-			} else {
-				_, err := repositories.GetUserByID(&membership.ParentMembershipID)
-				if err != nil {
-					sl.ReportError(membership.ParentMembershipID, membership.SubscriptionModel.RequiredMembershipField,
-						"RequiredMembershipField", "user_id_not_found", "")
-				}
 			}
 		default:
+			logger.Error.Printf(errors.ErrInvalidValue.Error())
 			sl.ReportError(membership.ParentMembershipID, membership.SubscriptionModel.RequiredMembershipField,
 				"RequiredMembershipField", "not_implemented", "")
 		}
 
 	}
 }
+
+func CheckParentMembershipID(membership models.Membership) error {
+
+	if membership.ParentMembershipID == 0 {
+		return errors.ValErrParentIDNotSet
+	} else {
+		_, err := repositories.GetUserByID(&membership.ParentMembershipID)
+		if err != nil {
+			return errors.ValErrParentIDNotFound
+		}
+	}
+	return nil
+}

internal/validation/setup.go

@@ -12,9 +12,6 @@ func SetupValidators() {
 	if v, ok := binding.Validator.Engine().(*validator.Validate); ok {
 		// Register custom validators
 		v.RegisterValidation("safe_content", ValidateSafeContent)
-		v.RegisterValidation("iban", IBANValidator)
-		v.RegisterValidation("bic", BICValidator)
-		v.RegisterValidation("euDriversLicence", ValidateLicence)
 
 		// Register struct-level validations
 		v.RegisterStructValidation(validateUser, models.User{})

internal/validation/subscription_validation.go

@@ -16,7 +16,7 @@ func ValidateSubscription(sl validator.StructLevel) {
 	}
 
 	if sl.Parent().Type().Name() == "MembershipData" {
-		// This is subscription only operation
+		// This is modifying a subscription directly
 		if subscription.Details == "" {
 			sl.ReportError(subscription.Details, "Details", "details", "required", "")
 		}
@@ -40,7 +40,7 @@ func ValidateSubscription(sl validator.StructLevel) {
 		// This is a nested probably user struct. We are only checking if the model exists
 		existingSubscription, err := repositories.GetModelByName(&subscription.Name)
 		if err != nil || existingSubscription == nil {
-			sl.ReportError(subscription.Name, "Name", "name", "exists", "")
+			sl.ReportError(subscription.Name, "Subscription_Name", "name", "exists", "")
 		}
 	}
 }

internal/validation/user_validation.go

@@ -1,6 +1,7 @@
 package validation
 
 import (
+	"GoMembership/internal/constants"
 	"GoMembership/internal/models"
 	"GoMembership/internal/repositories"
 	"GoMembership/pkg/logger"
@@ -12,10 +13,12 @@ import (
 func validateUser(sl validator.StructLevel) {
 	user := sl.Current().Interface().(models.User)
 
-	if user.DateOfBirth.After(time.Now().AddDate(-18, 0, 0)) {
+	isSuper := user.RoleID >= constants.Roles.Admin
+	// Validate User > 18 years old
+	if !isSuper && user.DateOfBirth.After(time.Now().AddDate(-18, 0, 0)) {
 		sl.ReportError(user.DateOfBirth, "DateOfBirth", "date_of_birth", "age", "")
 	}
-
+	// validate subscriptionModel
 	if user.Membership.SubscriptionModel.Name == "" {
 		sl.ReportError(user.Membership.SubscriptionModel.Name, "SubscriptionModel.Name", "name", "required", "")
 	} else {
@@ -27,25 +30,12 @@ func validateUser(sl validator.StructLevel) {
 			user.Membership.SubscriptionModel = *selectedModel
 		}
 	}
-	validateMembership(sl, user.Membership)
+
+	validateMembership(sl)
+	if !isSuper {
+		validateBankAccount(sl)
+		if user.Licence != nil {
+			validateDriverslicence(sl)
+		}
+	}
 }
-
-// func RequiredIfNotAdmin(fl validator.FieldLevel) bool {
-// 	// Traverse up the struct hierarchy to find the IsAdmin field
-// 	current := fl.Parent()
-
-// 	// Check multiple levels of nesting to find userRole
-// 	for current.IsValid() {
-// 		if isRoleIDField := current.FieldByName("RoleID"); isRoleIDField.IsValid() {
-// 			// If IsAdmin is found and is true, skip validation
-// 			if isRoleIDField.Interface().(int8) == constants.Roles.Admin{
-// 				return true
-// 			}
-// 			break
-// 		}
-// 		current = current.Parent() // Move to the next parent level
-// 	}
-
-// If not an admin, enforce that the field must have a non-zero value
-// 	return !fl.Field().IsZero()
-// }

pkg/errors/errors.go

@@ -2,6 +2,28 @@ package errors
 
 import "errors"
 
+type ValidationKeys struct {
+	Invalid                   string
+	InternalServerError       string
+	InvalidJson               string
+	Unauthorized              string
+	InvalidSubscriptionModel  string
+	UserNotFoundWrongPassword string
+	JwtGenerationFailed       string
+	Duplicate                 string
+	InvalidUserID             string
+}
+
+type ValidationFields struct {
+	General            string
+	ParentMemberShipID string
+	SubscriptionModel  string
+	UserID             string
+	Login              string
+	Email              string
+	User               string
+}
+
 var (
 	ErrNotFound                = errors.New("not found")
 	ErrUserNotFound            = errors.New("user not found")
@@ -18,4 +40,31 @@ var (
 	ErrValidToken              = errors.New("valid token")
 	ErrInvalidUserData         = errors.New("invalid user data")
 	ErrDuplicateEntry          = errors.New("duplicate entry; unique constraint failed")
+	ErrNotAuthorized           = errors.New("not authorized")
+	ValErrParentIDNotSet       = errors.New("Parent Membership ID not provided")
+	ValErrParentIDNotFound     = errors.New("Parent Membership ID not found")
 )
+
+var Responses = struct {
+	Keys   ValidationKeys
+	Fields ValidationFields
+}{
+	Keys: ValidationKeys{
+		Invalid:                   "server.validation.invalid",
+		InternalServerError:       "server.error.internal_server_error",
+		InvalidJson:               "server.error.invalid_json",
+		Unauthorized:              "server.error.unauthorized",
+		UserNotFoundWrongPassword: "server.validation.user_not_found_or_wrong_password",
+		JwtGenerationFailed:       "server.error.jwt_generation_failed",
+		Duplicate:                 "server.validation.duplicate",
+	},
+	Fields: ValidationFields{
+		General:            "general",
+		ParentMemberShipID: "parent_membership_id",
+		SubscriptionModel:  "subscription_model",
+		UserID:             "user_id",
+		Login:              "login",
+		Email:              "email",
+		User:               "user",
+	},
+}