Forbid to use other user contacts (moira-alert#145)

* Forbid user to save subscription with another user contacts

* Fix vetshadow warnings

* go get gomatalinter with update in makefile

Makefile

@@ -21,7 +21,7 @@ prepare:
 
 .PHONY: lint
 lint: prepare
-	go get github.com/alecthomas/gometalinter
+	go get -u github.com/alecthomas/gometalinter
 	gometalinter --install
 	gometalinter ./... --vendor --skip mock --disable=errcheck --disable=gocyclo --disable=gosec --deadline=5m
 

api/dto/subscription.go

@@ -2,12 +2,37 @@
 package dto
 
 import (
+	"bytes"
 	"fmt"
 	"net/http"
 
 	"github.com/moira-alert/moira"
+	"github.com/moira-alert/moira/api/middleware"
 )
 
+// SubscriptionHasAnotherUserContact used when user try to save subscription with another users contacts
+type SubscriptionHasAnotherUserContact struct {
+	contactNames []string
+}
+
+// Error is implementation of golang error interface for SubscriptionHasAnotherUserContact struct
+func (err SubscriptionHasAnotherUserContact) Error() string {
+	if len(err.contactNames) == 0 {
+		return fmt.Sprintf("user has not one of subscription contacts")
+	}
+	if len(err.contactNames) == 1 {
+		return fmt.Sprintf("user has not contact '%s'", err.contactNames[0])
+	}
+	errBuffer := bytes.NewBuffer([]byte("user has not contacts: "))
+	for idx, contactName := range err.contactNames {
+		errBuffer.WriteString(fmt.Sprintf("'%s'", contactName))
+		if idx != len(err.contactNames) {
+			errBuffer.WriteString(", ")
+		}
+	}
+	return errBuffer.String()
+}
+
 type SubscriptionList struct {
 	List []moira.SubscriptionData `json:"list"`
 }
@@ -22,14 +47,47 @@ func (*Subscription) Render(w http.ResponseWriter, r *http.Request) error {
 	return nil
 }
 
-func (subscription *Subscription) Bind(r *http.Request) error {
+func (subscription *Subscription) Bind(request *http.Request) error {
 	subscription.Tags = normalizeTags(subscription.Tags)
 	if len(subscription.Tags) == 0 {
 		return fmt.Errorf("subscription must have tags")
 	}
 	if len(subscription.Contacts) == 0 {
 		return fmt.Errorf("subscription must have contacts")
 	}
+	return subscription.checkContacts(request)
+}
+
+func (subscription *Subscription) checkContacts(request *http.Request) error {
+	database := middleware.GetDatabase(request)
+	userLogin := middleware.GetLogin(request)
+	contactIDs, err := database.GetUserContactIDs(userLogin)
+	if err != nil {
+		return err
+	}
+
+	userContactIdsHash := make(map[string]interface{})
+	for _, contactId := range contactIDs {
+		userContactIdsHash[contactId] = true
+	}
+
+	anotherUserContactIds := make([]string, 0)
+	for _, subContactId := range subscription.Contacts {
+		if _, ok := userContactIdsHash[subContactId]; !ok {
+			anotherUserContactIds = append(anotherUserContactIds, subContactId)
+		}
+	}
+	if len(anotherUserContactIds) > 0 {
+		contacts, err := database.GetContacts(anotherUserContactIds)
+		if err != nil {
+			return SubscriptionHasAnotherUserContact{}
+		}
+		anotherUserNames := make([]string, len(anotherUserContactIds))
+		for _, contact := range contacts {
+			anotherUserNames = append(anotherUserNames, contact.Value)
+		}
+		return SubscriptionHasAnotherUserContact{contactNames: anotherUserNames}
+	}
 	return nil
 }
 

api/handler/subscription.go

@@ -6,7 +6,6 @@ import (
 
 	"github.com/go-chi/chi"
 	"github.com/go-chi/render"
-
 	"github.com/moira-alert/moira"
 	"github.com/moira-alert/moira/api"
 	"github.com/moira-alert/moira/api/controller"
@@ -75,7 +74,12 @@ func subscriptionFilter(next http.Handler) http.Handler {
 func updateSubscription(writer http.ResponseWriter, request *http.Request) {
 	subscription := &dto.Subscription{}
 	if err := render.Bind(request, subscription); err != nil {
-		render.Render(writer, request, api.ErrorInvalidRequest(err))
+		switch err.(type) {
+		case dto.SubscriptionHasAnotherUserContact:
+			render.Render(writer, request, api.ErrorForbidden(err.Error()))
+		default:
+			render.Render(writer, request, api.ErrorInvalidRequest(err))
+		}
 		return
 	}
 	subscriptionData := request.Context().Value(subscriptionKey).(moira.SubscriptionData)

plotting/helpers.go

@@ -87,8 +87,8 @@ func floatToHumanizedValueFormatter(v interface{}) string {
 		if math.Abs(typed) < 1000 {
 			return fmt.Sprintf("%.f", typed)
 		}
-		typed, postfix := humanize.ComputeSI(typed)
-		return fmt.Sprintf("%.2f %s", typed, strings.ToUpper(postfix))
+		humanized, postfix := humanize.ComputeSI(typed)
+		return fmt.Sprintf("%.2f %s", humanized, strings.ToUpper(postfix))
 	}
 	return ""
 }

plotting/legend.go

@@ -31,7 +31,7 @@ func getPlotLegend(c *chart.Chart, legendStyle chart.Style, plotWidth int) chart
 					_, isFound := foundLabels[legendLabel]
 					if !isFound && legendLabel != thresholdSerie {
 						foundLabels[legendLabel] = true
-						legendLabel = sanitizeLabelName(legendLabel, maxLabelLength)
+						legendLabel := sanitizeLabelName(legendLabel, maxLabelLength)
 						labels = append(labels, legendLabel)
 						lines = append(lines, inheritFrom(s.GetStyle()))
 						if labelsCount == maxLabelsCount-1 {