profile consolidated user + user extra installed for everyone.

apiV1Avatar.go

 	prefix := apiV1Prefix + "avatar/"
 	id := r.URL.Path[len(prefix):]
 
+	fakeAvatar := randomDummyImage() // get some fakeAvatar first
+	avatar := fakeAvatar
+
 	//check local file first
 	path := config.getAvatarPath() + id
 	if fileExists(path) {
 	}
 
 	// Data is the base64 encoded image
-	//check database
-	ppl := loan.People{}
-	fakeAvatar, e := ppl.ReadAvatar(id)
-
-	if e != nil {
+	// check database
+	ppl := loan.People{Id: id}
+	avatar, e := ppl.ReadAvatar() // read avatar
+	if e != nil {                 // not able to read
 		if config.Debug {
-			fakeAvatar = randomDummyImage()
+			avatar = fakeAvatar // debug mode
 		} else {
-			fakeAvatar = defaultAvatar
+			avatar = defaultAvatar // production mode
 		}
 	}
 
 	// Data is the base64 encoded image
 	// The actual image starts after the ","
-	i := strings.Index(fakeAvatar, ",")
+	i := strings.Index(avatar, ",")
 	// pass reader to NewDecoder
-	imgData := base64.NewDecoder(base64.StdEncoding, strings.NewReader(fakeAvatar[i+1:]))
+	imgData := base64.NewDecoder(base64.StdEncoding, strings.NewReader(avatar[i+1:]))
 	//send out
-	w.Header().Set("Content-Type", "image/png")
+	w.Header().Set("Content-Type", getMimeType(avatar))
 	io.Copy(w, imgData)
+}
 
+func getMimeType(avatar string) string {
+	// data:image/png;base64,some-data
+	start := strings.Index(avatar, ":")
+	end := strings.Index(avatar, ";")
+	return avatar[start+1 : end]
 }
 
 func fileExists(path string) bool {
 		apiV1Client403Error(w, r, ss)
 		return
 	}
-	p := loan.People{}
-	p.Read(id)
-	p.Avatar = string(body)
-	e = p.Write()
+	p := loan.People{Id: id} // not reading everything, just set Id for write avatar only.
+	e = p.WriteAvatar(string(body))
 	if e != nil {
 		log.Error("cannot write avatar ", id, " err ", e.Error())
 		apiV1Server500Error(w, r)
 		return
 	}
-
 	apiV1SendJson(true, w, r, ss)
 }

apiV1ChangePass.go

 		return
 	}
 
-	e = u.VerifyPass(input.OldPassword)
-	if e != nil {
-		log.Error("wrong old password ", id, e.Error())
-		apiV1Client403Error(w, r, ss)
-		return
+	if ss.GetRole() != "admin" {
+		e = u.VerifyPass(input.OldPassword)
+		if e != nil {
+			log.Error("wrong old password ", id, e.Error())
+			apiV1Client403Error(w, r, ss)
+			return
+		}
 	}
 
 	u.SetPass(input.NewPass)

apiV1PeopleList.go

 
 import (
 	"biukop.com/sfm/loan"
+	"database/sql"
 	"encoding/json"
 	log "github.com/sirupsen/logrus"
 	"net/http"
 	}
 	apiV1SendJson(p, w, r, ss)
 }
+
+func apiV1PeopleExtraGet(w http.ResponseWriter, r *http.Request, ss *loan.Session) {
+	id := r.URL.Path[len(apiV1Prefix+"people-extra/"):]
+	ret := UserExtra{}
+	ret.Role = loan.GetRoleById(id)
+
+	switch ret.Role {
+	case "people":
+		apiV1SendJson(ret, w, r, ss)
+		return
+
+	case "user":
+		u := loan.User{}
+		e := u.Read(id)
+		ret.Login = u.Login
+		ret.Enabled = u.Enabled
+
+		if e != nil {
+			log.Error("cannot find user by id", id)
+			apiV1Client404Error(w, r, ss)
+			return
+		}
+		apiV1SendJson(ret, w, r, ss)
+		return
+
+	case "broker":
+		b := loan.Broker{}
+		e := b.Read(id)
+		if e != nil { // this is broker
+			if e != sql.ErrNoRows {
+				log.Error("cannot find user by id", id)
+			}
+			apiV1Client404Error(w, r, ss)
+			ret.Role = "user"
+			return
+		}
+		ret.Login = b.Login
+		ret.Enabled = b.Enabled
+		ret.BSB = b.BSB
+		ret.ACC = b.ACC
+		ret.Organization = b.Organization
+		ret.License = b.License
+		apiV1SendJson(ret, w, r, ss)
+		return
+	case "admin":
+		u := loan.User{}
+		e := u.Read(id)
+		ret.Login = u.Login
+		ret.Enabled = u.Enabled
+
+		if e != nil {
+			log.Error("cannot find admin by id", id)
+			apiV1Client404Error(w, r, ss)
+			return
+		}
+		apiV1SendJson(ret, w, r, ss)
+		return
+	default:
+		apiV1SendJson(ret, w, r, ss)
+		return
+	}
+}

apiV1User.go

+package main
+
+import (
+	"biukop.com/sfm/loan"
+	"encoding/json"
+	log "github.com/sirupsen/logrus"
+	"net/http"
+)
+
+type UserExtra struct {
+	Enabled      bool
+	Login        string
+	BSB          string
+	ACC          string
+	License      string
+	Organization string
+	Role         string
+}
+
+func decodeJsonUserExtra(r *http.Request) (ret UserExtra, e error) {
+	decoder := json.NewDecoder(r.Body)
+	//decoder.DisallowUnknownFields()
+	e = decoder.Decode(&ret)
+	if e != nil {
+		log.Error("failed decoding PayIn for updating", e.Error())
+		return
+	}
+	return
+}
+
+func apiV1UserPost(w http.ResponseWriter, r *http.Request, ss *loan.Session) {
+	id := r.URL.Path[len(apiV1Prefix+"user/"):] //remove prefix
+
+	input, e := decodeJsonUserExtra(r)
+	log.Println(input)
+
+	if e != nil {
+		apiV1Client404Error(w, r, ss)
+		return
+	} else {
+		u := loan.User{}
+		e = u.Read(id)
+		if e != nil {
+			log.Error("cannot save basic loan", e.Error())
+			apiV1SendJson(" [ Error Occurred ] : "+e.Error(), w, r, ss)
+			return
+		}
+
+		u.Enabled = input.Enabled
+		u.Login = input.Login
+
+		e = u.Write()
+		if e != nil {
+			log.Error("cannot save basic loan", e.Error())
+			apiV1SendJson(" [ Error Occurred ] : "+e.Error(), w, r, ss)
+		} else {
+			apiV1SendJson(input.Login, w, r, ss)
+		}
+	}
+}

apiV1login.go

 	Pass  string `json:"p"`
 }
 
-type userExtra struct {
-	Enabled      int
-	Login        string
-	BSB          string
-	ACC          string
-	License      string
-	Organization string
-}
-
 func apiV1Login(w http.ResponseWriter, r *http.Request, ss *loan.Session) {
 	res := apiV1ResponseBlank()
 
 	res.add("role", ss.GetRole())
 	u, e := ss.GetUser()
 	if e == nil {
-		res.add("user", u.People)
+		res.add("User", u.People)
 
 		if ss.GetRole() == "broker" {
 			broker := loan.Broker{}
 			if e != nil {
 				log.Error("fail to retrieve broker for session ", ss, e.Error())
 			} else {
-				ue := userExtra{
+				ue := UserExtra{
 					Enabled:      broker.Enabled,
 					Login:        broker.Login,
 					BSB:          broker.BSB,
 					License:      broker.License,
 					Organization: broker.Organization,
 				}
-				res.add("userExtra", ue)
+				res.add("UserExtra", ue)
+			}
+		}
+
+		if ss.GetRole() == "admin" {
+			ue := UserExtra{
+				Enabled:      true,
+				Login:        u.Login,
+				BSB:          "",
+				ACC:          "",
+				License:      "",
+				Organization: "SFM",
 			}
+			res.add("UserExtra", ue)
 		}
 	}
 	res.add("Biukop-Session", ss.Id)

apiv1.go

 			{"DELETE", "loan/", apiV1LoanSingleDelete},
 			{"GET", "loan-by-client/", apiV1LoanByClient},
 			{"GET", "people/", apiV1PeopleGet},
+			{"GET", "people-extra/", apiV1PeopleExtraGet},
 			{"POST", "people/", apiV1PeoplePost},
 			{"GET", "broker/", apiV1BrokerGet},
 			{"POST", "broker/", apiV1BrokerPost},
 			{"GET", "broker-list/", apiV1BrokerList},
 			{"POST", "sync-people/", apiV1SyncPeople},
 			{"POST", "payIn/", apiV1PayInPost},
+			{"POST", "user/", apiV1UserPost},
 			{"DELETE", "payIn/", apiV1PayInDelete},
 			{"GET", "user-reward/", apiV1UserReward},
 			{"GET", "login", apiV1DumpRequest},
 			{"DELETE", "loan/", apiV1LoanSingleDelete},
 			{"GET", "loan-by-client/", apiV1LoanByClient},
 			{"GET", "people/", apiV1PeopleGet},
+			{"GET", "people-extra/", apiV1PeopleExtraGet},
 			{"POST", "people/", apiV1PeoplePost},
 			{"GET", "broker/", apiV1BrokerGet},
 			{"POST", "broker/", apiV1BrokerPost},
 			{"GET", "broker-list/", apiV1BrokerList},
 			{"POST", "sync-people/", apiV1SyncPeople},
 			{"POST", "payIn/", apiV1PayInPost},
+			{"POST", "user/", apiV1UserPost},
 			{"DELETE", "payIn/", apiV1PayInDelete},
 			{"GET", "user-reward/", apiV1UserReward},
 			{"GET", "login", apiV1EmptyResponse},

go.mod

 	biukop.com/sfm/loan v0.0.0-00010101000000-000000000000
 	github.com/brianvoe/gofakeit/v6 v6.0.1
 	github.com/gorilla/websocket v1.4.2
-	github.com/sirupsen/logrus v1.7.0
+	github.com/sirupsen/logrus v1.8.1
 	github.com/stretchr/testify v1.2.2
 )

go.sum

 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
+github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4=