feat: return a json without sensitive information

src/mysql/create-user.sql

@@ -14,8 +14,8 @@ GRANT insert ON toolset.* TO 'toolset_insert'@'localhost';
 
 -- only delete
 CREATE USER 'toolset_delete'@'localhost' IDENTIFIED BY 'password';
-GRANT permission ON toolset.* TO 'toolset_delete'@'localhost';
+GRANT delete ON toolset.* TO 'toolset_delete'@'localhost';
 
 -- only update
 CREATE USER 'toolset_update'@'localhost' IDENTIFIED BY 'password';
-GRANT permission ON toolset.* TO 'toolset_update'@'localhost';
+GRANT update ON toolset.* TO 'toolset_update'@'localhost';

src/user/db.go

@@ -67,6 +67,7 @@ func GetByID(id int64) User {
 		log.Panicln(userRows.Err())
 	}
 
+	log.Printf("id: %s usrname: %s\n",string(u.ID), u.Username)
 	if u.ID == 0 && u.Email == "" && u.Username == "" {
 		// when there is no entry found, return id = -1
 		u.ID = -1

src/user/handlers.go

@@ -3,22 +3,19 @@ package user
 import (
 	"bytes"
 	"encoding/json"
+	"github.com/gorilla/mux"
+	"github.com/youngtrashbag/toolset/src/database"
 	"io/ioutil"
 	"log"
 	"net/http"
 	"strconv"
-	"time"
-
-	"github.com/gorilla/mux"
-	"github.com/youngtrashbag/toolset/src/database"
 )
 
 type jUser struct {
 	ID           int64 `json:"id"`
 	Username     string `json:"username"`
 	Email        string `json:"email"`
-	password     string
-	CreationDate time.Time `json:"creation_date"`
+	CreationDate string `json:"creation_date"`
 }
 
 // APIHandleCreate : handles the creation a user
@@ -82,7 +79,17 @@ func APIHandleByID(res http.ResponseWriter, req *http.Request) {
 				u := GetByID(int64(id))
 
 				if u.ID != -1 {
-					json.NewEncoder(res).Encode(u)
+
+					var t string
+					database.ConvertTime(&u.CreationDate, &t)
+					j := jUser{
+						ID:           u.ID,
+						Username:     u.Username,
+						Email:        u.Email,
+						CreationDate: t,
+					}
+
+					json.NewEncoder(res).Encode(j)
 					res.WriteHeader(http.StatusOK)
 				} else {
 					//user not in database