From f55734077a31ab462f767a941503581ef19a3905 Mon Sep 17 00:00:00 2001
From: Ilia Donchenko <iliad@me.com>
Date: Tue, 7 Aug 2018 16:13:33 +0300
Subject: [PATCH 1/6] Fix transaction

---
 pkg/server/impl/login.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/server/impl/login.go b/pkg/server/impl/login.go
index 8530e0d6..a1e986f8 100644
--- a/pkg/server/impl/login.go
+++ b/pkg/server/impl/login.go
@@ -228,7 +228,7 @@ func (u *serverImpl) Logout(ctx context.Context) error {
 			return cherry.ErrInvalidLink()
 		}
 		err := u.svc.DB.Transactional(ctx, func(ctx context.Context, tx db.DB) error {
-			return u.svc.DB.DeleteToken(ctx, oneTimeToken.Token)
+			return tx.DeleteToken(ctx, oneTimeToken.Token)
 		})
 		if err = u.handleDBError(err); err != nil {
 			u.log.WithError(err)

From 00f5682577285116b6dda24e5a71507a9f01f813 Mon Sep 17 00:00:00 2001
From: Ilia Donchenko <iliad@me.com>
Date: Thu, 9 Aug 2018 16:10:50 +0300
Subject: [PATCH 2/6] Make "admin" and "user" consts Rename erorrs package

---
 pkg/router/handlers/accounts.go         | 14 +++---
 pkg/router/handlers/admin.go            | 26 +++++------
 pkg/router/handlers/domain_blacklist.go | 12 ++---
 pkg/router/handlers/group.go            | 58 ++++++++++++-------------
 pkg/router/handlers/links.go            |  8 ++--
 pkg/router/handlers/login.go            | 18 ++++----
 pkg/router/handlers/password.go         | 18 ++++----
 pkg/router/handlers/user.go             | 20 ++++-----
 pkg/router/handlers/user_blacklist.go   | 14 +++---
 pkg/router/handlers/user_info.go        | 20 ++++-----
 pkg/router/middleware/middleware.go     | 13 ++++--
 pkg/router/router.go                    |  8 ++--
 pkg/server/impl/admin.go                |  9 ++--
 pkg/server/impl/checks.go               |  4 +-
 pkg/server/impl/user_changes.go         |  7 +--
 pkg/server/utils.go                     |  9 ++--
 pkg/{umErrors => umerrors}/Errors.toml  |  0
 pkg/{umErrors => umerrors}/errors.go    |  2 +-
 pkg/{umErrors => umerrors}/umErrors.go  |  5 ++-
 19 files changed, 139 insertions(+), 126 deletions(-)
 rename pkg/{umErrors => umerrors}/Errors.toml (100%)
 rename pkg/{umErrors => umerrors}/errors.go (70%)
 rename pkg/{umErrors => umerrors}/umErrors.go (99%)

diff --git a/pkg/router/handlers/accounts.go b/pkg/router/handlers/accounts.go
index 90afc647..c1a3c4a8 100644
--- a/pkg/router/handlers/accounts.go
+++ b/pkg/router/handlers/accounts.go
@@ -38,7 +38,7 @@ func GetBoundAccountsHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetUserInfo(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetUserInfo(), ctx)
 		}
 		return
 	}
@@ -68,12 +68,12 @@ func AddBoundAccountHandler(ctx *gin.Context) {
 
 	var request models.OAuthLoginRequest
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	if errs := validation.ValidateOAuthLoginRequest(request); errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
@@ -83,7 +83,7 @@ func AddBoundAccountHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableBindAccount(), ctx)
+			gonic.Gonic(umerrors.ErrUnableBindAccount(), ctx)
 		}
 		return
 	}
@@ -114,12 +114,12 @@ func DeleteBoundAccountHandler(ctx *gin.Context) {
 
 	var request models.BoundAccountDeleteRequest
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	if errs := validation.ValidateResource(request); errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
@@ -129,7 +129,7 @@ func DeleteBoundAccountHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableUnbindAccount(), ctx)
+			gonic.Gonic(umerrors.ErrUnableUnbindAccount(), ctx)
 		}
 		return
 	}
diff --git a/pkg/router/handlers/admin.go b/pkg/router/handlers/admin.go
index d538ca2e..b7e2de2a 100644
--- a/pkg/router/handlers/admin.go
+++ b/pkg/router/handlers/admin.go
@@ -38,13 +38,13 @@ func AdminUserCreateHandler(ctx *gin.Context) {
 
 	var request models.UserLogin
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	errs := validation.ValidateUserLogin(request)
 	if errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
@@ -54,7 +54,7 @@ func AdminUserCreateHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableCreateUser(), ctx)
+			gonic.Gonic(umerrors.ErrUnableCreateUser(), ctx)
 		}
 		return
 	}
@@ -84,7 +84,7 @@ func AdminUserActivateHandler(ctx *gin.Context) {
 
 	var request models.UserLogin
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
@@ -93,7 +93,7 @@ func AdminUserActivateHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableDeleteUser(), ctx)
+			gonic.Gonic(umerrors.ErrUnableDeleteUser(), ctx)
 		}
 		return
 	}
@@ -124,7 +124,7 @@ func AdminUserDeactivateHandler(ctx *gin.Context) {
 	var request models.UserLogin
 
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
@@ -134,7 +134,7 @@ func AdminUserDeactivateHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableDeleteUser(), ctx)
+			gonic.Gonic(umerrors.ErrUnableDeleteUser(), ctx)
 		}
 		return
 	}
@@ -165,7 +165,7 @@ func AdminSetAdminHandler(ctx *gin.Context) {
 	var request models.UserLogin
 
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
@@ -175,7 +175,7 @@ func AdminSetAdminHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableDeleteUser(), ctx)
+			gonic.Gonic(umerrors.ErrUnableDeleteUser(), ctx)
 		}
 		return
 	}
@@ -206,7 +206,7 @@ func AdminUnsetAdminHandler(ctx *gin.Context) {
 	var request models.UserLogin
 
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
@@ -216,7 +216,7 @@ func AdminUnsetAdminHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableDeleteUser(), ctx)
+			gonic.Gonic(umerrors.ErrUnableDeleteUser(), ctx)
 		}
 		return
 	}
@@ -249,7 +249,7 @@ func AdminResetPasswordHandler(ctx *gin.Context) {
 	var request models.UserLogin
 
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
@@ -259,7 +259,7 @@ func AdminResetPasswordHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableDeleteUser(), ctx)
+			gonic.Gonic(umerrors.ErrUnableDeleteUser(), ctx)
 		}
 		return
 	}
diff --git a/pkg/router/handlers/domain_blacklist.go b/pkg/router/handlers/domain_blacklist.go
index 60c88bb7..4d13b5a3 100644
--- a/pkg/router/handlers/domain_blacklist.go
+++ b/pkg/router/handlers/domain_blacklist.go
@@ -38,7 +38,7 @@ func BlacklistDomainsListGetHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetDomainBlacklist(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetDomainBlacklist(), ctx)
 		}
 		return
 	}
@@ -74,7 +74,7 @@ func BlacklistDomainGetHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetDomainBlacklist(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetDomainBlacklist(), ctx)
 		}
 		return
 	}
@@ -104,13 +104,13 @@ func BlacklistDomainAddHandler(ctx *gin.Context) {
 
 	var request models.Domain
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	errs := validation.ValidateDomain(request)
 	if errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
@@ -120,7 +120,7 @@ func BlacklistDomainAddHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableBlacklistDomain(), ctx)
+			gonic.Gonic(umerrors.ErrUnableBlacklistDomain(), ctx)
 		}
 		return
 	}
@@ -154,7 +154,7 @@ func BlacklistDomainDeleteHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableUnblacklistDomain(), ctx)
+			gonic.Gonic(umerrors.ErrUnableUnblacklistDomain(), ctx)
 		}
 		return
 	}
diff --git a/pkg/router/handlers/group.go b/pkg/router/handlers/group.go
index 09cef084..708c7bd6 100644
--- a/pkg/router/handlers/group.go
+++ b/pkg/router/handlers/group.go
@@ -41,7 +41,7 @@ func GetGroupsListHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetGroup(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetGroup(), ctx)
 		}
 		return
 	}
@@ -77,7 +77,7 @@ func GetGroupHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetGroup(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetGroup(), ctx)
 		}
 		return
 	}
@@ -107,18 +107,18 @@ func CreateGroupHandler(ctx *gin.Context) {
 
 	var request kube_types.UserGroup
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	if errs := validation.ValidateCreateGroup(request); errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
 	if request.UserGroupMembers != nil {
 		if errs := validation.ValidateAddMembers(*request.UserGroupMembers); errs != nil {
-			gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+			gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 			return
 		}
 	}
@@ -129,7 +129,7 @@ func CreateGroupHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableCreateGroup(), ctx)
+			gonic.Gonic(umerrors.ErrUnableCreateGroup(), ctx)
 		}
 		return
 	}
@@ -140,7 +140,7 @@ func CreateGroupHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetGroup(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetGroup(), ctx)
 		}
 		return
 	}
@@ -178,12 +178,12 @@ func UpdateGroupMemberHandler(ctx *gin.Context) {
 
 	var request kube_types.UserGroupMember
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	if errs := validation.ValidateUpdateMember(request); errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
@@ -193,13 +193,13 @@ func UpdateGroupMemberHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetGroup(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetGroup(), ctx)
 		}
 		return
 	}
 
 	if group.OwnerID != httputil.MustGetUserID(ctx.Request.Context()) {
-		gonic.Gonic(umErrors.ErrNotGroupOwner(), ctx)
+		gonic.Gonic(umerrors.ErrNotGroupOwner(), ctx)
 		return
 	}
 
@@ -208,7 +208,7 @@ func UpdateGroupMemberHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetGroup(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetGroup(), ctx)
 		}
 		return
 	}
@@ -242,12 +242,12 @@ func AddGroupMembersHandler(ctx *gin.Context) {
 
 	var request kube_types.UserGroupMembers
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	if errs := validation.ValidateAddMembers(request); errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
@@ -257,13 +257,13 @@ func AddGroupMembersHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetGroup(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetGroup(), ctx)
 		}
 		return
 	}
 
 	if group.OwnerID != httputil.MustGetUserID(ctx.Request.Context()) {
-		gonic.Gonic(umErrors.ErrNotGroupOwner(), ctx)
+		gonic.Gonic(umerrors.ErrNotGroupOwner(), ctx)
 		return
 	}
 
@@ -273,7 +273,7 @@ func AddGroupMembersHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableAddGroupMember(), ctx)
+			gonic.Gonic(umerrors.ErrUnableAddGroupMember(), ctx)
 		}
 		return
 	}
@@ -311,13 +311,13 @@ func DeleteGroupMemberHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetGroup(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetGroup(), ctx)
 		}
 		return
 	}
 
 	if group.OwnerID != httputil.MustGetUserID(ctx.Request.Context()) {
-		gonic.Gonic(umErrors.ErrNotGroupOwner(), ctx)
+		gonic.Gonic(umerrors.ErrNotGroupOwner(), ctx)
 		return
 	}
 
@@ -326,7 +326,7 @@ func DeleteGroupMemberHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetGroup(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetGroup(), ctx)
 		}
 		return
 	}
@@ -360,13 +360,13 @@ func DeleteGroupHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetGroup(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetGroup(), ctx)
 		}
 		return
 	}
 
 	if group.OwnerID != httputil.MustGetUserID(ctx.Request.Context()) {
-		gonic.Gonic(umErrors.ErrNotGroupOwner(), ctx)
+		gonic.Gonic(umerrors.ErrNotGroupOwner(), ctx)
 		return
 	}
 
@@ -375,7 +375,7 @@ func DeleteGroupHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableDeleteGroup(), ctx)
+			gonic.Gonic(umerrors.ErrUnableDeleteGroup(), ctx)
 		}
 		return
 	}
@@ -419,12 +419,12 @@ func getGroupID(ctx *gin.Context) {
 
 	var ids models.IDList
 	if err := ctx.ShouldBindWith(&ids, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	if len(ids) < 1 {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetails("no group ids in request"), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetails("no group ids in request"), ctx)
 		return
 	}
 
@@ -434,7 +434,7 @@ func getGroupID(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetUsersList(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetUsersList(), ctx)
 		}
 		return
 	}
@@ -463,12 +463,12 @@ func getGroupIDFull(ctx *gin.Context) {
 
 	var ids models.IDList
 	if err := ctx.ShouldBindWith(&ids, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	if len(ids) < 1 {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetails("no group ids in request"), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetails("no group ids in request"), ctx)
 		return
 	}
 
@@ -478,7 +478,7 @@ func getGroupIDFull(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetUsersList(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetUsersList(), ctx)
 		}
 		return
 	}
diff --git a/pkg/router/handlers/links.go b/pkg/router/handlers/links.go
index a375c7dd..0fe57349 100644
--- a/pkg/router/handlers/links.go
+++ b/pkg/router/handlers/links.go
@@ -35,13 +35,13 @@ func LinkResendHandler(ctx *gin.Context) {
 
 	var request models.UserLogin
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	errs := validation.ValidateUserLogin(request)
 	if errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
@@ -51,7 +51,7 @@ func LinkResendHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableResendLink(), ctx)
+			gonic.Gonic(umerrors.ErrUnableResendLink(), ctx)
 		}
 		return
 	}
@@ -87,7 +87,7 @@ func LinksGetHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetUserInfo(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetUserInfo(), ctx)
 		}
 		return
 	}
diff --git a/pkg/router/handlers/login.go b/pkg/router/handlers/login.go
index 8450853a..6a8136a8 100644
--- a/pkg/router/handlers/login.go
+++ b/pkg/router/handlers/login.go
@@ -39,12 +39,12 @@ func BasicLoginHandler(ctx *gin.Context) {
 
 	var request models.LoginRequest
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	if errs := validation.ValidateLoginRequest(request); errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
@@ -54,7 +54,7 @@ func BasicLoginHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrLoginFailed(), ctx)
+			gonic.Gonic(umerrors.ErrLoginFailed(), ctx)
 		}
 		return
 	}
@@ -87,7 +87,7 @@ func OneTimeTokenLoginHandler(ctx *gin.Context) {
 
 	var request models.OneTimeTokenLoginRequest
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
@@ -97,7 +97,7 @@ func OneTimeTokenLoginHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrLoginFailed(), ctx)
+			gonic.Gonic(umerrors.ErrLoginFailed(), ctx)
 		}
 		return
 	}
@@ -130,12 +130,12 @@ func OAuthLoginHandler(ctx *gin.Context) {
 
 	var request models.OAuthLoginRequest
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	if errs := validation.ValidateOAuthLoginRequest(request); errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
@@ -145,7 +145,7 @@ func OAuthLoginHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrLoginFailed(), ctx)
+			gonic.Gonic(umerrors.ErrLoginFailed(), ctx)
 		}
 		return
 	}
@@ -175,7 +175,7 @@ func LogoutHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrLogoutFailed(), ctx)
+			gonic.Gonic(umerrors.ErrLogoutFailed(), ctx)
 		}
 		return
 	}
diff --git a/pkg/router/handlers/password.go b/pkg/router/handlers/password.go
index 5407bd4b..e72fd622 100644
--- a/pkg/router/handlers/password.go
+++ b/pkg/router/handlers/password.go
@@ -38,13 +38,13 @@ func PasswordChangeHandler(ctx *gin.Context) {
 
 	var request models.PasswordChangeRequest
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	errs := validation.ValidatePasswordChangeRequest(request)
 	if errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
@@ -54,7 +54,7 @@ func PasswordChangeHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableChangePassword(), ctx)
+			gonic.Gonic(umerrors.ErrUnableChangePassword(), ctx)
 		}
 		return
 	}
@@ -82,13 +82,13 @@ func PasswordResetHandler(ctx *gin.Context) {
 
 	var request models.UserLogin
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	errs := validation.ValidateUserLogin(request)
 	if errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
@@ -98,7 +98,7 @@ func PasswordResetHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableResetPassword(), ctx)
+			gonic.Gonic(umerrors.ErrUnableResetPassword(), ctx)
 		}
 		return
 	}
@@ -128,13 +128,13 @@ func PasswordRestoreHandler(ctx *gin.Context) {
 
 	var request models.PasswordRestoreRequest
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	errs := validation.ValidatePasswordRestoreRequest(request)
 	if errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
@@ -144,7 +144,7 @@ func PasswordRestoreHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableResetPassword(), ctx)
+			gonic.Gonic(umerrors.ErrUnableResetPassword(), ctx)
 		}
 		return
 	}
diff --git a/pkg/router/handlers/user.go b/pkg/router/handlers/user.go
index bd742ca4..36258fb4 100644
--- a/pkg/router/handlers/user.go
+++ b/pkg/router/handlers/user.go
@@ -40,13 +40,13 @@ func UserCreateHandler(ctx *gin.Context) {
 	var request models.RegisterRequest
 
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	errs := validation.ValidateUserCreateRequest(request)
 	if errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
@@ -56,7 +56,7 @@ func UserCreateHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableCreateUser(), ctx)
+			gonic.Gonic(umerrors.ErrUnableCreateUser(), ctx)
 		}
 		return
 	}
@@ -88,13 +88,13 @@ func ActivateHandler(ctx *gin.Context) {
 
 	var request models.Link
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	errs := validation.ValidateLink(request)
 	if errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
@@ -104,7 +104,7 @@ func ActivateHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableActivate(), ctx)
+			gonic.Gonic(umerrors.ErrUnableActivate(), ctx)
 		}
 		return
 	}
@@ -134,7 +134,7 @@ func PartialDeleteHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableDeleteUser(), ctx)
+			gonic.Gonic(umerrors.ErrUnableDeleteUser(), ctx)
 		}
 		return
 	}
@@ -165,13 +165,13 @@ func CompleteDeleteHandler(ctx *gin.Context) {
 
 	var request models.UserLogin
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	errs := validation.ValidateUserID(request)
 	if errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
@@ -181,7 +181,7 @@ func CompleteDeleteHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableDeleteUser(), ctx)
+			gonic.Gonic(umerrors.ErrUnableDeleteUser(), ctx)
 		}
 		return
 	}
diff --git a/pkg/router/handlers/user_blacklist.go b/pkg/router/handlers/user_blacklist.go
index 4bbc34c1..9163f747 100644
--- a/pkg/router/handlers/user_blacklist.go
+++ b/pkg/router/handlers/user_blacklist.go
@@ -67,7 +67,7 @@ func BlacklistGetHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetUserBlacklist(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetUserBlacklist(), ctx)
 		}
 		return
 	}
@@ -97,13 +97,13 @@ func UserToBlacklistHandler(ctx *gin.Context) {
 
 	var request models.UserLogin
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	errs := validation.ValidateUserID(request)
 	if errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
@@ -113,7 +113,7 @@ func UserToBlacklistHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableBlacklistUser(), ctx)
+			gonic.Gonic(umerrors.ErrUnableBlacklistUser(), ctx)
 		}
 		return
 	}
@@ -143,13 +143,13 @@ func UserDeleteFromBlacklistHandler(ctx *gin.Context) {
 
 	var request models.UserLogin
 	if err := ctx.ShouldBindWith(&request, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	errs := validation.ValidateUserLogin(request)
 	if errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
@@ -159,7 +159,7 @@ func UserDeleteFromBlacklistHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableUnblacklistUser(), ctx)
+			gonic.Gonic(umerrors.ErrUnableUnblacklistUser(), ctx)
 		}
 		return
 	}
diff --git a/pkg/router/handlers/user_info.go b/pkg/router/handlers/user_info.go
index bc0a48c9..c162ad85 100644
--- a/pkg/router/handlers/user_info.go
+++ b/pkg/router/handlers/user_info.go
@@ -40,7 +40,7 @@ func UserInfoGetHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetUserInfo(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetUserInfo(), ctx)
 		}
 		return
 	}
@@ -71,13 +71,13 @@ func UserInfoUpdateHandler(ctx *gin.Context) {
 
 	var newData models.UserData
 	if err := ctx.ShouldBindWith(&newData, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	errs := validation.ValidateUserData(newData)
 	if errs != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(errs...), ctx)
 		return
 	}
 
@@ -87,7 +87,7 @@ func UserInfoUpdateHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableUpdateUserInfo(), ctx)
+			gonic.Gonic(umerrors.ErrUnableUpdateUserInfo(), ctx)
 		}
 		return
 	}
@@ -121,7 +121,7 @@ func UserGetByIDHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetUserInfo(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetUserInfo(), ctx)
 		}
 		return
 	}
@@ -155,7 +155,7 @@ func UserGetByLoginHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetUserInfo(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetUserInfo(), ctx)
 		}
 		return
 	}
@@ -216,7 +216,7 @@ func UserListGetHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetUsersList(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetUsersList(), ctx)
 		}
 		return
 	}
@@ -246,12 +246,12 @@ func UserListLoginID(ctx *gin.Context) {
 
 	var ids models.IDList
 	if err := ctx.ShouldBindWith(&ids, binding.JSON); err != nil {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetailsErr(err), ctx)
 		return
 	}
 
 	if len(ids) < 1 {
-		gonic.Gonic(umErrors.ErrRequestValidationFailed().AddDetails("no users ids in request"), ctx)
+		gonic.Gonic(umerrors.ErrRequestValidationFailed().AddDetails("no users ids in request"), ctx)
 		return
 	}
 
@@ -261,7 +261,7 @@ func UserListLoginID(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umErrors.ErrUnableGetUsersList(), ctx)
+			gonic.Gonic(umerrors.ErrUnableGetUsersList(), ctx)
 		}
 		return
 	}
diff --git a/pkg/router/middleware/middleware.go b/pkg/router/middleware/middleware.go
index 70e91e11..a71f4450 100644
--- a/pkg/router/middleware/middleware.go
+++ b/pkg/router/middleware/middleware.go
@@ -10,17 +10,22 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
+const (
+	RoleUser  = "user"
+	RoleAdmin = "admin"
+)
+
 // RequireAdminRole
 func RequireAdminRole(ctx *gin.Context) {
-	if ctx.GetHeader(textproto.CanonicalMIMEHeaderKey(headers.UserRoleXHeader)) != "admin" {
-		gonic.Gonic(umErrors.ErrAdminRequired(), ctx)
+	if ctx.GetHeader(textproto.CanonicalMIMEHeaderKey(headers.UserRoleXHeader)) != RoleAdmin {
+		gonic.Gonic(umerrors.ErrAdminRequired(), ctx)
 		return
 	}
 
 	um := ctx.MustGet(UMServices).(server.UserManager)
 	err := um.CheckAdmin(ctx.Request.Context())
 	if err != nil {
-		gonic.Gonic(umErrors.ErrAdminRequired(), ctx)
+		gonic.Gonic(umerrors.ErrAdminRequired(), ctx)
 	}
 }
 
@@ -28,6 +33,6 @@ func RequireUserExist(ctx *gin.Context) {
 	um := ctx.MustGet(UMServices).(server.UserManager)
 	err := um.CheckUserExist(ctx.Request.Context())
 	if err != nil {
-		gonic.Gonic(umErrors.ErrUserNotExist(), ctx)
+		gonic.Gonic(umerrors.ErrUserNotExist(), ctx)
 	}
 }
diff --git a/pkg/router/router.go b/pkg/router/router.go
index d602a5fd..7afb70ed 100644
--- a/pkg/router/router.go
+++ b/pkg/router/router.go
@@ -42,7 +42,7 @@ func initMiddlewares(e *gin.Engine, um *server.UserManager, enableCORS bool) {
 		StaticFS("/", static.HTTP)
 	/* System */
 	e.Use(ginrus.Ginrus(logrus.WithField("component", "gin"), time.RFC3339, true))
-	e.Use(gonic.Recovery(umErrors.ErrInternalError, cherrylog.NewLogrusAdapter(logrus.WithField("component", "gin"))))
+	e.Use(gonic.Recovery(umerrors.ErrInternalError, cherrylog.NewLogrusAdapter(logrus.WithField("component", "gin"))))
 	/* Custom */
 	e.Use(m.RegisterServices(um))
 	e.Use(utils.PrepareContext)
@@ -51,10 +51,10 @@ func initMiddlewares(e *gin.Engine, um *server.UserManager, enableCORS bool) {
 
 // SetupRoutes sets up http router needed to handle requests from clients.
 func initRoutes(app *gin.Engine) {
-	requireIdentityHeaders := utils.RequireHeaders(umErrors.ErrRequiredHeadersNotProvided, headers.UserIDXHeader, headers.UserRoleXHeader)
-	requireLoginHeaders := utils.RequireHeaders(umErrors.ErrRequiredHeadersNotProvided, headers.UserAgentXHeader, headers.UserClientXHeader, headers.UserIPXHeader)
+	requireIdentityHeaders := utils.RequireHeaders(umerrors.ErrRequiredHeadersNotProvided, headers.UserIDXHeader, headers.UserRoleXHeader)
+	requireLoginHeaders := utils.RequireHeaders(umerrors.ErrRequiredHeadersNotProvided, headers.UserAgentXHeader, headers.UserClientXHeader, headers.UserIPXHeader)
 	//TODO
-	requireLogoutHeaders := utils.RequireHeaders(umErrors.ErrRequiredHeadersNotProvided, headers.TokenIDXHeader, "X-Session-ID")
+	requireLogoutHeaders := utils.RequireHeaders(umerrors.ErrRequiredHeadersNotProvided, headers.TokenIDXHeader, "X-Session-ID")
 
 	root := app.Group("")
 	{
diff --git a/pkg/server/impl/admin.go b/pkg/server/impl/admin.go
index fe3f7c1c..eb3f4eed 100644
--- a/pkg/server/impl/admin.go
+++ b/pkg/server/impl/admin.go
@@ -8,6 +8,7 @@ import (
 	"git.containerum.net/ch/auth/proto"
 	"git.containerum.net/ch/user-manager/pkg/db"
 	"git.containerum.net/ch/user-manager/pkg/models"
+	m "git.containerum.net/ch/user-manager/pkg/router/middleware"
 	cherry "git.containerum.net/ch/user-manager/pkg/umErrors"
 	"git.containerum.net/ch/user-manager/pkg/utils"
 	"git.containerum.net/ch/user-manager/pkg/validation"
@@ -45,7 +46,7 @@ func (u *serverImpl) AdminCreateUser(ctx context.Context, request models.UserLog
 		Login:        request.Login,
 		PasswordHash: passwordHash,
 		Salt:         salt,
-		Role:         "user",
+		Role:         m.RoleUser,
 		IsActive:     true,
 		IsDeleted:    false,
 	}
@@ -190,7 +191,7 @@ func (u *serverImpl) AdminSetAdmin(ctx context.Context, request models.UserLogin
 		return err
 	}
 
-	user.Role = "admin"
+	user.Role = m.RoleAdmin
 	err = u.svc.DB.Transactional(ctx, func(ctx context.Context, tx db.DB) error {
 		return tx.UpdateUser(ctx, user)
 	})
@@ -217,7 +218,7 @@ func (u *serverImpl) AdminUnsetAdmin(ctx context.Context, request models.UserLog
 		return cherry.ErrChangeOwnPermissions()
 	}
 
-	user.Role = "user"
+	user.Role = m.RoleUser
 	err = u.svc.DB.Transactional(ctx, func(ctx context.Context, tx db.DB) error {
 		return tx.UpdateUser(ctx, user)
 	})
@@ -255,7 +256,7 @@ func (u *serverImpl) CreateFirstAdmin(password string) error {
 		Login:        "admin@local.containerum.io",
 		PasswordHash: passwordHash,
 		Salt:         salt,
-		Role:         "admin",
+		Role:         m.RoleAdmin,
 		IsActive:     true,
 		IsDeleted:    false,
 	}
diff --git a/pkg/server/impl/checks.go b/pkg/server/impl/checks.go
index ceffbe1b..e47e0ed4 100644
--- a/pkg/server/impl/checks.go
+++ b/pkg/server/impl/checks.go
@@ -3,6 +3,8 @@ package impl
 import (
 	"context"
 
+	m "git.containerum.net/ch/user-manager/pkg/router/middleware"
+
 	cherry "git.containerum.net/ch/user-manager/pkg/umErrors"
 	"github.com/containerum/utils/httputil"
 )
@@ -34,7 +36,7 @@ func (u *serverImpl) CheckAdmin(ctx context.Context) error {
 		return err
 	}
 
-	if user.Role != "admin" {
+	if user.Role != m.RoleAdmin {
 		u.log.WithError(cherry.ErrAdminRequired())
 		return cherry.ErrAdminRequired()
 	}
diff --git a/pkg/server/impl/user_changes.go b/pkg/server/impl/user_changes.go
index 645cf227..e20a2ee6 100644
--- a/pkg/server/impl/user_changes.go
+++ b/pkg/server/impl/user_changes.go
@@ -14,6 +14,7 @@ import (
 	mttypes "git.containerum.net/ch/mail-templater/pkg/models"
 	"git.containerum.net/ch/user-manager/pkg/db"
 	"git.containerum.net/ch/user-manager/pkg/models"
+	m "git.containerum.net/ch/user-manager/pkg/router/middleware"
 	"git.containerum.net/ch/user-manager/pkg/utils"
 	"github.com/containerum/utils/httputil"
 
@@ -70,7 +71,7 @@ func (u *serverImpl) CreateUser(ctx context.Context, request models.RegisterRequ
 			Login:        request.Login,
 			PasswordHash: passwordHash,
 			Salt:         salt,
-			Role:         "user",
+			Role:         m.RoleUser,
 			IsActive:     false,
 			IsDeleted:    false,
 		}
@@ -202,7 +203,7 @@ func (u *serverImpl) BlacklistUser(ctx context.Context, request models.UserLogin
 		u.log.WithError(err)
 		return err
 	}
-	if user.Role == "admin" {
+	if user.Role == m.RoleAdmin {
 		return cherry.ErrRequestValidationFailed().AddDetails(blacklistAdmin)
 	}
 
@@ -338,7 +339,7 @@ func (u *serverImpl) PartiallyDeleteUser(ctx context.Context) error {
 		return cherry.ErrUserNotExist()
 	}
 
-	if user.Role == "admin" {
+	if user.Role == m.RoleAdmin {
 		adminsCount, err := u.svc.DB.CountAdmins(ctx)
 		if err != nil {
 			return cherry.ErrUserNotExist()
diff --git a/pkg/server/utils.go b/pkg/server/utils.go
index 1dde2170..1bbf266d 100644
--- a/pkg/server/utils.go
+++ b/pkg/server/utils.go
@@ -1,6 +1,9 @@
 package server
 
-import "git.containerum.net/ch/user-manager/pkg/db"
+import (
+	"git.containerum.net/ch/user-manager/pkg/db"
+	m "git.containerum.net/ch/user-manager/pkg/router/middleware"
+)
 
 // CreateFilterFunc is a helper function which creates a function needed to check if profile satisfies given filters
 func CreateFilterFunc(filters ...string) func(p db.UserProfileAccounts) bool {
@@ -25,11 +28,11 @@ func CreateFilterFunc(filters ...string) func(p db.UserProfileAccounts) bool {
 			})
 		case "user":
 			filterFuncs = append(filterFuncs, func(p db.UserProfileAccounts) bool {
-				return p.User.Role == "user"
+				return p.User.Role == m.RoleUser
 			})
 		case "admin":
 			filterFuncs = append(filterFuncs, func(p db.UserProfileAccounts) bool {
-				return p.User.Role == "admin"
+				return p.User.Role == m.RoleAdmin
 			})
 		}
 
diff --git a/pkg/umErrors/Errors.toml b/pkg/umerrors/Errors.toml
similarity index 100%
rename from pkg/umErrors/Errors.toml
rename to pkg/umerrors/Errors.toml
diff --git a/pkg/umErrors/errors.go b/pkg/umerrors/errors.go
similarity index 70%
rename from pkg/umErrors/errors.go
rename to pkg/umerrors/errors.go
index 0a883333..522793c7 100644
--- a/pkg/umErrors/errors.go
+++ b/pkg/umerrors/errors.go
@@ -1,3 +1,3 @@
-package umErrors
+package umerrors
 
 //go:generate noice -t Errors.toml -o .
diff --git a/pkg/umErrors/umErrors.go b/pkg/umerrors/umErrors.go
similarity index 99%
rename from pkg/umErrors/umErrors.go
rename to pkg/umerrors/umErrors.go
index f56bb7bd..061aaade 100644
--- a/pkg/umErrors/umErrors.go
+++ b/pkg/umerrors/umErrors.go
@@ -1,10 +1,11 @@
 // Code generated by noice. DO NOT EDIT.
-package umErrors
+package umerrors
 
 import (
 	bytes "bytes"
-	cherry "github.com/containerum/cherry"
 	template "text/template"
+
+	cherry "github.com/containerum/cherry"
 )
 
 const ()

From ff272c3d977cc45073bd3709e5713c0b3999506f Mon Sep 17 00:00:00 2001
From: Ilia Donchenko <iliad@me.com>
Date: Mon, 13 Aug 2018 18:00:46 +0300
Subject: [PATCH 3/6] Disaallow adding admin to group

---
 pkg/clients/oauth.go                      |  2 +-
 pkg/db/postgres.go                        |  2 +-
 pkg/db/postgres/groups.go                 | 10 +++++++--
 pkg/router/handlers/accounts.go           |  2 +-
 pkg/router/handlers/admin.go              |  2 +-
 pkg/router/handlers/domain_blacklist.go   |  2 +-
 pkg/router/handlers/group.go              | 24 ++++++++++++++++----
 pkg/router/handlers/links.go              |  2 +-
 pkg/router/handlers/login.go              |  2 +-
 pkg/router/handlers/password.go           |  2 +-
 pkg/router/handlers/user.go               |  2 +-
 pkg/router/handlers/user_blacklist.go     |  2 +-
 pkg/router/handlers/user_info.go          |  2 +-
 pkg/router/middleware/middleware.go       |  2 +-
 pkg/router/router.go                      |  2 +-
 pkg/server/impl/accounts.go               |  2 +-
 pkg/server/impl/admin.go                  |  2 +-
 pkg/server/impl/checks.go                 |  2 +-
 pkg/server/impl/domain_blacklist.go       |  2 +-
 pkg/server/impl/group.go                  |  9 ++++++--
 pkg/server/impl/impl.go                   |  2 +-
 pkg/server/impl/login.go                  |  2 +-
 pkg/server/impl/password.go               |  2 +-
 pkg/server/impl/user_changes.go           |  2 +-
 pkg/server/impl/user_info.go              |  2 +-
 pkg/umerrors/Errors.toml                  | 16 ++++++++++++--
 pkg/umerrors/{umErrors.go => umerrors.go} | 27 +++++++++++++++++++++--
 27 files changed, 96 insertions(+), 34 deletions(-)
 rename pkg/umerrors/{umErrors.go => umerrors.go} (96%)

diff --git a/pkg/clients/oauth.go b/pkg/clients/oauth.go
index 4d10a6d5..e69bd796 100644
--- a/pkg/clients/oauth.go
+++ b/pkg/clients/oauth.go
@@ -9,7 +9,7 @@ import (
 
 	"time"
 
-	cherry "git.containerum.net/ch/user-manager/pkg/umErrors"
+	cherry "git.containerum.net/ch/user-manager/pkg/umerrors"
 	"github.com/json-iterator/go"
 	"gopkg.in/resty.v1"
 )
diff --git a/pkg/db/postgres.go b/pkg/db/postgres.go
index d0e71d5d..e63f0ceb 100644
--- a/pkg/db/postgres.go
+++ b/pkg/db/postgres.go
@@ -159,7 +159,7 @@ type DB interface {
 
 	GetGroup(ctx context.Context, groupID string) (*UserGroup, error)
 	GetGroupMembers(ctx context.Context, groupID string) ([]UserGroupMember, error)
-	GetUserGroupsIDsAccesses(ctx context.Context, userID string) (map[string]string, error)
+	GetUserGroupsIDsAccesses(ctx context.Context, userID string, isAdmin bool) (map[string]string, error)
 	GetGroupListLabelID(ctx context.Context, ids []string) ([]UserGroup, error)
 	GetGroupListByIDs(ctx context.Context, ids []string) ([]UserGroup, error)
 	CreateGroup(ctx context.Context, group *UserGroup) error
diff --git a/pkg/db/postgres/groups.go b/pkg/db/postgres/groups.go
index ee7c55dd..e664cc3a 100644
--- a/pkg/db/postgres/groups.go
+++ b/pkg/db/postgres/groups.go
@@ -73,11 +73,17 @@ func (pgdb *pgDB) GetGroupMembers(ctx context.Context, groupID string) ([]db.Use
 	return resp, err
 }
 
-func (pgdb *pgDB) GetUserGroupsIDsAccesses(ctx context.Context, userID string) (map[string]string, error) {
+func (pgdb *pgDB) GetUserGroupsIDsAccesses(ctx context.Context, userID string, isAdmin bool) (map[string]string, error) {
 	pgdb.log.Infoln("Get users groups", userID)
 	resp := make(map[string]string)
 
-	rows, err := pgdb.qLog.QueryxContext(ctx, "SELECT group_id, default_access FROM groups_members WHERE user_id = $1", userID)
+	var rows *sqlx.Rows
+	var err error
+	if isAdmin {
+		rows, err = pgdb.qLog.QueryxContext(ctx, "SELECT group_id, default_access FROM groups_members")
+	} else {
+		rows, err = pgdb.qLog.QueryxContext(ctx, "SELECT group_id, default_access FROM groups_members WHERE user_id = $1", userID)
+	}
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/router/handlers/accounts.go b/pkg/router/handlers/accounts.go
index c1a3c4a8..623237f6 100644
--- a/pkg/router/handlers/accounts.go
+++ b/pkg/router/handlers/accounts.go
@@ -6,7 +6,7 @@ import (
 	"git.containerum.net/ch/user-manager/pkg/models"
 	m "git.containerum.net/ch/user-manager/pkg/router/middleware"
 	"git.containerum.net/ch/user-manager/pkg/server"
-	"git.containerum.net/ch/user-manager/pkg/umErrors"
+	"git.containerum.net/ch/user-manager/pkg/umerrors"
 	"git.containerum.net/ch/user-manager/pkg/validation"
 	"github.com/containerum/cherry"
 	"github.com/containerum/cherry/adaptors/gonic"
diff --git a/pkg/router/handlers/admin.go b/pkg/router/handlers/admin.go
index b7e2de2a..8c027c73 100644
--- a/pkg/router/handlers/admin.go
+++ b/pkg/router/handlers/admin.go
@@ -6,7 +6,7 @@ import (
 	"git.containerum.net/ch/user-manager/pkg/models"
 	m "git.containerum.net/ch/user-manager/pkg/router/middleware"
 	"git.containerum.net/ch/user-manager/pkg/server"
-	"git.containerum.net/ch/user-manager/pkg/umErrors"
+	"git.containerum.net/ch/user-manager/pkg/umerrors"
 	"git.containerum.net/ch/user-manager/pkg/validation"
 	"github.com/containerum/cherry"
 	"github.com/containerum/cherry/adaptors/gonic"
diff --git a/pkg/router/handlers/domain_blacklist.go b/pkg/router/handlers/domain_blacklist.go
index 4d13b5a3..80941c4f 100644
--- a/pkg/router/handlers/domain_blacklist.go
+++ b/pkg/router/handlers/domain_blacklist.go
@@ -6,7 +6,7 @@ import (
 	"git.containerum.net/ch/user-manager/pkg/models"
 	m "git.containerum.net/ch/user-manager/pkg/router/middleware"
 	"git.containerum.net/ch/user-manager/pkg/server"
-	"git.containerum.net/ch/user-manager/pkg/umErrors"
+	"git.containerum.net/ch/user-manager/pkg/umerrors"
 	"git.containerum.net/ch/user-manager/pkg/validation"
 	"github.com/containerum/cherry"
 	"github.com/containerum/cherry/adaptors/gonic"
diff --git a/pkg/router/handlers/group.go b/pkg/router/handlers/group.go
index 708c7bd6..4865b328 100644
--- a/pkg/router/handlers/group.go
+++ b/pkg/router/handlers/group.go
@@ -8,7 +8,7 @@ import (
 	"git.containerum.net/ch/user-manager/pkg/models"
 	m "git.containerum.net/ch/user-manager/pkg/router/middleware"
 	"git.containerum.net/ch/user-manager/pkg/server"
-	"git.containerum.net/ch/user-manager/pkg/umErrors"
+	"git.containerum.net/ch/user-manager/pkg/umerrors"
 	"git.containerum.net/ch/user-manager/pkg/validation"
 	"github.com/containerum/cherry"
 	"github.com/containerum/cherry/adaptors/gonic"
@@ -193,22 +193,38 @@ func UpdateGroupMemberHandler(ctx *gin.Context) {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umerrors.ErrUnableGetGroup(), ctx)
+			gonic.Gonic(umerrors.ErrUpdateGroup(), ctx)
 		}
 		return
 	}
 
-	if group.OwnerID != httputil.MustGetUserID(ctx.Request.Context()) {
+	if group.OwnerID != httputil.MustGetUserID(ctx.Request.Context()) && httputil.MustGetUserRole(ctx.Request.Context()) != "admin" {
 		gonic.Gonic(umerrors.ErrNotGroupOwner(), ctx)
 		return
 	}
 
+	user, err := um.GetUserInfoByLogin(ctx.Request.Context(), ctx.Param("login"))
+	if err != nil {
+		if cherr, ok := err.(*cherry.Err); ok {
+			gonic.Gonic(cherr, ctx)
+		} else {
+			ctx.Error(err)
+			gonic.Gonic(umerrors.ErrUpdateGroup(), ctx)
+		}
+		return
+	}
+
+	if user.Role=="admin" {
+		gonic.Gonic(umerrors.ErrAddAdminGroup(), ctx)
+		return
+	}
+
 	if err := um.UpdateGroupMemberAccess(ctx.Request.Context(), *group, ctx.Param("login"), string(request.Access)); err != nil {
 		if cherr, ok := err.(*cherry.Err); ok {
 			gonic.Gonic(cherr, ctx)
 		} else {
 			ctx.Error(err)
-			gonic.Gonic(umerrors.ErrUnableGetGroup(), ctx)
+			gonic.Gonic(umerrors.ErrUpdateGroup(), ctx)
 		}
 		return
 	}
diff --git a/pkg/router/handlers/links.go b/pkg/router/handlers/links.go
index 0fe57349..87c9863e 100644
--- a/pkg/router/handlers/links.go
+++ b/pkg/router/handlers/links.go
@@ -10,7 +10,7 @@ import (
 	"github.com/containerum/cherry/adaptors/gonic"
 	"github.com/gin-gonic/gin"
 
-	"git.containerum.net/ch/user-manager/pkg/umErrors"
+	"git.containerum.net/ch/user-manager/pkg/umerrors"
 	"git.containerum.net/ch/user-manager/pkg/validation"
 	"github.com/gin-gonic/gin/binding"
 )
diff --git a/pkg/router/handlers/login.go b/pkg/router/handlers/login.go
index 6a8136a8..29f846a9 100644
--- a/pkg/router/handlers/login.go
+++ b/pkg/router/handlers/login.go
@@ -6,7 +6,7 @@ import (
 	"git.containerum.net/ch/user-manager/pkg/models"
 	m "git.containerum.net/ch/user-manager/pkg/router/middleware"
 	"git.containerum.net/ch/user-manager/pkg/server"
-	"git.containerum.net/ch/user-manager/pkg/umErrors"
+	"git.containerum.net/ch/user-manager/pkg/umerrors"
 	"git.containerum.net/ch/user-manager/pkg/validation"
 	"github.com/containerum/cherry"
 	"github.com/containerum/cherry/adaptors/gonic"
diff --git a/pkg/router/handlers/password.go b/pkg/router/handlers/password.go
index e72fd622..96851671 100644
--- a/pkg/router/handlers/password.go
+++ b/pkg/router/handlers/password.go
@@ -6,7 +6,7 @@ import (
 	"git.containerum.net/ch/user-manager/pkg/models"
 	m "git.containerum.net/ch/user-manager/pkg/router/middleware"
 	"git.containerum.net/ch/user-manager/pkg/server"
-	"git.containerum.net/ch/user-manager/pkg/umErrors"
+	"git.containerum.net/ch/user-manager/pkg/umerrors"
 	"git.containerum.net/ch/user-manager/pkg/validation"
 	"github.com/containerum/cherry"
 	"github.com/containerum/cherry/adaptors/gonic"
diff --git a/pkg/router/handlers/user.go b/pkg/router/handlers/user.go
index 36258fb4..c62edc74 100644
--- a/pkg/router/handlers/user.go
+++ b/pkg/router/handlers/user.go
@@ -6,7 +6,7 @@ import (
 	"git.containerum.net/ch/user-manager/pkg/models"
 	m "git.containerum.net/ch/user-manager/pkg/router/middleware"
 	"git.containerum.net/ch/user-manager/pkg/server"
-	"git.containerum.net/ch/user-manager/pkg/umErrors"
+	"git.containerum.net/ch/user-manager/pkg/umerrors"
 	"git.containerum.net/ch/user-manager/pkg/validation"
 	"github.com/containerum/cherry"
 	"github.com/containerum/cherry/adaptors/gonic"
diff --git a/pkg/router/handlers/user_blacklist.go b/pkg/router/handlers/user_blacklist.go
index 9163f747..7b9421b6 100644
--- a/pkg/router/handlers/user_blacklist.go
+++ b/pkg/router/handlers/user_blacklist.go
@@ -7,7 +7,7 @@ import (
 	"git.containerum.net/ch/user-manager/pkg/models"
 	m "git.containerum.net/ch/user-manager/pkg/router/middleware"
 	"git.containerum.net/ch/user-manager/pkg/server"
-	"git.containerum.net/ch/user-manager/pkg/umErrors"
+	"git.containerum.net/ch/user-manager/pkg/umerrors"
 	"git.containerum.net/ch/user-manager/pkg/validation"
 	"github.com/containerum/cherry"
 	"github.com/containerum/cherry/adaptors/gonic"
diff --git a/pkg/router/handlers/user_info.go b/pkg/router/handlers/user_info.go
index c162ad85..acd843ff 100644
--- a/pkg/router/handlers/user_info.go
+++ b/pkg/router/handlers/user_info.go
@@ -8,7 +8,7 @@ import (
 	"git.containerum.net/ch/user-manager/pkg/models"
 	m "git.containerum.net/ch/user-manager/pkg/router/middleware"
 	"git.containerum.net/ch/user-manager/pkg/server"
-	"git.containerum.net/ch/user-manager/pkg/umErrors"
+	"git.containerum.net/ch/user-manager/pkg/umerrors"
 	"git.containerum.net/ch/user-manager/pkg/validation"
 	"github.com/containerum/cherry"
 	"github.com/containerum/cherry/adaptors/gonic"
diff --git a/pkg/router/middleware/middleware.go b/pkg/router/middleware/middleware.go
index a71f4450..328c80c1 100644
--- a/pkg/router/middleware/middleware.go
+++ b/pkg/router/middleware/middleware.go
@@ -4,7 +4,7 @@ import (
 	"net/textproto"
 
 	"git.containerum.net/ch/user-manager/pkg/server"
-	"git.containerum.net/ch/user-manager/pkg/umErrors"
+	"git.containerum.net/ch/user-manager/pkg/umerrors"
 	"github.com/containerum/cherry/adaptors/gonic"
 	headers "github.com/containerum/utils/httputil"
 	"github.com/gin-gonic/gin"
diff --git a/pkg/router/router.go b/pkg/router/router.go
index 7afb70ed..bec91751 100644
--- a/pkg/router/router.go
+++ b/pkg/router/router.go
@@ -7,7 +7,7 @@ import (
 	h "git.containerum.net/ch/user-manager/pkg/router/handlers"
 	m "git.containerum.net/ch/user-manager/pkg/router/middleware"
 	"git.containerum.net/ch/user-manager/pkg/server"
-	"git.containerum.net/ch/user-manager/pkg/umErrors"
+	"git.containerum.net/ch/user-manager/pkg/umerrors"
 	"git.containerum.net/ch/user-manager/static"
 	"github.com/containerum/cherry/adaptors/cherrylog"
 	"github.com/containerum/cherry/adaptors/gonic"
diff --git a/pkg/server/impl/accounts.go b/pkg/server/impl/accounts.go
index 9c5a5334..9831eff3 100644
--- a/pkg/server/impl/accounts.go
+++ b/pkg/server/impl/accounts.go
@@ -8,7 +8,7 @@ import (
 	"git.containerum.net/ch/user-manager/pkg/clients"
 	"git.containerum.net/ch/user-manager/pkg/db"
 	"git.containerum.net/ch/user-manager/pkg/models"
-	cherry "git.containerum.net/ch/user-manager/pkg/umErrors"
+	cherry "git.containerum.net/ch/user-manager/pkg/umerrors"
 	"github.com/containerum/utils/httputil"
 	"github.com/sirupsen/logrus"
 )
diff --git a/pkg/server/impl/admin.go b/pkg/server/impl/admin.go
index eb3f4eed..a8680c89 100644
--- a/pkg/server/impl/admin.go
+++ b/pkg/server/impl/admin.go
@@ -9,7 +9,7 @@ import (
 	"git.containerum.net/ch/user-manager/pkg/db"
 	"git.containerum.net/ch/user-manager/pkg/models"
 	m "git.containerum.net/ch/user-manager/pkg/router/middleware"
-	cherry "git.containerum.net/ch/user-manager/pkg/umErrors"
+	cherry "git.containerum.net/ch/user-manager/pkg/umerrors"
 	"git.containerum.net/ch/user-manager/pkg/utils"
 	"git.containerum.net/ch/user-manager/pkg/validation"
 	"github.com/containerum/utils/httputil"
diff --git a/pkg/server/impl/checks.go b/pkg/server/impl/checks.go
index e47e0ed4..6d687051 100644
--- a/pkg/server/impl/checks.go
+++ b/pkg/server/impl/checks.go
@@ -5,7 +5,7 @@ import (
 
 	m "git.containerum.net/ch/user-manager/pkg/router/middleware"
 
-	cherry "git.containerum.net/ch/user-manager/pkg/umErrors"
+	cherry "git.containerum.net/ch/user-manager/pkg/umerrors"
 	"github.com/containerum/utils/httputil"
 )
 
diff --git a/pkg/server/impl/domain_blacklist.go b/pkg/server/impl/domain_blacklist.go
index 4dd1529b..0bfa9b93 100644
--- a/pkg/server/impl/domain_blacklist.go
+++ b/pkg/server/impl/domain_blacklist.go
@@ -5,7 +5,7 @@ import (
 
 	"git.containerum.net/ch/user-manager/pkg/db"
 	"git.containerum.net/ch/user-manager/pkg/models"
-	cherry "git.containerum.net/ch/user-manager/pkg/umErrors"
+	cherry "git.containerum.net/ch/user-manager/pkg/umerrors"
 	"github.com/containerum/utils/httputil"
 	"github.com/pkg/errors"
 )
diff --git a/pkg/server/impl/group.go b/pkg/server/impl/group.go
index f856c785..665763a4 100644
--- a/pkg/server/impl/group.go
+++ b/pkg/server/impl/group.go
@@ -7,7 +7,7 @@ import (
 
 	"git.containerum.net/ch/user-manager/pkg/db"
 	"git.containerum.net/ch/user-manager/pkg/models"
-	cherry "git.containerum.net/ch/user-manager/pkg/umErrors"
+	cherry "git.containerum.net/ch/user-manager/pkg/umerrors"
 	kube_types "github.com/containerum/kube-client/pkg/model"
 	"github.com/containerum/utils/httputil"
 )
@@ -74,6 +74,10 @@ func (u *serverImpl) AddGroupMembers(ctx context.Context, groupID string, reques
 			continue
 		}
 
+		if usr.Role == "admin" {
+			continue
+		}
+
 		newGroupMember := &db.UserGroupMember{
 			UserID:  usr.ID,
 			GroupID: groupID,
@@ -136,9 +140,10 @@ func (u *serverImpl) GetGroup(ctx context.Context, groupID string) (*kube_types.
 }
 
 func (u *serverImpl) GetGroupsList(ctx context.Context, userID string) (*kube_types.UserGroups, error) {
+	role := httputil.MustGetUserRole(ctx)
 	u.log.WithField("userID", userID).Info("getting groups list")
 
-	groupsIDs, err := u.svc.DB.GetUserGroupsIDsAccesses(ctx, userID)
+	groupsIDs, err := u.svc.DB.GetUserGroupsIDsAccesses(ctx, userID, role == "admin")
 	if err != nil {
 		u.log.WithError(err)
 		return nil, cherry.ErrUnableGetGroup()
diff --git a/pkg/server/impl/impl.go b/pkg/server/impl/impl.go
index f8e0046e..099e9e60 100644
--- a/pkg/server/impl/impl.go
+++ b/pkg/server/impl/impl.go
@@ -16,7 +16,7 @@ import (
 
 	"git.containerum.net/ch/auth/proto"
 	mttypes "git.containerum.net/ch/mail-templater/pkg/models"
-	cherry "git.containerum.net/ch/user-manager/pkg/umErrors"
+	cherry "git.containerum.net/ch/user-manager/pkg/umerrors"
 	"github.com/containerum/utils/httputil"
 	"github.com/lib/pq"
 	"github.com/sirupsen/logrus"
diff --git a/pkg/server/impl/login.go b/pkg/server/impl/login.go
index a1e986f8..78170101 100644
--- a/pkg/server/impl/login.go
+++ b/pkg/server/impl/login.go
@@ -11,7 +11,7 @@ import (
 	"git.containerum.net/ch/user-manager/pkg/clients"
 	"git.containerum.net/ch/user-manager/pkg/db"
 	"git.containerum.net/ch/user-manager/pkg/models"
-	cherry "git.containerum.net/ch/user-manager/pkg/umErrors"
+	cherry "git.containerum.net/ch/user-manager/pkg/umerrors"
 	"git.containerum.net/ch/user-manager/pkg/utils"
 	"github.com/containerum/utils/httputil"
 	"github.com/sirupsen/logrus"
diff --git a/pkg/server/impl/password.go b/pkg/server/impl/password.go
index e4a19523..91681876 100644
--- a/pkg/server/impl/password.go
+++ b/pkg/server/impl/password.go
@@ -11,7 +11,7 @@ import (
 	mttypes "git.containerum.net/ch/mail-templater/pkg/models"
 	"git.containerum.net/ch/user-manager/pkg/db"
 	"git.containerum.net/ch/user-manager/pkg/models"
-	cherry "git.containerum.net/ch/user-manager/pkg/umErrors"
+	cherry "git.containerum.net/ch/user-manager/pkg/umerrors"
 	"git.containerum.net/ch/user-manager/pkg/utils"
 	"github.com/containerum/utils/httputil"
 )
diff --git a/pkg/server/impl/user_changes.go b/pkg/server/impl/user_changes.go
index e20a2ee6..eee2a419 100644
--- a/pkg/server/impl/user_changes.go
+++ b/pkg/server/impl/user_changes.go
@@ -18,7 +18,7 @@ import (
 	"git.containerum.net/ch/user-manager/pkg/utils"
 	"github.com/containerum/utils/httputil"
 
-	cherry "git.containerum.net/ch/user-manager/pkg/umErrors"
+	cherry "git.containerum.net/ch/user-manager/pkg/umerrors"
 	"github.com/lib/pq"
 )
 
diff --git a/pkg/server/impl/user_info.go b/pkg/server/impl/user_info.go
index 515b304f..6f40fc83 100644
--- a/pkg/server/impl/user_info.go
+++ b/pkg/server/impl/user_info.go
@@ -10,7 +10,7 @@ import (
 	"git.containerum.net/ch/user-manager/pkg/db"
 	"git.containerum.net/ch/user-manager/pkg/models"
 	"git.containerum.net/ch/user-manager/pkg/server"
-	cherry "git.containerum.net/ch/user-manager/pkg/umErrors"
+	cherry "git.containerum.net/ch/user-manager/pkg/umerrors"
 	"github.com/containerum/utils/httputil"
 )
 
diff --git a/pkg/umerrors/Errors.toml b/pkg/umerrors/Errors.toml
index 9402d0e0..21e7dfcf 100644
--- a/pkg/umerrors/Errors.toml
+++ b/pkg/umerrors/Errors.toml
@@ -1,6 +1,6 @@
 # File for noice errors generation
 
-Name = "umErrors"
+Name = "umerrors"
 SID = "UserManager"
 
 # errors
@@ -326,4 +326,16 @@ SID = "UserManager"
     Name = "ErrDeleteLastAdmin"
     StatusHTTP = 403
     Message = "Unable to delete or deactivate last admin"
-    Kind = 52
\ No newline at end of file
+    Kind = 52
+
+[[error]]
+    Name = "ErrAddAdminGroup"
+    StatusHTTP = 400
+    Message = "Unable to add admin to group"
+    Kind = 53
+
+[[error]]
+    Name = "ErrUpdateGroup"
+    StatusHTTP = 500
+    Message = "Unable to update group"
+    Kind = 54
diff --git a/pkg/umerrors/umErrors.go b/pkg/umerrors/umerrors.go
similarity index 96%
rename from pkg/umerrors/umErrors.go
rename to pkg/umerrors/umerrors.go
index 061aaade..71ace9aa 100644
--- a/pkg/umerrors/umErrors.go
+++ b/pkg/umerrors/umerrors.go
@@ -3,9 +3,8 @@ package umerrors
 
 import (
 	bytes "bytes"
-	template "text/template"
-
 	cherry "github.com/containerum/cherry"
+	template "text/template"
 )
 
 const ()
@@ -651,6 +650,30 @@ func ErrDeleteLastAdmin(params ...func(*cherry.Err)) *cherry.Err {
 	}
 	return err
 }
+
+func ErrAddAdminGroup(params ...func(*cherry.Err)) *cherry.Err {
+	err := &cherry.Err{Message: "Unable to add admin to group", StatusHTTP: 400, ID: cherry.ErrID{SID: "UserManager", Kind: 0x35}, Details: []string(nil), Fields: cherry.Fields(nil)}
+	for _, param := range params {
+		param(err)
+	}
+	for i, detail := range err.Details {
+		det := renderTemplate(detail)
+		err.Details[i] = det
+	}
+	return err
+}
+
+func ErrUpdateGroup(params ...func(*cherry.Err)) *cherry.Err {
+	err := &cherry.Err{Message: "Unable to update group", StatusHTTP: 500, ID: cherry.ErrID{SID: "UserManager", Kind: 0x36}, Details: []string(nil), Fields: cherry.Fields(nil)}
+	for _, param := range params {
+		param(err)
+	}
+	for i, detail := range err.Details {
+		det := renderTemplate(detail)
+		err.Details[i] = det
+	}
+	return err
+}
 func renderTemplate(templText string) string {
 	buf := &bytes.Buffer{}
 	templ, err := template.New("").Parse(templText)

From 62409a82b16c72a3fa99247174bcd4f275b959d5 Mon Sep 17 00:00:00 2001
From: Ilia Donchenko <iliad@me.com>
Date: Mon, 13 Aug 2018 18:02:24 +0300
Subject: [PATCH 4/6] Fix error

---
 pkg/router/handlers/group.go | 2 +-
 pkg/server/utils.go          | 5 ++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/pkg/router/handlers/group.go b/pkg/router/handlers/group.go
index 4865b328..a8bcc2cb 100644
--- a/pkg/router/handlers/group.go
+++ b/pkg/router/handlers/group.go
@@ -214,7 +214,7 @@ func UpdateGroupMemberHandler(ctx *gin.Context) {
 		return
 	}
 
-	if user.Role=="admin" {
+	if user.Role == "admin" {
 		gonic.Gonic(umerrors.ErrAddAdminGroup(), ctx)
 		return
 	}
diff --git a/pkg/server/utils.go b/pkg/server/utils.go
index 1bbf266d..63ccdf12 100644
--- a/pkg/server/utils.go
+++ b/pkg/server/utils.go
@@ -2,7 +2,6 @@ package server
 
 import (
 	"git.containerum.net/ch/user-manager/pkg/db"
-	m "git.containerum.net/ch/user-manager/pkg/router/middleware"
 )
 
 // CreateFilterFunc is a helper function which creates a function needed to check if profile satisfies given filters
@@ -28,11 +27,11 @@ func CreateFilterFunc(filters ...string) func(p db.UserProfileAccounts) bool {
 			})
 		case "user":
 			filterFuncs = append(filterFuncs, func(p db.UserProfileAccounts) bool {
-				return p.User.Role == m.RoleUser
+				return p.User.Role == "user"
 			})
 		case "admin":
 			filterFuncs = append(filterFuncs, func(p db.UserProfileAccounts) bool {
-				return p.User.Role == m.RoleAdmin
+				return p.User.Role == "admin"
 			})
 		}
 

From b3c542e2d06e120a9c2eac354f2b3e4f54d68b38 Mon Sep 17 00:00:00 2001
From: Ilia Donchenko <iliad@me.com>
Date: Thu, 16 Aug 2018 12:32:24 +0300
Subject: [PATCH 5/6] Fix deactivate user

---
 pkg/clients/permissions.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/clients/permissions.go b/pkg/clients/permissions.go
index 77cbbf08..2d52c43a 100644
--- a/pkg/clients/permissions.go
+++ b/pkg/clients/permissions.go
@@ -64,7 +64,7 @@ func (c *httpPermissionsClient) GetUserAccess(ctx context.Context, user *db.User
 func (c *httpPermissionsClient) DeleteUserNamespaces(ctx context.Context, user *db.User) error {
 	c.log.WithField("user_id", user.ID).Info("Deleting user namespaces")
 	headersMap := utils.RequestHeadersMap(ctx)
-	headersMap[headers.UserIDXHeader] = user.ID
+	headersMap["X-User-Id"] = user.ID
 	headersMap[headers.UserRoleXHeader] = user.Role
 	resp, err := c.rest.R().SetContext(ctx).
 		SetResult(authProto.ResourcesAccess{}).

From 43b58d7e48348d5bc75414643dadc64728eea18f Mon Sep 17 00:00:00 2001
From: Ilia Donchenko <iliad@me.com>
Date: Fri, 17 Aug 2018 10:38:04 +0300
Subject: [PATCH 6/6] Allow admins deleting not own groups

---
 pkg/router/handlers/group.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/router/handlers/group.go b/pkg/router/handlers/group.go
index a8bcc2cb..92ca8eb3 100644
--- a/pkg/router/handlers/group.go
+++ b/pkg/router/handlers/group.go
@@ -381,7 +381,7 @@ func DeleteGroupHandler(ctx *gin.Context) {
 		return
 	}
 
-	if group.OwnerID != httputil.MustGetUserID(ctx.Request.Context()) {
+	if group.OwnerID != httputil.MustGetUserID(ctx.Request.Context()) && httputil.MustGetUserRole(ctx.Request.Context()) != m.RoleAdmin {
 		gonic.Gonic(umerrors.ErrNotGroupOwner(), ctx)
 		return
 	}