alex/triggerssmith
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

basicly implement acl crud ops with roles and resources

Browse Source
This commit is contained in:
Alexey
2025-12-20 17:38:15 +02:00
parent c188b46519
commit 904f446447
18 changed files with 1607 additions and 324 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
api/acl_admin/common_models.go Normal file
View File

@@ -0,0 +1,11 @@
package api_acladmin
type errorInvalidRequestBody struct {
Error string `json:"error" example:"INVALID_REQUEST_BODY"`
Details string `json:"details" example:"Request body is not valid JSON"`
}
type errorInternalServerError struct {
Error string `json:"error"`
Details string `json:"details"`
}

28
api/acl_admin/errors.go Normal file
View File

@@ -0,0 +1,28 @@
package api_acladmin
const (
ErrorInvalidRequestBody = "INVALID_REQUEST_BODY"
ErrorInternalServerError = "INTERNAL_SERVER_ERROR"
// Roles
ErrorFailedToCreateRole = "FAILED_TO_CREATE_ROLE"
ErrorFailedToGetRole = "FAILED_TO_GET_ROLE"
ErrorFailedToUpdateRole = "FAILED_TO_UPDATE_ROLE"
ErrorFailedToDeleteRole = "FAILED_TO_DELETE_ROLE"
ErrorInvalidRoleID = "INVALID_ROLE_ID"
ErrorRoleNotFound = "ROLE_NOT_FOUND"
// Resources
ErrorFailedToCreateResource = "FAILED_TO_CREATE_RESOURCE"
ErrorFailedToGetResource = "FAILED_TO_GET_RESOURCE"
ErrorFailedToUpdateResource = "FAILED_TO_UPDATE_RESOURCE"
ErrorFailedToDeleteResource = "FAILED_TO_DELETE_RESOURCE"
ErrorInvalidResourceID = "INVALID_RESOURCE_ID"
ErrorResourceNotFound = "RESOURCE_NOT_FOUND"
)
const (
ErrorACLServiceNotInitialized = "ACL service is not initialized"
)

280
api/acl_admin/handle.go
View File

@@ -1,13 +1,11 @@
package api_acladmin
import (
"encoding/json"
"net/http"
"git.oblat.lv/alex/triggerssmith/internal/acl"
"git.oblat.lv/alex/triggerssmith/internal/auth"
"git.oblat.lv/alex/triggerssmith/internal/config"
"git.oblat.lv/alex/triggerssmith/internal/server"
//"git.oblat.lv/alex/triggerssmith/internal/server"
"github.com/go-chi/chi/v5"
)
@@ -32,91 +30,221 @@ func MustRoute(config *config.Config, aclService *acl.Service, authService *auth
a: aclService,
auth: authService,
}
// GET /roles — список ролей
// POST /roles — создать роль
// GET /roles/{roleId} — получить роль
// PATCH /roles/{roleId} — обновить роль (если нужно)
// DELETE /roles/{roleId} — удалить роль
// GET /resources — список ресурсов
// POST /resources — создать ресурс
// GET /resources/{resId} — получить ресурс
// PATCH /resources/{resId} — обновить ресурс
// DELETE /resources/{resId} — удалить ресурс
// GET /users/{userId}/roles — роли пользователя
// POST /users/{userId}/roles — назначить роль пользователю
// DELETE /users/{userId}/roles/{roleId} — снять роль
// GET /roles/{roleId}/resources — ресурсы роли
// POST /roles/{roleId}/resources — назначить ресурс роли
// DELETE /roles/{roleId}/resources/{resId} — убрать ресурс
return func(r chi.Router) {
r.Get("/roles", h.getRoles)
r.Post("/create-role", h.createRole)
r.Post("/assign-role", h.assignRoleToUser)
r.Get("/user-roles", h.getUserRoles)
r.Post("/remove-role", h.removeRoleFromUser)
// Roles
r.Get("/roles", h.getRoles) // list all roles
r.Post("/roles", h.createRole) // create a new role
r.Get("/roles/{roleId}", h.getRole) // get a role by ID
r.Patch("/roles/{roleId}", h.updateRole) // update a role by ID
r.Delete("/roles/{roleId}", h.deleteRole) // delete a role by ID
r.Get("/resources", h.getResources)
r.Post("/create-resource", h.createResource)
r.Post("/assign-resource", h.assignResourceToRole)
r.Get("/role-resources", h.getRoleResources)
r.Post("/remove-resource", h.removeResourceFromRole)
// // Resources
r.Get("/resources", h.getResources) // list all resources
r.Post("/resources", h.createResource) // create a new resource
r.Get("/resources/{resourceId}", h.getResource) // get a resource by ID
r.Patch("/resources/{resourceId}", h.updateResource) // update a resource by ID
r.Delete("/resources/{resourceId}", h.deleteResource) // delete a resource by ID
r.Get("/permissions", h.getResources) // legacy support
r.Post("/create-permissions", h.createResource) // legacy support
r.Post("/assign-permissions", h.assignResourceToRole) // legacy support
r.Get("/role-permissions", h.getRoleResources) // legacy support
r.Post("/remove-permissions", h.removeResourceFromRole) // legacy support
// Users
// r.Get("/users/{userId}/roles", h.getUserRoles) // get all roles for a user
// r.Post("/users/{userId}/roles", h.assignRoleToUser) // assign a role to a user
// r.Delete("/users/{userId}/roles/{roleId}", h.removeRoleFromUser) // remove a role from a user
// r.Get("/roles", h.getRoles)
// r.Post("/create-role", h.createRole)
// r.Post("/assign-role", h.assignRoleToUser)
// r.Get("/user-roles", h.getUserRoles)
// r.Post("/remove-role", h.removeRoleFromUser)
// r.Get("/resources", h.getResources)
// r.Post("/create-resource", h.createResource)
// r.Post("/assign-resource", h.assignResourceToRole)
// r.Get("/role-resources", h.getRoleResources)
// r.Post("/remove-resource", h.removeResourceFromRole)
// r.Get("/permissions", h.getResources) // legacy support
// r.Post("/create-permissions", h.createResource) // legacy support
// r.Post("/assign-permissions", h.assignResourceToRole) // legacy support
// r.Get("/role-permissions", h.getRoleResources) // legacy support
// r.Post("/remove-permissions", h.removeResourceFromRole) // legacy support
}
}
type rolesResponse []struct {
ID uint `json:"id"`
Name string `json:"name"`
}
// type assignRoleRequest struct {
// UserID int `json:"userId"`
// RoleID int `json:"roleId"`
// }
func (h *aclAdminHandler) getRoles(w http.ResponseWriter, r *http.Request) {
roles, err := h.a.GetRoles()
if err != nil {
http.Error(w, "Internal server error", http.StatusInternalServerError)
return
}
w.Header().Set("Content-Type", "application/json")
err = json.NewEncoder(w).Encode(func() rolesResponse {
// Transform acl.Role to rolesResponse
resp := make(rolesResponse, 0, len(roles))
for _, role := range roles {
resp = append(resp, struct {
ID uint `json:"id"`
Name string `json:"name"`
}{
ID: role.ID,
Name: role.Name,
})
}
return resp
}())
if err != nil {
http.Error(w, "Failed to encode response", http.StatusInternalServerError)
return
}
}
// func (h *aclAdminHandler) assignRoleToUser(w http.ResponseWriter, r *http.Request) {
// var req assignRoleRequest
// if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
// http.Error(w, "Invalid request body", http.StatusBadRequest)
// return
// }
// if req.UserID < 0 || req.RoleID < 0 {
// http.Error(w, "Invalid user or role ID", http.StatusBadRequest)
// return
// }
// if err := h.a.AssignRoleToUser(uint(req.RoleID), uint(req.UserID)); err != nil {
// http.Error(w, "Failed to assign role to user", http.StatusConflict)
// return
// }
// w.WriteHeader(http.StatusCreated)
// }
func (h *aclAdminHandler) createRole(w http.ResponseWriter, r *http.Request) {
server.NotImplemented(w)
}
// type getUserRolesResponse getRolesResponse
func (h *aclAdminHandler) assignRoleToUser(w http.ResponseWriter, r *http.Request) {
server.NotImplemented(w)
}
// func (h *aclAdminHandler) getUserRoles(w http.ResponseWriter, r *http.Request) {
// uidStr := r.URL.Query().Get("userId")
// if uidStr == "" {
// http.Error(w, "Missing userId parameter", http.StatusBadRequest)
// return
// }
// userID, err := strconv.Atoi(uidStr)
// if err != nil || userID < 0 {
// http.Error(w, "Invalid userId parameter", http.StatusBadRequest)
// return
// }
// roles, err := h.a.GetUserRoles(uint(userID))
// if err != nil {
// http.Error(w, "Internal server error", http.StatusInternalServerError)
// return
// }
// w.Header().Set("Content-Type", "application/json")
// err = json.NewEncoder(w).Encode(func() getUserRolesResponse {
// // Transform acl.Role to getUserRolesResponse
// resp := make(getUserRolesResponse, 0, len(roles))
// for _, role := range roles {
// resp = append(resp, struct {
// ID uint `json:"id"`
// Name string `json:"name"`
// }{
// ID: role.ID,
// Name: role.Name,
// })
// }
// return resp
// }())
// if err != nil {
// http.Error(w, "Failed to encode response", http.StatusInternalServerError)
// return
// }
// }
func (h *aclAdminHandler) getUserRoles(w http.ResponseWriter, r *http.Request) {
server.NotImplemented(w)
}
// type removeRoleRequest struct {
// UserID int `json:"userId"`
// RoleID int `json:"roleId"`
// }
func (h *aclAdminHandler) removeRoleFromUser(w http.ResponseWriter, r *http.Request) {
server.NotImplemented(w)
}
// func (h *aclAdminHandler) removeRoleFromUser(w http.ResponseWriter, r *http.Request) {
// var req removeRoleRequest
// if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
// http.Error(w, "Invalid request body", http.StatusBadRequest)
// return
// }
// if req.UserID < 0 || req.RoleID < 0 {
// http.Error(w, "Invalid user or role ID", http.StatusBadRequest)
// return
// }
// if err := h.a.RemoveRoleFromUser(uint(req.RoleID), uint(req.UserID)); err != nil {
// http.Error(w, "Failed to remove role from user", http.StatusConflict)
// return
// }
// w.WriteHeader(http.StatusNoContent)
// }
func (h *aclAdminHandler) getResources(w http.ResponseWriter, r *http.Request) {
server.NotImplemented(w)
}
// type getResourcesResponse getRolesResponse
func (h *aclAdminHandler) createResource(w http.ResponseWriter, r *http.Request) {
server.NotImplemented(w)
}
// func (h *aclAdminHandler) getResources(w http.ResponseWriter, r *http.Request) {
// resources, err := h.a.GetResources()
// if err != nil {
// http.Error(w, "Internal server error", http.StatusInternalServerError)
// return
// }
// w.Header().Set("Content-Type", "application/json")
// err = json.NewEncoder(w).Encode(func() getResourcesResponse {
// // Transform acl.Resource to getResourcesResponse
// resp := make(getResourcesResponse, 0, len(resources))
// for _, res := range resources {
// resp = append(resp, struct {
// ID uint `json:"id"`
// Name string `json:"name"`
// }{
// ID: res.ID,
// Name: res.Key,
// })
// }
// return resp
// }())
// if err != nil {
// http.Error(w, "Failed to encode response", http.StatusInternalServerError)
// return
// }
// }
func (h *aclAdminHandler) assignResourceToRole(w http.ResponseWriter, r *http.Request) {
server.NotImplemented(w)
}
// type createResourceRequest struct {
// Name string `json:"name"`
// }
func (h *aclAdminHandler) getRoleResources(w http.ResponseWriter, r *http.Request) {
server.NotImplemented(w)
}
// type createResourceResponse struct {
// ID uint `json:"id"`
// Name string `json:"name"`
// }
func (h *aclAdminHandler) removeResourceFromRole(w http.ResponseWriter, r *http.Request) {
server.NotImplemented(w)
}
// func (h *aclAdminHandler) createResource(w http.ResponseWriter, r *http.Request) {
// var req createResourceRequest
// if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
// http.Error(w, "Invalid request body", http.StatusBadRequest)
// return
// }
// if req.Name == "" {
// http.Error(w, "Name is required", http.StatusBadRequest)
// return
// }
// id, err := h.a.CreateResource(req.Name)
// if err != nil {
// http.Error(w, "Failed to create resource", http.StatusConflict)
// return
// }
// w.WriteHeader(http.StatusCreated)
// w.Header().Set("Content-Type", "application/json")
// err = json.NewEncoder(w).Encode(createResourceResponse{
// ID: id,
// Name: req.Name,
// })
// if err != nil {
// http.Error(w, "Failed to encode response", http.StatusInternalServerError)
// return
// }
// }
// func (h *aclAdminHandler) assignResourceToRole(w http.ResponseWriter, r *http.Request) {
// server.NotImplemented(w)
// }
// func (h *aclAdminHandler) getRoleResources(w http.ResponseWriter, r *http.Request) {
// server.NotImplemented(w)
// }
// func (h *aclAdminHandler) removeResourceFromRole(w http.ResponseWriter, r *http.Request) {
// server.NotImplemented(w)
// }

321
api/acl_admin/resources.go Normal file
View File

@@ -0,0 +1,321 @@
package api_acladmin
import (
"encoding/json"
"log/slog"
"net/http"
"strconv"
"git.oblat.lv/alex/triggerssmith/internal/acl"
"github.com/go-chi/chi/v5"
)
// @Summary Get all resources
// @Tags resources
// @Produce json
// @Success 200 {object} getResourcesResponse
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/resources [get]
func (h *aclAdminHandler) getResources(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
resources, err := h.a.GetResources()
if err != nil {
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to get resources",
})
return
}
}
_ = json.NewEncoder(w).Encode(func() getResourcesResponse {
resp := make(getResourcesResponse, 0, len(resources))
for _, res := range resources {
resp = append(resp, struct {
ID uint `json:"id" example:"1"`
Key string `json:"key" example:"html.view"`
}{
ID: res.ID,
Key: res.Key,
})
}
return resp
}())
}
// @Summary Get resource by ID
// @Tags resources
// @Produce json
// @Param resourceId path int true "Resource ID" example(1)
// @Success 200 {object} getResourceResponse
// @Failure 400 {object} getResourceErrorInvalidResourceID
// @Failure 404 {object} getResourceErrorResourceNotFound
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/resources/{resourceId} [get]
func (h *aclAdminHandler) getResource(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
resourceIDStr := chi.URLParam(r, "resourceId")
resourceID, err := strconv.Atoi(resourceIDStr)
if err != nil || resourceID < 0 {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(getResourceErrorInvalidResourceID{
Error: ErrorInvalidResourceID,
Details: "Resource ID must be positive integer",
})
return
}
resource, err := h.a.GetResourceByID(uint(resourceID))
if err != nil {
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
case acl.ErrResourceNotFound:
w.WriteHeader(http.StatusNotFound)
_ = json.NewEncoder(w).Encode(getResourceErrorResourceNotFound{
Error: ErrorResourceNotFound,
Details: "No resource with ID " + resourceIDStr,
})
return
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to get resource with ID " + resourceIDStr,
})
return
}
}
_ = json.NewEncoder(w).Encode(getResourceResponse{
ID: resource.ID,
Key: resource.Key,
})
}
// @Summary Create resource
// @Tags resources
// @Accept json
// @Produce json
// @Param request body createResourceRequest true "Resource"
// @Success 201 {object} createResourceResponse
// @Failure 400 {object} errorInvalidRequestBody
// @Failure 400 {object} createResourceErrorInvalidResourceKey
// @Failure 409 {object} createResourceErrorResourceAlreadyExists
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/resources [post]
func (h *aclAdminHandler) createResource(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var req createResourceRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(errorInvalidRequestBody{
Error: ErrorInvalidRequestBody,
Details: "Request body is not valid JSON",
})
return
}
resourceID, err := h.a.CreateResource(req.Key)
if err != nil {
slog.Error("Failed to create resource", "error", err.Error())
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
case acl.ErrInvalidResourceKey:
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(createResourceErrorInvalidResourceKey{
Error: ErrorFailedToCreateResource,
Details: "Resource key must be non-empty",
})
return
case acl.ErrResourceAlreadyExists:
w.WriteHeader(http.StatusConflict)
_ = json.NewEncoder(w).Encode(createResourceErrorResourceAlreadyExists{
Error: ErrorFailedToCreateResource,
Details: "Resource with key '" + req.Key + "' already exists",
})
return
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to create resource with key '" + req.Key + "'",
})
return
}
}
w.WriteHeader(http.StatusCreated)
_ = json.NewEncoder(w).Encode(createResourceResponse{
ID: resourceID,
Key: req.Key,
})
}
// @Summary Update resource
// @Tags resources
// @Accept json
// @Produce json
// @Param resourceId path int true "Resource ID" example(1)
// @Param request body updateResourceRequest true "Resource"
// @Success 200 {object} updateResourceResponse
// @Failure 400 {object} errorInvalidRequestBody
// @Failure 400 {object} updateResourceErrorInvalidResourceID
// @Failure 400 {object} updateResourceErrorInvalidResourceKey
// @Failure 404 {object} updateResourceErrorResourceNotFound
// @Failure 409 {object} updateResourceErrorResourceKeyAlreadyExists
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/resources/{resourceId} [patch]
func (h *aclAdminHandler) updateResource(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var req updateResourceRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(errorInvalidRequestBody{
Error: ErrorInvalidRequestBody,
Details: "Request body is not valid JSON",
})
return
}
resourceIDStr := chi.URLParam(r, "resourceId")
resourceID, err := strconv.Atoi(resourceIDStr)
if err != nil || resourceID < 0 {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(updateResourceErrorInvalidResourceID{
Error: ErrorInvalidResourceID,
Details: "Resource ID must be positive integer",
})
return
}
err = h.a.UpdateResource(uint(resourceID), req.Key)
if err != nil {
slog.Error("Failed to update resource", "error", err.Error())
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
case acl.ErrInvalidResourceKey:
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(updateResourceErrorInvalidResourceKey{
Error: ErrorFailedToUpdateResource,
Details: "Invalid resource key",
})
return
case acl.ErrResourceNotFound:
w.WriteHeader(http.StatusNotFound)
_ = json.NewEncoder(w).Encode(updateResourceErrorResourceNotFound{
Error: ErrorFailedToUpdateResource,
Details: "No resource with ID " + resourceIDStr,
})
return
case acl.ErrSameResourceKey:
w.WriteHeader(http.StatusConflict)
_ = json.NewEncoder(w).Encode(updateResourceErrorResourceKeyAlreadyExists{
Error: ErrorFailedToUpdateResource,
Details: "Resource with key '" + req.Key + "' already exists",
})
return
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to update resource with key '" + req.Key + "'",
})
return
}
}
w.WriteHeader(http.StatusOK)
_ = json.NewEncoder(w).Encode(updateResourceResponse{
ID: uint(resourceID),
Key: req.Key,
})
}
// @Summary Delete resource
// @Tags resources
// @Produce json
// @Param resourceId path int true "Resource ID" example(1)
// @Success 200
// @Failure 400 {object} deleteResourceErrorInvalidResourceID
// @Failure 404 {object} deleteResourceErrorResourceNotFound
// @Failure 409 {object} deleteResourceErrorResourceInUse
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/resources/{resourceId} [delete]
func (h *aclAdminHandler) deleteResource(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
resourceIDStr := chi.URLParam(r, "resourceId")
resourceID, err := strconv.Atoi(resourceIDStr)
if err != nil || resourceID < 0 {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(deleteResourceErrorInvalidResourceID{
Error: ErrorInvalidResourceID,
Details: "Resource ID must be positive integer",
})
return
}
err = h.a.DeleteResource(uint(resourceID))
if err != nil {
slog.Error("Failed to delete resource", "error", err.Error())
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
case acl.ErrResourceNotFound:
w.WriteHeader(http.StatusNotFound)
_ = json.NewEncoder(w).Encode(deleteResourceErrorResourceNotFound{
Error: ErrorFailedToDeleteResource,
Details: "No resource with ID " + resourceIDStr,
})
return
case acl.ErrResourceInUse:
w.WriteHeader(http.StatusConflict)
_ = json.NewEncoder(w).Encode(deleteResourceErrorResourceInUse{
Error: ErrorFailedToDeleteResource,
Details: "Resource with ID " + resourceIDStr + " is used and cannot be deleted",
})
return
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to delete resource with ID '" + resourceIDStr + "'",
})
return
}
}
w.WriteHeader(http.StatusOK)
}

94
api/acl_admin/resources_models.go Normal file
View File

@@ -0,0 +1,94 @@
package api_acladmin
/*******************************************************************/
// used in getResources()
type getResourcesResponse []struct {
ID uint `json:"id" example:"1"`
Key string `json:"key" example:"html.view"`
}
/*******************************************************************/
// used in getResource()
type getResourceResponse struct {
ID uint `json:"id" example:"1"`
Key string `json:"key" example:"html.view"`
}
type getResourceErrorInvalidResourceID struct {
Error string `json:"error" example:"INVALID_RESOURCE_ID"`
Details string `json:"details" example:"Resource ID must be positive integer"`
}
type getResourceErrorResourceNotFound struct {
Error string `json:"error" example:"RESOURCE_NOT_FOUND"`
Details string `json:"details" example:"No resource with ID 123"`
}
/*******************************************************************/
// used in createResource()
type createResourceRequest struct {
Key string `json:"key" example:"html.view"`
}
type createResourceResponse struct {
ID uint `json:"id" example:"1"`
Key string `json:"key" example:"html.view"`
}
type createResourceErrorResourceAlreadyExists struct {
Error string `json:"error" example:"FAILED_TO_CREATE_RESOURCE"`
Details string `json:"details" example:"Resource with key 'html.view' already exists"`
}
type createResourceErrorInvalidResourceKey struct {
Error string `json:"error" example:"FAILED_TO_CREATE_RESOURCE"`
Details string `json:"details" example:"Invalid resource key"`
}
/*******************************************************************/
// used in updateResource()
type updateResourceRequest struct {
Key string `json:"key" example:"html.view"`
}
type updateResourceResponse struct {
ID uint `json:"id" example:"1"`
Key string `json:"key" example:"html.view"`
}
type updateResourceErrorResourceNotFound struct {
Error string `json:"error" example:"RESOURCE_NOT_FOUND"`
Details string `json:"details" example:"No resource with ID 123"`
}
type updateResourceErrorInvalidResourceID struct {
Error string `json:"error" example:"INVALID_RESOURCE_ID"`
Details string `json:"details" example:"Resource ID must be positive integer"`
}
type updateResourceErrorInvalidResourceKey struct {
Error string `json:"error" example:"FAILED_TO_UPDATE_RESOURCE"`
Details string `json:"details" example:"Invalid resource key"`
}
type updateResourceErrorResourceKeyAlreadyExists struct {
Error string `json:"error" example:"FAILED_TO_UPDATE_RESOURCE"`
Details string `json:"details" example:"Resource with key 'html.view' already exists"`
}
/*******************************************************************/
// used in deleteResource()
type deleteResourceErrorResourceNotFound struct {
Error string `json:"error" example:"RESOURCE_NOT_FOUND"`
Details string `json:"details" example:"No resource with ID 123"`
}
type deleteResourceErrorInvalidResourceID struct {
Error string `json:"error" example:"INVALID_RESOURCE_ID"`
Details string `json:"details" example:"Resource ID must be positive integer"`
}
type deleteResourceErrorResourceInUse struct {
Error string `json:"error" example:"FAILED_TO_DELETE_RESOURCE"`
Details string `json:"details" example:"Resource with ID 123 is used and cannot be deleted"`
}

314
api/acl_admin/roles.go Normal file
View File

@@ -0,0 +1,314 @@
package api_acladmin
import (
"encoding/json"
"log/slog"
"net/http"
"strconv"
"git.oblat.lv/alex/triggerssmith/internal/acl"
"github.com/go-chi/chi/v5"
)
// @Summary Get all roles
// @Tags roles
// @Produce json
// @Success 200 {object} getRolesResponse
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/roles [get]
func (h *aclAdminHandler) getRoles(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
roles, err := h.a.GetRoles()
if err != nil {
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to get roles",
})
return
}
}
_ = json.NewEncoder(w).Encode(func() getRolesResponse {
// Transform acl.Role to getRolesResponse
resp := make(getRolesResponse, 0, len(roles))
for _, role := range roles {
resp = append(resp, struct {
ID uint `json:"id" example:"1"`
Name string `json:"name" example:"admin"`
}{
ID: role.ID,
Name: role.Name,
})
}
return resp
}())
}
// @Summary Get role by ID
// @Tags roles
// @Produce json
// @Param roleId path int true "Role ID" example(1)
// @Success 200 {object} getRoleResponse
// @Failure 400 {object} getRoleErrorInvalidRoleID
// @Failure 404 {object} getRoleErrorRoleNotFound
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/roles/{roleId} [get]
func (h *aclAdminHandler) getRole(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
roleIDStr := chi.URLParam(r, "roleId")
roleID, err := strconv.Atoi(roleIDStr)
if err != nil || roleID < 0 {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(getRoleErrorInvalidRoleID{
Error: ErrorInvalidRoleID,
Details: "Role ID must be positive integer",
})
return
}
role, err := h.a.GetRoleByID(uint(roleID))
if err != nil {
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
case acl.ErrRoleNotFound:
w.WriteHeader(http.StatusNotFound)
_ = json.NewEncoder(w).Encode(getRoleErrorRoleNotFound{
Error: ErrorRoleNotFound,
Details: "No role with ID " + roleIDStr,
})
return
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to get role with ID " + roleIDStr,
})
return
}
}
_ = json.NewEncoder(w).Encode(getRoleResponse{
ID: role.ID,
Name: role.Name,
})
}
// @Summary Create role
// @Tags roles
// @Accept json
// @Produce json
// @Param request body createRoleRequest true "Role"
// @Success 201 {object} createRoleResponse
// @Failure 400 {object} errorInvalidRequestBody
// @Failure 401 {object} createRoleErrorInvalidRoleName
// @Failure 409 {object} createRoleErrorRoleAlreadyExists
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/roles [post]
func (h *aclAdminHandler) createRole(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var req createRoleRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(errorInvalidRequestBody{
Error: ErrorInvalidRequestBody,
Details: "Request body is not valid JSON",
})
return
}
roleID, err := h.a.CreateRole(req.Name)
if err != nil {
slog.Error("Failed to create role", "error", err.Error())
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
case acl.ErrRoleAlreadyExists:
w.WriteHeader(http.StatusConflict)
_ = json.NewEncoder(w).Encode(createRoleErrorRoleAlreadyExists{
Error: ErrorFailedToCreateRole,
Details: "Role with name '" + req.Name + "' already exists",
})
return
case acl.ErrInvalidRoleName:
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(createRoleErrorInvalidRoleName{
Error: ErrorFailedToCreateRole,
Details: "Role name must be non-empty string",
})
return
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to create role with name '" + req.Name + "'",
})
return
}
}
w.WriteHeader(http.StatusCreated)
_ = json.NewEncoder(w).Encode(createRoleResponse{
ID: roleID,
Name: req.Name,
})
}
// @Summary Update role
// @Tags roles
// @Accept json
// @Produce json
// @Param roleId path int true "Role ID" example(1)
// @Param request body updateRoleRequest true "Role"
// @Success 200 {object} updateRoleResponse
// @Failure 400 {object} errorInvalidRequestBody
// @Failure 400 {object} updateRoleErrorInvalidRoleID
// @Failure 400 {object} updateRoleErrorInvalidRoleName
// @Failure 404 {object} updateRoleErrorRoleNotFound
// @Failure 409 {object} updateRoleErrorRoleNameAlreadyExists
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/roles/{roleId} [patch]
func (h *aclAdminHandler) updateRole(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var req updateRoleRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(errorInvalidRequestBody{
Error: ErrorInvalidRequestBody,
Details: "Request body is not valid JSON",
})
return
}
roleIDStr := chi.URLParam(r, "roleId")
roleID, err := strconv.Atoi(roleIDStr)
if err != nil || roleID < 0 {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(updateRoleErrorInvalidRoleID{
Error: ErrorInvalidRoleID,
Details: "Role ID must be positive integer",
})
return
}
err = h.a.UpdateRole(uint(roleID), req.Name)
// TODO: make error handling more specific in acl service
if err != nil {
slog.Error("Failed to update role", "error", err.Error())
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
case acl.ErrInvalidRoleName:
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(updateRoleErrorInvalidRoleName{
Error: ErrorFailedToUpdateRole,
Details: "Invalid role name",
})
return
case acl.ErrRoleNotFound:
w.WriteHeader(http.StatusNotFound)
_ = json.NewEncoder(w).Encode(updateRoleErrorRoleNotFound{
Error: ErrorFailedToUpdateRole,
Details: "No role with ID " + roleIDStr,
})
return
case acl.ErrSameRoleName:
w.WriteHeader(http.StatusConflict)
_ = json.NewEncoder(w).Encode(updateRoleErrorRoleNameAlreadyExists{
Error: ErrorFailedToUpdateRole,
Details: "Role with name '" + req.Name + "' already exists",
})
return
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to update role with name '" + req.Name + "'",
})
return
}
}
w.WriteHeader(http.StatusOK)
_ = json.NewEncoder(w).Encode(updateRoleResponse{
ID: uint(roleID),
Name: req.Name,
})
}
// @Summary Delete role
// @Tags roles
// @Produce json
// @Param roleId path int true "Role ID" example(1)
// @Success 200
// @Failure 400 {object} deleteRoleErrorInvalidRoleID
// @Failure 404 {object} deleteRoleErrorRoleNotFound
// @Failure 409 {object} deleteRoleErrorRoleInUse
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/roles/{roleId} [delete]
func (h *aclAdminHandler) deleteRole(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
roleIDStr := chi.URLParam(r, "roleId")
roleID, err := strconv.Atoi(roleIDStr)
if err != nil || roleID < 0 {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(deleteRoleErrorInvalidRoleID{
Error: ErrorInvalidRoleID,
Details: "Role ID must be positive integer",
})
return
}
err = h.a.DeleteRole(uint(roleID))
// TODO: make error handling more specific in acl service
if err != nil {
slog.Error("Failed to delete role", "error", err.Error())
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
case acl.ErrRoleNotFound:
w.WriteHeader(http.StatusNotFound)
_ = json.NewEncoder(w).Encode(deleteRoleErrorRoleNotFound{
Error: ErrorFailedToDeleteRole,
Details: "No role with ID " + roleIDStr,
})
return
case acl.ErrRoleInUse:
w.WriteHeader(http.StatusConflict)
_ = json.NewEncoder(w).Encode(deleteRoleErrorRoleInUse{
Error: ErrorFailedToDeleteRole,
Details: "Role with ID " + roleIDStr + " is assigned to users and cannot be deleted",
})
return
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to delete role with ID '" + roleIDStr + "'",
})
return
}
}
w.WriteHeader(http.StatusOK)
}

94
api/acl_admin/roles_models.go Normal file
View File

@@ -0,0 +1,94 @@
package api_acladmin
/*******************************************************************/
// used in getRoles()
type getRolesResponse []struct {
ID uint `json:"id" example:"1"`
Name string `json:"name" example:"admin"`
}
/*******************************************************************/
// used in getRole()
type getRoleResponse struct {
ID uint `json:"id" example:"1"`
Name string `json:"name" example:"admin"`
}
type getRoleErrorInvalidRoleID struct {
Error string `json:"error" example:"INVALID_ROLE_ID"`
Details string `json:"details" example:"Role ID must be positive integer"`
}
type getRoleErrorRoleNotFound struct {
Error string `json:"error" example:"ROLE_NOT_FOUND"`
Details string `json:"details" example:"No role with ID 123"`
}
/*******************************************************************/
// used in createRole()
type createRoleRequest struct {
Name string `json:"name" example:"admin"`
}
type createRoleResponse struct {
ID uint `json:"id" example:"1"`
Name string `json:"name" example:"admin"`
}
type createRoleErrorRoleAlreadyExists struct {
Error string `json:"error" example:"FAILED_TO_CREATE_ROLE"`
Details string `json:"details" example:"Role with name 'admin' already exists"`
}
type createRoleErrorInvalidRoleName struct {
Error string `json:"error" example:"FAILED_TO_CREATE_ROLE"`
Details string `json:"details" example:"Invalid role name"`
}
/*******************************************************************/
// used in updateRole()
type updateRoleRequest struct {
Name string `json:"name" example:"admin"`
}
type updateRoleResponse struct {
ID uint `json:"id" example:"1"`
Name string `json:"name" example:"admin"`
}
type updateRoleErrorRoleNotFound struct {
Error string `json:"error" example:"ROLE_NOT_FOUND"`
Details string `json:"details" example:"No role with ID 123"`
}
type updateRoleErrorInvalidRoleID struct {
Error string `json:"error" example:"INVALID_ROLE_ID"`
Details string `json:"details" example:"Role ID must be positive integer"`
}
type updateRoleErrorInvalidRoleName struct {
Error string `json:"error" example:"FAILED_TO_UPDATE_ROLE"`
Details string `json:"details" example:"Invalid role name"`
}
type updateRoleErrorRoleNameAlreadyExists struct {
Error string `json:"error" example:"FAILED_TO_UPDATE_ROLE"`
Details string `json:"details" example:"Role with name 'admin' already exists"`
}
/*******************************************************************/
// used in deleteRole()
type deleteRoleErrorRoleNotFound struct {
Error string `json:"error" example:"ROLE_NOT_FOUND"`
Details string `json:"details" example:"No role with ID 123"`
}
type deleteRoleErrorInvalidRoleID struct {
Error string `json:"error" example:"INVALID_ROLE_ID"`
Details string `json:"details" example:"Role ID must be positive integer"`
}
type deleteRoleErrorRoleInUse struct {
Error string `json:"error" example:"FAILED_TO_DELETE_ROLE"`
Details string `json:"details" example:"Role with ID 123 is assigned to users and cannot be deleted"`
}