basicly implement acl crud ops with roles and resources

internal/acl/service.go

@@ -1,6 +1,7 @@
 package acl
 
 import (
+	"errors"
 	"fmt"
 
 	"gorm.io/gorm"
@@ -40,30 +41,14 @@ func (s *Service) Init() error {
 	return nil
 }
 
-// Admin crud functions
+// Admin crud functions //
 
-// CreateRole creates a new role with the given name
-func (s *Service) CreateRole(name string) error {
-	if !s.isInitialized() {
-		return fmt.Errorf("acl service is not initialized")
-	}
-	role := Role{Name: name}
-	return s.db.FirstOrCreate(&role, &Role{Name: name}).Error
-}
-
-// CreateResource creates a new resource with the given key
-func (s *Service) CreateResource(key string) error {
-	if !s.isInitialized() {
-		return fmt.Errorf("acl service is not initialized")
-	}
-	res := Resource{Key: key}
-	return s.db.FirstOrCreate(&res, &Resource{Key: key}).Error
-}
+// Resources
 
 // AssignResourceToRole assigns a resource to a role
 func (s *Service) AssignResourceToRole(roleID, resourceID uint) error {
 	if !s.isInitialized() {
-		return fmt.Errorf("acl service is not initialized")
+		return ErrNotInitialized
 	}
 	rr := RoleResource{
 		RoleID:     roleID,
@@ -75,19 +60,25 @@ func (s *Service) AssignResourceToRole(roleID, resourceID uint) error {
 // AssignRoleToUser assigns a role to a user
 func (s *Service) AssignRoleToUser(roleID, userID uint) error {
 	if !s.isInitialized() {
-		return fmt.Errorf("acl service is not initialized")
+		return ErrNotInitialized
 	}
 	ur := UserRole{
 		UserID: userID,
 		RoleID: roleID,
 	}
-	return s.db.FirstOrCreate(&ur, UserRole{UserID: userID, RoleID: roleID}).Error
+	if err := s.db.Create(&ur).Error; err != nil {
+		if errors.Is(err, gorm.ErrDuplicatedKey) {
+			return fmt.Errorf("role already assigned to user")
+		}
+		return err
+	}
+	return nil
 }
 
 // RemoveResourceFromRole removes a resource from a role
 func (s *Service) RemoveResourceFromRole(roleID, resourceID uint) error {
 	if !s.isInitialized() {
-		return fmt.Errorf("acl service is not initialized")
+		return ErrNotInitialized
 	}
 	return s.db.Where("role_id = ? AND resource_id = ?", roleID, resourceID).Delete(&RoleResource{}).Error
 }
@@ -95,35 +86,15 @@ func (s *Service) RemoveResourceFromRole(roleID, resourceID uint) error {
 // RemoveRoleFromUser removes a role from a user
 func (s *Service) RemoveRoleFromUser(roleID, userID uint) error {
 	if !s.isInitialized() {
-		return fmt.Errorf("acl service is not initialized")
+		return ErrNotInitialized
 	}
 	return s.db.Where("role_id = ? AND user_id = ?", roleID, userID).Delete(&UserRole{}).Error
 }
 
-// GetRoles returns all roles
-func (s *Service) GetRoles() ([]Role, error) {
-	if !s.isInitialized() {
-		return nil, fmt.Errorf("acl service is not initialized")
-	}
-	var roles []Role
-	err := s.db.Preload("Resources").Order("id").Find(&roles).Error
-	return roles, err
-}
-
-// GetPermissions returns all permissions
-func (s *Service) GetPermissions() ([]Resource, error) {
-	if !s.isInitialized() {
-		return nil, fmt.Errorf("acl service is not initialized")
-	}
-	var resources []Resource
-	err := s.db.Order("id").Find(&resources).Error
-	return resources, err
-}
-
 // GetRoleResources returns all resources for a given role
 func (s *Service) GetRoleResources(roleID uint) ([]Resource, error) {
 	if !s.isInitialized() {
-		return nil, fmt.Errorf("acl service is not initialized")
+		return nil, ErrNotInitialized
 	}
 	var resources []Resource
 	err := s.db.Joins("JOIN role_resources rr ON rr.resource_id = resources.id").
@@ -134,7 +105,7 @@ func (s *Service) GetRoleResources(roleID uint) ([]Resource, error) {
 // GetUserRoles returns all roles for a given user
 func (s *Service) GetUserRoles(userID uint) ([]Role, error) {
 	if !s.isInitialized() {
-		return nil, fmt.Errorf("acl service is not initialized")
+		return nil, ErrNotInitialized
 	}
 	var roles []Role
 	err := s.db.Joins("JOIN user_roles ur ON ur.role_id = roles.id").