fully implement acl backend and interface
This commit is contained in:
@@ -7,15 +7,21 @@ import "fmt"
|
||||
var (
|
||||
ErrNotInitialized = fmt.Errorf("acl service is not initialized")
|
||||
|
||||
ErrRoleNotFound = fmt.Errorf("role not found")
|
||||
ErrRoleAlreadyExists = fmt.Errorf("role already exists")
|
||||
ErrInvalidRoleName = fmt.Errorf("role name is invalid")
|
||||
ErrSameRoleName = fmt.Errorf("role name is the same as another role")
|
||||
ErrRoleInUse = fmt.Errorf("role is in use")
|
||||
ErrRoleNotFound = fmt.Errorf("role not found")
|
||||
ErrRoleAlreadyExists = fmt.Errorf("role already exists")
|
||||
ErrInvalidRoleName = fmt.Errorf("role name is invalid")
|
||||
ErrSameRoleName = fmt.Errorf("role name is the same as another role")
|
||||
ErrRoleInUse = fmt.Errorf("role is in use")
|
||||
ErrRoleAlreadyAssigned = fmt.Errorf("role is already assigned to user")
|
||||
|
||||
ErrResourceNotFound = fmt.Errorf("resource not found")
|
||||
ErrResourceAlreadyExists = fmt.Errorf("resource already exists")
|
||||
ErrInvalidResourceKey = fmt.Errorf("invalid resource key")
|
||||
ErrResourceInUse = fmt.Errorf("resource is in use")
|
||||
ErrSameResourceKey = fmt.Errorf("resource key is the same as another resource")
|
||||
ErrResourceNotFound = fmt.Errorf("resource not found")
|
||||
ErrResourceAlreadyExists = fmt.Errorf("resource already exists")
|
||||
ErrInvalidResourceKey = fmt.Errorf("invalid resource key")
|
||||
ErrResourceInUse = fmt.Errorf("resource is in use")
|
||||
ErrSameResourceKey = fmt.Errorf("resource key is the same as another resource")
|
||||
ErrResourceAlreadyAssigned = fmt.Errorf("resource is already assigned to role")
|
||||
ErrRoleResourceNotFound = fmt.Errorf("assigned resource to role is not found")
|
||||
|
||||
ErrUserNotFound = fmt.Errorf("user not found")
|
||||
ErrUserRoleNotFound = fmt.Errorf("user role not found")
|
||||
)
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"gorm.io/gorm"
|
||||
"gorm.io/gorm/clause"
|
||||
)
|
||||
|
||||
// GetResources returns all resources.
|
||||
@@ -138,3 +139,82 @@ func (s *Service) DeleteResource(resourceID uint) error {
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// AssignResourceToRole assigns a resource to a role
|
||||
// May return [ErrNotInitialized], [ErrRoleNotFound], [ErrResourceNotFound], [ErrAlreadyAssigned] or db error.
|
||||
func (s *Service) AssignResourceToRole(roleID, resourceID uint) error {
|
||||
if !s.isInitialized() {
|
||||
return ErrNotInitialized
|
||||
}
|
||||
|
||||
// check role exists
|
||||
var r Role
|
||||
if err := s.db.First(&r, roleID).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return ErrRoleNotFound
|
||||
}
|
||||
return fmt.Errorf("failed to fetch role: %w", err)
|
||||
}
|
||||
|
||||
// check resource exists
|
||||
var res Resource
|
||||
if err := s.db.First(&res, resourceID).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return ErrResourceNotFound
|
||||
}
|
||||
return fmt.Errorf("failed to fetch resource: %w", err)
|
||||
}
|
||||
|
||||
rr := RoleResource{
|
||||
RoleID: roleID,
|
||||
ResourceID: resourceID,
|
||||
}
|
||||
|
||||
tx := s.db.Clauses(clause.OnConflict{DoNothing: true}).Create(&rr)
|
||||
if tx.Error != nil {
|
||||
return fmt.Errorf("failed to assign resource to role: %w", tx.Error)
|
||||
}
|
||||
|
||||
// if nothing inserted — already assigned
|
||||
if tx.RowsAffected == 0 {
|
||||
return ErrResourceAlreadyAssigned
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// RemoveResourceFromRole removes a resource from a role
|
||||
// May return [ErrNotInitialized], [ErrRoleNotFound], [ErrResourceNotFound], [ErrRoleResourceNotFound] or db error.
|
||||
func (s *Service) RemoveResourceFromRole(roleID, resourceID uint) error {
|
||||
if !s.isInitialized() {
|
||||
return ErrNotInitialized
|
||||
}
|
||||
// check role exists
|
||||
var r Role
|
||||
if err := s.db.First(&r, roleID).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return ErrRoleNotFound
|
||||
}
|
||||
return fmt.Errorf("failed to fetch role: %w", err)
|
||||
}
|
||||
|
||||
// check resource exists
|
||||
var res Resource
|
||||
if err := s.db.First(&res, resourceID).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return ErrResourceNotFound
|
||||
}
|
||||
return fmt.Errorf("failed to fetch resource: %w", err)
|
||||
}
|
||||
|
||||
tx := s.db.Where("role_id = ? AND resource_id = ?", roleID, resourceID).Delete(&RoleResource{})
|
||||
if tx.Error != nil {
|
||||
return fmt.Errorf("failed to remove resource from role: %w", tx.Error)
|
||||
}
|
||||
|
||||
if tx.RowsAffected == 0 {
|
||||
return ErrRoleResourceNotFound
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -5,7 +5,9 @@ import (
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"git.oblat.lv/alex/triggerssmith/internal/user"
|
||||
"gorm.io/gorm"
|
||||
"gorm.io/gorm/clause"
|
||||
)
|
||||
|
||||
// GetRoles returns all roles.
|
||||
@@ -134,3 +136,105 @@ func (s *Service) DeleteRole(roleID uint) error {
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetUserRoles returns all roles for a given user.
|
||||
// May return [ErrNotInitialized], [ErrUserNotFound], [ErrRoleNotFound] or db error.
|
||||
func (s *Service) GetUserRoles(userID uint) ([]Role, error) {
|
||||
if !s.isInitialized() {
|
||||
return nil, ErrNotInitialized
|
||||
}
|
||||
var user user.User
|
||||
if err := s.db.First(&user, userID).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return nil, ErrUserNotFound
|
||||
}
|
||||
return nil, fmt.Errorf("failed to fetch user: %w", err)
|
||||
}
|
||||
|
||||
var roles []Role
|
||||
err := s.db.
|
||||
Joins("JOIN user_roles ur ON ur.role_id = roles.id").
|
||||
Where("ur.user_id = ?", userID).
|
||||
Find(&roles).Error
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to get user roles: %w", err)
|
||||
}
|
||||
|
||||
if len(roles) == 0 {
|
||||
return nil, ErrRoleNotFound
|
||||
}
|
||||
return roles, nil
|
||||
}
|
||||
|
||||
// AssignRoleToUser assigns a role to a user.
|
||||
// May return [ErrNotInitialized], [ErrUserNotFound], [ErrRoleNotFound], [ErrRoleAlreadyAssigned] or db error.
|
||||
func (s *Service) AssignRoleToUser(roleID, userID uint) error {
|
||||
if !s.isInitialized() {
|
||||
return ErrNotInitialized
|
||||
}
|
||||
var user user.User
|
||||
if err := s.db.First(&user, userID).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return ErrUserNotFound
|
||||
}
|
||||
return fmt.Errorf("failed to fetch user: %w", err)
|
||||
}
|
||||
|
||||
var r Role
|
||||
if err := s.db.First(&r, roleID).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return ErrRoleNotFound
|
||||
}
|
||||
return fmt.Errorf("failed to fetch role: %w", err)
|
||||
}
|
||||
|
||||
ur := UserRole{
|
||||
UserID: userID,
|
||||
RoleID: roleID,
|
||||
}
|
||||
|
||||
tx := s.db.Clauses(clause.OnConflict{DoNothing: true}).Create(&ur)
|
||||
if tx.Error != nil {
|
||||
return fmt.Errorf("failed to assign resource to role: %w", tx.Error)
|
||||
}
|
||||
if tx.RowsAffected == 0 {
|
||||
return ErrRoleAlreadyAssigned
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// RemoveRoleFromUser removes a role from a user.
|
||||
// May return [ErrNotInitialized], [ErrUserNotFound], [ErrRoleNotFound], [ErrUserRoleNotFound] or db error.
|
||||
func (s *Service) RemoveRoleFromUser(roleID, userID uint) error {
|
||||
if !s.isInitialized() {
|
||||
return ErrNotInitialized
|
||||
}
|
||||
|
||||
var user user.User
|
||||
if err := s.db.First(&user, userID).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return ErrUserNotFound
|
||||
}
|
||||
return fmt.Errorf("failed to fetch user: %w", err)
|
||||
}
|
||||
|
||||
var r Role
|
||||
if err := s.db.First(&r, roleID).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return ErrRoleNotFound
|
||||
}
|
||||
return fmt.Errorf("failed to fetch role: %w", err)
|
||||
}
|
||||
|
||||
tx := s.db.Where("role_id = ? AND user_id = ?", roleID, userID).Delete(&UserRole{})
|
||||
if tx.Error != nil {
|
||||
return fmt.Errorf("failed to remove role from user: %w", tx.Error)
|
||||
}
|
||||
|
||||
if tx.RowsAffected == 0 {
|
||||
return ErrUserRoleNotFound
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
package acl
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"gorm.io/gorm"
|
||||
@@ -40,75 +39,3 @@ func (s *Service) Init() error {
|
||||
s.initialized = true
|
||||
return nil
|
||||
}
|
||||
|
||||
// Admin crud functions //
|
||||
|
||||
// Resources
|
||||
|
||||
// AssignResourceToRole assigns a resource to a role
|
||||
func (s *Service) AssignResourceToRole(roleID, resourceID uint) error {
|
||||
if !s.isInitialized() {
|
||||
return ErrNotInitialized
|
||||
}
|
||||
rr := RoleResource{
|
||||
RoleID: roleID,
|
||||
ResourceID: resourceID,
|
||||
}
|
||||
return s.db.FirstOrCreate(&rr, RoleResource{RoleID: roleID, ResourceID: resourceID}).Error
|
||||
}
|
||||
|
||||
// AssignRoleToUser assigns a role to a user
|
||||
func (s *Service) AssignRoleToUser(roleID, userID uint) error {
|
||||
if !s.isInitialized() {
|
||||
return ErrNotInitialized
|
||||
}
|
||||
ur := UserRole{
|
||||
UserID: userID,
|
||||
RoleID: roleID,
|
||||
}
|
||||
if err := s.db.Create(&ur).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrDuplicatedKey) {
|
||||
return fmt.Errorf("role already assigned to user")
|
||||
}
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// RemoveResourceFromRole removes a resource from a role
|
||||
func (s *Service) RemoveResourceFromRole(roleID, resourceID uint) error {
|
||||
if !s.isInitialized() {
|
||||
return ErrNotInitialized
|
||||
}
|
||||
return s.db.Where("role_id = ? AND resource_id = ?", roleID, resourceID).Delete(&RoleResource{}).Error
|
||||
}
|
||||
|
||||
// RemoveRoleFromUser removes a role from a user
|
||||
func (s *Service) RemoveRoleFromUser(roleID, userID uint) error {
|
||||
if !s.isInitialized() {
|
||||
return ErrNotInitialized
|
||||
}
|
||||
return s.db.Where("role_id = ? AND user_id = ?", roleID, userID).Delete(&UserRole{}).Error
|
||||
}
|
||||
|
||||
// GetRoleResources returns all resources for a given role
|
||||
func (s *Service) GetRoleResources(roleID uint) ([]Resource, error) {
|
||||
if !s.isInitialized() {
|
||||
return nil, ErrNotInitialized
|
||||
}
|
||||
var resources []Resource
|
||||
err := s.db.Joins("JOIN role_resources rr ON rr.resource_id = resources.id").
|
||||
Where("rr.role_id = ?", roleID).Find(&resources).Error
|
||||
return resources, err
|
||||
}
|
||||
|
||||
// GetUserRoles returns all roles for a given user
|
||||
func (s *Service) GetUserRoles(userID uint) ([]Role, error) {
|
||||
if !s.isInitialized() {
|
||||
return nil, ErrNotInitialized
|
||||
}
|
||||
var roles []Role
|
||||
err := s.db.Joins("JOIN user_roles ur ON ur.role_id = roles.id").
|
||||
Where("ur.user_id = ?", userID).Find(&roles).Error
|
||||
return roles, err
|
||||
}
|
||||
|
||||
7
internal/user/errors.go
Normal file
7
internal/user/errors.go
Normal file
@@ -0,0 +1,7 @@
|
||||
package user
|
||||
|
||||
import "fmt"
|
||||
|
||||
var (
|
||||
ErrUserNotFound = fmt.Errorf("user not found")
|
||||
)
|
||||
@@ -5,10 +5,9 @@ import (
|
||||
)
|
||||
|
||||
type User struct {
|
||||
ID uint `gorm:"primaryKey"`
|
||||
Username string `gorm:"uniqueIndex;not null"`
|
||||
Email string `gorm:"uniqueIndex;not null"`
|
||||
Password string `gorm:"not null"`
|
||||
//Roles []acl.Role `gorm:"many2many:user_roles"`
|
||||
ID uint `gorm:"primaryKey"`
|
||||
Username string `gorm:"uniqueIndex;not null"`
|
||||
Email string `gorm:"uniqueIndex;not null"`
|
||||
Password string `gorm:"not null"`
|
||||
DeletedAt gorm.DeletedAt `gorm:"index"`
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user