fully implement acl backend and interface
This commit is contained in:
@@ -6,6 +6,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"gorm.io/gorm"
|
||||
"gorm.io/gorm/clause"
|
||||
)
|
||||
|
||||
// GetResources returns all resources.
|
||||
@@ -138,3 +139,82 @@ func (s *Service) DeleteResource(resourceID uint) error {
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// AssignResourceToRole assigns a resource to a role
|
||||
// May return [ErrNotInitialized], [ErrRoleNotFound], [ErrResourceNotFound], [ErrAlreadyAssigned] or db error.
|
||||
func (s *Service) AssignResourceToRole(roleID, resourceID uint) error {
|
||||
if !s.isInitialized() {
|
||||
return ErrNotInitialized
|
||||
}
|
||||
|
||||
// check role exists
|
||||
var r Role
|
||||
if err := s.db.First(&r, roleID).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return ErrRoleNotFound
|
||||
}
|
||||
return fmt.Errorf("failed to fetch role: %w", err)
|
||||
}
|
||||
|
||||
// check resource exists
|
||||
var res Resource
|
||||
if err := s.db.First(&res, resourceID).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return ErrResourceNotFound
|
||||
}
|
||||
return fmt.Errorf("failed to fetch resource: %w", err)
|
||||
}
|
||||
|
||||
rr := RoleResource{
|
||||
RoleID: roleID,
|
||||
ResourceID: resourceID,
|
||||
}
|
||||
|
||||
tx := s.db.Clauses(clause.OnConflict{DoNothing: true}).Create(&rr)
|
||||
if tx.Error != nil {
|
||||
return fmt.Errorf("failed to assign resource to role: %w", tx.Error)
|
||||
}
|
||||
|
||||
// if nothing inserted — already assigned
|
||||
if tx.RowsAffected == 0 {
|
||||
return ErrResourceAlreadyAssigned
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// RemoveResourceFromRole removes a resource from a role
|
||||
// May return [ErrNotInitialized], [ErrRoleNotFound], [ErrResourceNotFound], [ErrRoleResourceNotFound] or db error.
|
||||
func (s *Service) RemoveResourceFromRole(roleID, resourceID uint) error {
|
||||
if !s.isInitialized() {
|
||||
return ErrNotInitialized
|
||||
}
|
||||
// check role exists
|
||||
var r Role
|
||||
if err := s.db.First(&r, roleID).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return ErrRoleNotFound
|
||||
}
|
||||
return fmt.Errorf("failed to fetch role: %w", err)
|
||||
}
|
||||
|
||||
// check resource exists
|
||||
var res Resource
|
||||
if err := s.db.First(&res, resourceID).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return ErrResourceNotFound
|
||||
}
|
||||
return fmt.Errorf("failed to fetch resource: %w", err)
|
||||
}
|
||||
|
||||
tx := s.db.Where("role_id = ? AND resource_id = ?", roleID, resourceID).Delete(&RoleResource{})
|
||||
if tx.Error != nil {
|
||||
return fmt.Errorf("failed to remove resource from role: %w", tx.Error)
|
||||
}
|
||||
|
||||
if tx.RowsAffected == 0 {
|
||||
return ErrRoleResourceNotFound
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user