fully implement acl backend and interface
This commit is contained in:
@@ -5,7 +5,9 @@ import (
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"git.oblat.lv/alex/triggerssmith/internal/user"
|
||||
"gorm.io/gorm"
|
||||
"gorm.io/gorm/clause"
|
||||
)
|
||||
|
||||
// GetRoles returns all roles.
|
||||
@@ -134,3 +136,105 @@ func (s *Service) DeleteRole(roleID uint) error {
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetUserRoles returns all roles for a given user.
|
||||
// May return [ErrNotInitialized], [ErrUserNotFound], [ErrRoleNotFound] or db error.
|
||||
func (s *Service) GetUserRoles(userID uint) ([]Role, error) {
|
||||
if !s.isInitialized() {
|
||||
return nil, ErrNotInitialized
|
||||
}
|
||||
var user user.User
|
||||
if err := s.db.First(&user, userID).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return nil, ErrUserNotFound
|
||||
}
|
||||
return nil, fmt.Errorf("failed to fetch user: %w", err)
|
||||
}
|
||||
|
||||
var roles []Role
|
||||
err := s.db.
|
||||
Joins("JOIN user_roles ur ON ur.role_id = roles.id").
|
||||
Where("ur.user_id = ?", userID).
|
||||
Find(&roles).Error
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to get user roles: %w", err)
|
||||
}
|
||||
|
||||
if len(roles) == 0 {
|
||||
return nil, ErrRoleNotFound
|
||||
}
|
||||
return roles, nil
|
||||
}
|
||||
|
||||
// AssignRoleToUser assigns a role to a user.
|
||||
// May return [ErrNotInitialized], [ErrUserNotFound], [ErrRoleNotFound], [ErrRoleAlreadyAssigned] or db error.
|
||||
func (s *Service) AssignRoleToUser(roleID, userID uint) error {
|
||||
if !s.isInitialized() {
|
||||
return ErrNotInitialized
|
||||
}
|
||||
var user user.User
|
||||
if err := s.db.First(&user, userID).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return ErrUserNotFound
|
||||
}
|
||||
return fmt.Errorf("failed to fetch user: %w", err)
|
||||
}
|
||||
|
||||
var r Role
|
||||
if err := s.db.First(&r, roleID).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return ErrRoleNotFound
|
||||
}
|
||||
return fmt.Errorf("failed to fetch role: %w", err)
|
||||
}
|
||||
|
||||
ur := UserRole{
|
||||
UserID: userID,
|
||||
RoleID: roleID,
|
||||
}
|
||||
|
||||
tx := s.db.Clauses(clause.OnConflict{DoNothing: true}).Create(&ur)
|
||||
if tx.Error != nil {
|
||||
return fmt.Errorf("failed to assign resource to role: %w", tx.Error)
|
||||
}
|
||||
if tx.RowsAffected == 0 {
|
||||
return ErrRoleAlreadyAssigned
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// RemoveRoleFromUser removes a role from a user.
|
||||
// May return [ErrNotInitialized], [ErrUserNotFound], [ErrRoleNotFound], [ErrUserRoleNotFound] or db error.
|
||||
func (s *Service) RemoveRoleFromUser(roleID, userID uint) error {
|
||||
if !s.isInitialized() {
|
||||
return ErrNotInitialized
|
||||
}
|
||||
|
||||
var user user.User
|
||||
if err := s.db.First(&user, userID).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return ErrUserNotFound
|
||||
}
|
||||
return fmt.Errorf("failed to fetch user: %w", err)
|
||||
}
|
||||
|
||||
var r Role
|
||||
if err := s.db.First(&r, roleID).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return ErrRoleNotFound
|
||||
}
|
||||
return fmt.Errorf("failed to fetch role: %w", err)
|
||||
}
|
||||
|
||||
tx := s.db.Where("role_id = ? AND user_id = ?", roleID, userID).Delete(&UserRole{})
|
||||
if tx.Error != nil {
|
||||
return fmt.Errorf("failed to remove role from user: %w", tx.Error)
|
||||
}
|
||||
|
||||
if tx.RowsAffected == 0 {
|
||||
return ErrUserRoleNotFound
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user