feat: fetch permissions + grouped fetching
This commit is contained in:
@ -11,28 +11,133 @@ import (
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
const createPermission = `-- name: CreatePermission :one
|
||||
INSERT into permissions (
|
||||
name, scope, description
|
||||
) VALUES (
|
||||
$1, $2, $3
|
||||
) RETURNING id, name, scope, description
|
||||
`
|
||||
|
||||
type CreatePermissionParams struct {
|
||||
Name string `json:"name"`
|
||||
Scope string `json:"scope"`
|
||||
Description *string `json:"description"`
|
||||
}
|
||||
|
||||
func (q *Queries) CreatePermission(ctx context.Context, arg CreatePermissionParams) (Permission, error) {
|
||||
row := q.db.QueryRow(ctx, createPermission, arg.Name, arg.Scope, arg.Description)
|
||||
var i Permission
|
||||
err := row.Scan(
|
||||
&i.ID,
|
||||
&i.Name,
|
||||
&i.Scope,
|
||||
&i.Description,
|
||||
)
|
||||
return i, err
|
||||
}
|
||||
|
||||
const findPermission = `-- name: FindPermission :one
|
||||
SELECT id, name, scope, description FROM permissions
|
||||
WHERE name = $1 AND scope = $2
|
||||
`
|
||||
|
||||
type FindPermissionParams struct {
|
||||
Name string `json:"name"`
|
||||
Scope string `json:"scope"`
|
||||
}
|
||||
|
||||
func (q *Queries) FindPermission(ctx context.Context, arg FindPermissionParams) (Permission, error) {
|
||||
row := q.db.QueryRow(ctx, findPermission, arg.Name, arg.Scope)
|
||||
var i Permission
|
||||
err := row.Scan(
|
||||
&i.ID,
|
||||
&i.Name,
|
||||
&i.Scope,
|
||||
&i.Description,
|
||||
)
|
||||
return i, err
|
||||
}
|
||||
|
||||
const getAllPermissions = `-- name: GetAllPermissions :many
|
||||
SELECT id, name, scope, description
|
||||
FROM permissions p
|
||||
ORDER BY p.scope
|
||||
`
|
||||
|
||||
func (q *Queries) GetAllPermissions(ctx context.Context) ([]Permission, error) {
|
||||
rows, err := q.db.Query(ctx, getAllPermissions)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer rows.Close()
|
||||
var items []Permission
|
||||
for rows.Next() {
|
||||
var i Permission
|
||||
if err := rows.Scan(
|
||||
&i.ID,
|
||||
&i.Name,
|
||||
&i.Scope,
|
||||
&i.Description,
|
||||
); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
items = append(items, i)
|
||||
}
|
||||
if err := rows.Err(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return items, nil
|
||||
}
|
||||
|
||||
const getGroupedPermissions = `-- name: GetGroupedPermissions :many
|
||||
SELECT scope, json_agg(to_jsonb(permissions.*) ORDER BY name) as permissions
|
||||
FROM permissions
|
||||
GROUP BY scope
|
||||
`
|
||||
|
||||
type GetGroupedPermissionsRow struct {
|
||||
Scope string `json:"scope"`
|
||||
Permissions []byte `json:"permissions"`
|
||||
}
|
||||
|
||||
func (q *Queries) GetGroupedPermissions(ctx context.Context) ([]GetGroupedPermissionsRow, error) {
|
||||
rows, err := q.db.Query(ctx, getGroupedPermissions)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer rows.Close()
|
||||
var items []GetGroupedPermissionsRow
|
||||
for rows.Next() {
|
||||
var i GetGroupedPermissionsRow
|
||||
if err := rows.Scan(&i.Scope, &i.Permissions); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
items = append(items, i)
|
||||
}
|
||||
if err := rows.Err(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return items, nil
|
||||
}
|
||||
|
||||
const getUserPermissions = `-- name: GetUserPermissions :many
|
||||
SELECT DISTINCT p.id,p.name,p.scope,p.description
|
||||
FROM permissions p
|
||||
|
||||
LEFT JOIN role_permissions rp_user
|
||||
ON p.id = rp_user.permission_id
|
||||
LEFT JOIN user_roles ur
|
||||
ON rp_user.role_id = ur.role_id AND ur.user_id = $1
|
||||
|
||||
LEFT JOIN user_groups ug
|
||||
ON ug.user_id = $1
|
||||
LEFT JOIN group_roles gr
|
||||
ON ug.group_id = gr.group_id
|
||||
LEFT JOIN role_permissions rp_group
|
||||
ON gr.role_id = rp_group.role_id AND rp_group.permission_id = p.id
|
||||
|
||||
LEFT JOIN user_permissions up
|
||||
ON up.user_id = $1 AND up.permission_id = p.id
|
||||
|
||||
LEFT JOIN group_permissions gp
|
||||
ON gp.group_id = ug.group_id AND gp.permission_id = p.id
|
||||
|
||||
WHERE ur.user_id IS NOT NULL
|
||||
OR gr.group_id IS NOT NULL
|
||||
OR up.user_id IS NOT NULL
|
||||
|
||||
@ -1,14 +1,33 @@
|
||||
|
||||
-- name: GetAllPermissions :many
|
||||
SELECT *
|
||||
FROM permissions p
|
||||
ORDER BY p.scope;
|
||||
|
||||
-- name: GetGroupedPermissions :many
|
||||
SELECT scope, json_agg(to_jsonb(permissions.*) ORDER BY name) as permissions
|
||||
FROM permissions
|
||||
GROUP BY scope;
|
||||
|
||||
-- name: CreatePermission :one
|
||||
INSERT into permissions (
|
||||
name, scope, description
|
||||
) VALUES (
|
||||
$1, $2, $3
|
||||
) RETURNING *;
|
||||
|
||||
-- name: FindPermission :one
|
||||
SELECT * FROM permissions
|
||||
WHERE name = $1 AND scope = $2;
|
||||
|
||||
-- name: GetUserPermissions :many
|
||||
SELECT DISTINCT p.id,p.name,p.scope,p.description
|
||||
FROM permissions p
|
||||
|
||||
-- From roles assigned directly to the user
|
||||
LEFT JOIN role_permissions rp_user
|
||||
ON p.id = rp_user.permission_id
|
||||
LEFT JOIN user_roles ur
|
||||
ON rp_user.role_id = ur.role_id AND ur.user_id = $1
|
||||
|
||||
-- From roles assigned to user's groups
|
||||
LEFT JOIN user_groups ug
|
||||
ON ug.user_id = $1
|
||||
@ -16,15 +35,12 @@ LEFT JOIN group_roles gr
|
||||
ON ug.group_id = gr.group_id
|
||||
LEFT JOIN role_permissions rp_group
|
||||
ON gr.role_id = rp_group.role_id AND rp_group.permission_id = p.id
|
||||
|
||||
-- Direct permissions to user
|
||||
LEFT JOIN user_permissions up
|
||||
ON up.user_id = $1 AND up.permission_id = p.id
|
||||
|
||||
-- Direct permissions to user's groups
|
||||
LEFT JOIN group_permissions gp
|
||||
ON gp.group_id = ug.group_id AND gp.permission_id = p.id
|
||||
|
||||
WHERE ur.user_id IS NOT NULL
|
||||
OR gr.group_id IS NOT NULL
|
||||
OR up.user_id IS NOT NULL
|
||||
|
||||
Reference in New Issue
Block a user