feat: fetch permissions + grouped fetching

2025-06-24 19:01:16 +02:00
parent 5cec1cf561
commit 09a2f05ee5
2 changed files with 131 additions and 10 deletions
--- a/internal/repository/permissions.sql.go
+++ b/internal/repository/permissions.sql.go
@ -11,28 +11,133 @@ import (
 	"github.com/google/uuid"
 )
 const createPermission = `-- name: CreatePermission :one
 INSERT into permissions (
    name, scope, description
 ) VALUES (
    $1, $2, $3
 ) RETURNING id, name, scope, description
 `
 type CreatePermissionParams struct {
 	Name        string  `json:"name"`
 	Scope       string  `json:"scope"`
 	Description *string `json:"description"`
 }
 func (q *Queries) CreatePermission(ctx context.Context, arg CreatePermissionParams) (Permission, error) {
 	row := q.db.QueryRow(ctx, createPermission, arg.Name, arg.Scope, arg.Description)
 	var i Permission
 	err := row.Scan(
 		&i.ID,
 		&i.Name,
 		&i.Scope,
 		&i.Description,
 	)
 	return i, err
 }
 const findPermission = `-- name: FindPermission :one
 SELECT id, name, scope, description FROM permissions
 WHERE name = $1 AND scope = $2
 `
 type FindPermissionParams struct {
 	Name  string `json:"name"`
 	Scope string `json:"scope"`
 }
 func (q *Queries) FindPermission(ctx context.Context, arg FindPermissionParams) (Permission, error) {
 	row := q.db.QueryRow(ctx, findPermission, arg.Name, arg.Scope)
 	var i Permission
 	err := row.Scan(
 		&i.ID,
 		&i.Name,
 		&i.Scope,
 		&i.Description,
 	)
 	return i, err
 }
 const getAllPermissions = `-- name: GetAllPermissions :many
 SELECT id, name, scope, description
 FROM permissions p
 ORDER BY p.scope
 `
 func (q *Queries) GetAllPermissions(ctx context.Context) ([]Permission, error) {
 	rows, err := q.db.Query(ctx, getAllPermissions)
 	if err != nil {
 		return nil, err
 	}
 	defer rows.Close()
 	var items []Permission
 	for rows.Next() {
 		var i Permission
 		if err := rows.Scan(
 			&i.ID,
 			&i.Name,
 			&i.Scope,
 			&i.Description,
 		); err != nil {
 			return nil, err
 		}
 		items = append(items, i)
 	}
 	if err := rows.Err(); err != nil {
 		return nil, err
 	}
 	return items, nil
 }
 const getGroupedPermissions = `-- name: GetGroupedPermissions :many
 SELECT scope, json_agg(to_jsonb(permissions.*) ORDER BY name) as permissions
 FROM permissions
 GROUP BY scope
 `
 type GetGroupedPermissionsRow struct {
 	Scope       string `json:"scope"`
 	Permissions []byte `json:"permissions"`
 }
 func (q *Queries) GetGroupedPermissions(ctx context.Context) ([]GetGroupedPermissionsRow, error) {
 	rows, err := q.db.Query(ctx, getGroupedPermissions)
 	if err != nil {
 		return nil, err
 	}
 	defer rows.Close()
 	var items []GetGroupedPermissionsRow
 	for rows.Next() {
 		var i GetGroupedPermissionsRow
 		if err := rows.Scan(&i.Scope, &i.Permissions); err != nil {
 			return nil, err
 		}
 		items = append(items, i)
 	}
 	if err := rows.Err(); err != nil {
 		return nil, err
 	}
 	return items, nil
 }
 const getUserPermissions = `-- name: GetUserPermissions :many
 SELECT DISTINCT p.id,p.name,p.scope,p.description
 FROM permissions p
 LEFT JOIN role_permissions rp_user
    ON p.id = rp_user.permission_id
 LEFT JOIN user_roles ur
    ON rp_user.role_id = ur.role_id AND ur.user_id = $1
 LEFT JOIN user_groups ug
    ON ug.user_id = $1
 LEFT JOIN group_roles gr
    ON ug.group_id = gr.group_id
 LEFT JOIN role_permissions rp_group
    ON gr.role_id = rp_group.role_id AND rp_group.permission_id = p.id
 LEFT JOIN user_permissions up
    ON up.user_id = $1 AND up.permission_id = p.id
 LEFT JOIN group_permissions gp
    ON gp.group_id = ug.group_id AND gp.permission_id = p.id
 WHERE ur.user_id IS NOT NULL
   OR gr.group_id IS NOT NULL
   OR up.user_id IS NOT NULL
--- a/queries/permissions.sql
+++ b/queries/permissions.sql
@ -1,14 +1,33 @@
 -- name: GetAllPermissions :many
 SELECT *
 FROM permissions p
 ORDER BY p.scope;
 -- name: GetGroupedPermissions :many
 SELECT scope, json_agg(to_jsonb(permissions.*) ORDER BY name) as permissions
 FROM permissions
 GROUP BY scope;
 -- name: CreatePermission :one
 INSERT into permissions (
    name, scope, description
 ) VALUES (
    $1, $2, $3
 ) RETURNING *;
 -- name: FindPermission :one
 SELECT * FROM permissions
 WHERE name = $1 AND scope = $2;
 -- name: GetUserPermissions :many
 SELECT DISTINCT p.id,p.name,p.scope,p.description
 FROM permissions p
 -- From roles assigned directly to the user
 LEFT JOIN role_permissions rp_user
    ON p.id = rp_user.permission_id
 LEFT JOIN user_roles ur
    ON rp_user.role_id = ur.role_id AND ur.user_id = $1
 -- From roles assigned to user's groups
 LEFT JOIN user_groups ug
    ON ug.user_id = $1
@ -16,15 +35,12 @@ LEFT JOIN group_roles gr
    ON ug.group_id = gr.group_id
 LEFT JOIN role_permissions rp_group
    ON gr.role_id = rp_group.role_id AND rp_group.permission_id = p.id
 -- Direct permissions to user
 LEFT JOIN user_permissions up
    ON up.user_id = $1 AND up.permission_id = p.id
 -- Direct permissions to user's groups
 LEFT JOIN group_permissions gp
    ON gp.group_id = ug.group_id AND gp.permission_id = p.id
 WHERE ur.user_id IS NOT NULL
   OR gr.group_id IS NOT NULL
   OR up.user_id IS NOT NULL