admin/hspguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: check role assignment

Browse Source
This commit is contained in:
Amir Adal
2025-06-30 00:08:14 +02:00
parent f5c61bb6a0
commit 0c24ed9382
3 changed files with 32 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
internal/repository/roles.sql.go
View File

@ -41,7 +41,7 @@ VALUES (
SELECT id SELECT id
FROM permissions p FROM permissions p
WHERE p.scope = split_part($2, '_', 1) WHERE p.scope = split_part($2, '_', 1)
AND p.name = substring($2 FROM position('_' IN $2) + 1) AND p.name = right($2, length($2) - position('_' IN $2))
) )
) )
` `
@ -103,6 +103,24 @@ func (q *Queries) FindRole(ctx context.Context, arg FindRoleParams) (Role, error
return i, err return i, err
} }
const getRoleAssignment = `-- name: GetRoleAssignment :one
SELECT role_id, permission_id FROM role_permissions
WHERE role_id = $1 AND permission_id = (SELECT id FROM permissions p WHERE p.scope = split_part($2, '_', 1) AND p.name = right($2, length($2) - position('_' IN $2)))
LIMIT 1
`
type GetRoleAssignmentParams struct {
RoleID uuid.UUID `json:"role_id"`
Key string `json:"key"`
}
func (q *Queries) GetRoleAssignment(ctx context.Context, arg GetRoleAssignmentParams) (RolePermission, error) {
row := q.db.QueryRow(ctx, getRoleAssignment, arg.RoleID, arg.Key)
var i RolePermission
err := row.Scan(&i.RoleID, &i.PermissionID)
return i, err
}
const getRolesGroupedWithPermissions = `-- name: GetRolesGroupedWithPermissions :many const getRolesGroupedWithPermissions = `-- name: GetRolesGroupedWithPermissions :many
SELECT SELECT
r.scope, r.scope,

5
internal/user/permissions.go
View File

@ -199,6 +199,10 @@ func EnsureSystemPermissions(ctx context.Context, repo *repository.Queries) {
} }
for _, perm := range role.Permissions { for _, perm := range role.Permissions {
if _, exists := repo.GetRoleAssignment(ctx, repository.GetRoleAssignmentParams{
RoleID: found.ID,
Key: perm,
}); exists != nil {
if err := repo.AssignRolePermission(ctx, repository.AssignRolePermissionParams{ if err := repo.AssignRolePermission(ctx, repository.AssignRolePermissionParams{
RoleID: found.ID, RoleID: found.ID,
Key: perm, Key: perm,
@ -208,3 +212,4 @@ func EnsureSystemPermissions(ctx context.Context, repo *repository.Queries) {
} }
} }
} }
}

5
queries/roles.sql
View File

@ -53,6 +53,11 @@ INSERT INTO roles (name, scope, description)
VALUES ($1, $2, $3) VALUES ($1, $2, $3)
RETURNING *; RETURNING *;
-- name: GetRoleAssignment :one
SELECT * FROM role_permissions
WHERE role_id = $1 AND permission_id = (SELECT id FROM permissions p WHERE p.scope = split_part(sqlc.arg('key'), '_', 1) AND p.name = right(sqlc.arg('key'), length(sqlc.arg('key')) - position('_' IN sqlc.arg('key'))))
LIMIT 1;
-- name: AssignRolePermission :exec -- name: AssignRolePermission :exec
INSERT INTO role_permissions (role_id, permission_id) INSERT INTO role_permissions (role_id, permission_id)
VALUES ( VALUES (