feat: ensure system permissions
This commit is contained in:
70
internal/user/permissions.go
Normal file
70
internal/user/permissions.go
Normal file
@ -0,0 +1,70 @@
|
||||
package user
|
||||
|
||||
import (
|
||||
"context"
|
||||
"log"
|
||||
|
||||
"gitea.local/admin/hspguard/internal/repository"
|
||||
)
|
||||
|
||||
func String(s string) *string {
|
||||
return &s
|
||||
}
|
||||
|
||||
var (
|
||||
SYSTEM_SCOPE string = "system"
|
||||
SYSTEM_PERMISSIONS []repository.Permission = []repository.Permission{
|
||||
{
|
||||
Name: "log_into_guard",
|
||||
Description: String("Allow users to log into their accounts"),
|
||||
},
|
||||
{
|
||||
Name: "register",
|
||||
Description: String("Allow users to register new accounts"),
|
||||
},
|
||||
{
|
||||
Name: "edit_profile",
|
||||
Description: String("Allow users to edit their profiles"),
|
||||
},
|
||||
{
|
||||
Name: "recover_credentials",
|
||||
Description: String("Allow users to recover their password/email"),
|
||||
},
|
||||
{
|
||||
Name: "verify_profile",
|
||||
Description: String("Allow users to verify their accounts"),
|
||||
},
|
||||
{
|
||||
Name: "access_home_services",
|
||||
Description: String("Allow users to access home services and tools"),
|
||||
},
|
||||
{
|
||||
Name: "view_sessions",
|
||||
Description: String("Allow users to view their active sessions"),
|
||||
},
|
||||
{
|
||||
Name: "revoke_sessions",
|
||||
Description: String("Allow users to revoke their active sessions"),
|
||||
},
|
||||
}
|
||||
)
|
||||
|
||||
func EnsureSystemPermissions(ctx context.Context, repo *repository.Queries) {
|
||||
for _, permission := range SYSTEM_PERMISSIONS {
|
||||
_, err := repo.FindPermission(ctx, repository.FindPermissionParams{
|
||||
Name: permission.Name,
|
||||
Scope: SYSTEM_SCOPE,
|
||||
})
|
||||
if err != nil {
|
||||
log.Printf("INFO: Creating SYSTEM permission: '%s'\n", permission.Name)
|
||||
_, err = repo.CreatePermission(ctx, repository.CreatePermissionParams{
|
||||
Name: permission.Name,
|
||||
Scope: SYSTEM_SCOPE,
|
||||
Description: permission.Description,
|
||||
})
|
||||
if err != nil {
|
||||
log.Fatalf("ERR: Failed to create SYSTEM permission: '%s'\n", permission.Name)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
Reference in New Issue
Block a user