From 5cec1cf5611c271ff0c0b9a9c5692431f7e66ef2 Mon Sep 17 00:00:00 2001
From: LandaMm <qwer.009771@gmail.com>
Date: Tue, 24 Jun 2025 19:00:36 +0200
Subject: [PATCH] feat: ensure system permissions

---
 internal/user/permissions.go | 70 ++++++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)
 create mode 100644 internal/user/permissions.go

diff --git a/internal/user/permissions.go b/internal/user/permissions.go
new file mode 100644
index 0000000..6f79bf5
--- /dev/null
+++ b/internal/user/permissions.go
@@ -0,0 +1,70 @@
+package user
+
+import (
+	"context"
+	"log"
+
+	"gitea.local/admin/hspguard/internal/repository"
+)
+
+func String(s string) *string {
+	return &s
+}
+
+var (
+	SYSTEM_SCOPE       string                  = "system"
+	SYSTEM_PERMISSIONS []repository.Permission = []repository.Permission{
+		{
+			Name:        "log_into_guard",
+			Description: String("Allow users to log into their accounts"),
+		},
+		{
+			Name:        "register",
+			Description: String("Allow users to register new accounts"),
+		},
+		{
+			Name:        "edit_profile",
+			Description: String("Allow users to edit their profiles"),
+		},
+		{
+			Name:        "recover_credentials",
+			Description: String("Allow users to recover their password/email"),
+		},
+		{
+			Name:        "verify_profile",
+			Description: String("Allow users to verify their accounts"),
+		},
+		{
+			Name:        "access_home_services",
+			Description: String("Allow users to access home services and tools"),
+		},
+		{
+			Name:        "view_sessions",
+			Description: String("Allow users to view their active sessions"),
+		},
+		{
+			Name:        "revoke_sessions",
+			Description: String("Allow users to revoke their active sessions"),
+		},
+	}
+)
+
+func EnsureSystemPermissions(ctx context.Context, repo *repository.Queries) {
+	for _, permission := range SYSTEM_PERMISSIONS {
+		_, err := repo.FindPermission(ctx, repository.FindPermissionParams{
+			Name:  permission.Name,
+			Scope: SYSTEM_SCOPE,
+		})
+		if err != nil {
+			log.Printf("INFO: Creating SYSTEM permission: '%s'\n", permission.Name)
+			_, err = repo.CreatePermission(ctx, repository.CreatePermissionParams{
+				Name:        permission.Name,
+				Scope:       SYSTEM_SCOPE,
+				Description: permission.Description,
+			})
+			if err != nil {
+				log.Fatalf("ERR: Failed to create SYSTEM permission: '%s'\n", permission.Name)
+			}
+		}
+	}
+}