admin/hspguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: beta version of role management for single user

Browse Source
This commit is contained in:
Amir Adal
2025-07-20 17:59:54 +02:00
parent 533e6ea6af
commit d35e5813b5
16 changed files with 680 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
queries/permissions.sql
View File

@ -22,27 +22,8 @@ WHERE name = $1 AND scope = $2;
-- name: GetUserPermissions :many
SELECT DISTINCT p.id,p.name,p.scope,p.description
FROM permissions p
-- From roles assigned directly to the user
LEFT JOIN role_permissions rp_user
ON p.id = rp_user.permission_id
LEFT JOIN user_roles ur
ON rp_user.role_id = ur.role_id AND ur.user_id = $1
-- From roles assigned to user's groups
LEFT JOIN user_groups ug
ON ug.user_id = $1
LEFT JOIN group_roles gr
ON ug.group_id = gr.group_id
LEFT JOIN role_permissions rp_group
ON gr.role_id = rp_group.role_id AND rp_group.permission_id = p.id
-- Direct permissions to user
LEFT JOIN user_permissions up
ON up.user_id = $1 AND up.permission_id = p.id
-- Direct permissions to user's groups
LEFT JOIN group_permissions gp
ON gp.group_id = ug.group_id AND gp.permission_id = p.id
WHERE ur.user_id IS NOT NULL
OR gr.group_id IS NOT NULL
OR up.user_id IS NOT NULL
OR gp.group_id IS NOT NULL
FROM user_roles ur
JOIN role_permissions rp ON ur.role_id = rp.role_id
JOIN permissions p ON rp.permission_id = p.id
WHERE ur.user_id = $1
ORDER BY p.scope;

28
queries/roles.sql
View File

@ -12,6 +12,8 @@ SELECT
r.id,
'name',
r.name,
'scope',
r.scope,
'description',
r.description,
'permissions',
@ -79,3 +81,29 @@ FROM
JOIN
unnest(sqlc.arg(permission_keys)::text[]) AS key_str
ON key_str = p.scope || '_' || p.name;
-- name: GetUserRoles :many
SELECT r.* FROM roles r
JOIN user_roles ur ON r.id = ur.role_id
WHERE ur.user_id = $1;
-- name: AssignUserRole :exec
INSERT INTO user_roles (user_id, role_id)
VALUES ($1, (
SELECT id FROM roles r
WHERE r.scope = split_part(sqlc.arg('key'), '_', 1)
AND r.name = right(sqlc.arg('key'), length(sqlc.arg('key')) - position('_' IN sqlc.arg('key')))
));
-- name: UnassignUserRole :exec
DELETE FROM user_roles
WHERE user_id = $1 AND role_id = (
SELECT id FROM roles r
WHERE r.scope = split_part(sqlc.arg('key'), '_', 1)
AND r.name = right(sqlc.arg('key'), length(sqlc.arg('key')) - position('_' IN sqlc.arg('key')))
);
-- name: FindUserRole :one
SELECT * FROM user_roles
WHERE user_id = $1 AND role_id = (SELECT id FROM roles r WHERE r.scope = split_part(sqlc.arg('key'), '_', 1) AND r.name = right(sqlc.arg('key'), length(sqlc.arg('key')) - position('_' IN sqlc.arg('key'))))
LIMIT 1;