feat: assign system roles
This commit is contained in:
@ -33,6 +33,29 @@ func (q *Queries) AddPermissionsToRoleByKey(ctx context.Context, arg AddPermissi
|
||||
return err
|
||||
}
|
||||
|
||||
const assignRolePermission = `-- name: AssignRolePermission :exec
|
||||
INSERT INTO role_permissions (role_id, permission_id)
|
||||
VALUES (
|
||||
$1,
|
||||
(
|
||||
SELECT id
|
||||
FROM permissions p
|
||||
WHERE p.scope = split_part($2, '_', 1)
|
||||
AND p.name = substring($2 FROM position('_' IN $2) + 1)
|
||||
)
|
||||
)
|
||||
`
|
||||
|
||||
type AssignRolePermissionParams struct {
|
||||
RoleID uuid.UUID `json:"role_id"`
|
||||
Key string `json:"key"`
|
||||
}
|
||||
|
||||
func (q *Queries) AssignRolePermission(ctx context.Context, arg AssignRolePermissionParams) error {
|
||||
_, err := q.db.Exec(ctx, assignRolePermission, arg.RoleID, arg.Key)
|
||||
return err
|
||||
}
|
||||
|
||||
const createRole = `-- name: CreateRole :one
|
||||
INSERT INTO roles (name, scope, description)
|
||||
VALUES ($1, $2, $3)
|
||||
|
||||
@ -2,7 +2,6 @@ package user
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"log"
|
||||
|
||||
"gitea.local/admin/hspguard/internal/repository"
|
||||
@ -143,7 +142,7 @@ var (
|
||||
"system_revoke_sessions",
|
||||
},
|
||||
Role: repository.Role{
|
||||
Name: "family_member",
|
||||
Name: "member",
|
||||
Description: String("User that is able to use home services"),
|
||||
},
|
||||
},
|
||||
@ -180,7 +179,10 @@ func EnsureSystemPermissions(ctx context.Context, repo *repository.Queries) {
|
||||
}
|
||||
|
||||
for _, role := range SYSTEM_ROLES {
|
||||
found, err := repo.FindRole(ctx, repository.FindRoleParams{
|
||||
var found repository.Role
|
||||
var err error
|
||||
|
||||
found, err = repo.FindRole(ctx, repository.FindRoleParams{
|
||||
Scope: SYSTEM_SCOPE,
|
||||
Name: role.Name,
|
||||
})
|
||||
@ -196,17 +198,13 @@ func EnsureSystemPermissions(ctx context.Context, repo *repository.Queries) {
|
||||
}
|
||||
}
|
||||
|
||||
var mappedPerms []string
|
||||
|
||||
for _, perm := range role.Permissions {
|
||||
mappedPerms = append(mappedPerms, fmt.Sprintf("%s_%s", SYSTEM_SCOPE, perm))
|
||||
}
|
||||
|
||||
if err := repo.AddPermissionsToRoleByKey(ctx, repository.AddPermissionsToRoleByKeyParams{
|
||||
RoleID: found.ID,
|
||||
PermissionKeys: mappedPerms,
|
||||
}); err != nil {
|
||||
log.Fatalf("ERR: Failed to assign required permissions to SYSTEM role %s: %v\n", found.Name, err)
|
||||
if err := repo.AssignRolePermission(ctx, repository.AssignRolePermissionParams{
|
||||
RoleID: found.ID,
|
||||
Key: perm,
|
||||
}); err != nil {
|
||||
log.Fatalf("ERR: Failed to assign permission '%s' to SYSTEM role %s: %v\n", perm, found.Name, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -53,6 +53,17 @@ INSERT INTO roles (name, scope, description)
|
||||
VALUES ($1, $2, $3)
|
||||
RETURNING *;
|
||||
|
||||
-- name: AssignRolePermission :exec
|
||||
INSERT INTO role_permissions (role_id, permission_id)
|
||||
VALUES (
|
||||
$1,
|
||||
(
|
||||
SELECT id
|
||||
FROM permissions p
|
||||
WHERE p.scope = split_part(sqlc.arg('key'), '_', 1)
|
||||
AND p.name = right(sqlc.arg('key'), length(sqlc.arg('key')) - position('_' IN sqlc.arg('key')))
|
||||
)
|
||||
);
|
||||
-- name: AddPermissionsToRoleByKey :exec
|
||||
INSERT INTO role_permissions (role_id, permission_id)
|
||||
SELECT
|
||||
|
||||
Reference in New Issue
Block a user