admin/hspguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: assign system roles

Browse Source
This commit is contained in:
Amir Adal
2025-06-29 23:19:05 +02:00
parent d80caac81b
commit d86a9de388
3 changed files with 45 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
internal/repository/roles.sql.go
View File

@ -33,6 +33,29 @@ func (q *Queries) AddPermissionsToRoleByKey(ctx context.Context, arg AddPermissi
return err return err
} }
const assignRolePermission = `-- name: AssignRolePermission :exec
INSERT INTO role_permissions (role_id, permission_id)
VALUES (
$1,
(
SELECT id
FROM permissions p
WHERE p.scope = split_part($2, '_', 1)
AND p.name = substring($2 FROM position('_' IN $2) + 1)
)
)
`
type AssignRolePermissionParams struct {
RoleID uuid.UUID `json:"role_id"`
Key string `json:"key"`
}
func (q *Queries) AssignRolePermission(ctx context.Context, arg AssignRolePermissionParams) error {
_, err := q.db.Exec(ctx, assignRolePermission, arg.RoleID, arg.Key)
return err
}
const createRole = `-- name: CreateRole :one const createRole = `-- name: CreateRole :one
INSERT INTO roles (name, scope, description) INSERT INTO roles (name, scope, description)
VALUES ($1, $2, $3) VALUES ($1, $2, $3)

20
internal/user/permissions.go
View File

@ -2,7 +2,6 @@ package user
import ( import (
"context" "context"
"fmt"
"log" "log"
"gitea.local/admin/hspguard/internal/repository" "gitea.local/admin/hspguard/internal/repository"
@ -143,7 +142,7 @@ var (
"system_revoke_sessions", "system_revoke_sessions",
}, },
Role: repository.Role{ Role: repository.Role{
Name: "family_member", Name: "member",
Description: String("User that is able to use home services"), Description: String("User that is able to use home services"),
}, },
}, },
@ -180,7 +179,10 @@ func EnsureSystemPermissions(ctx context.Context, repo *repository.Queries) {
} }
for _, role := range SYSTEM_ROLES { for _, role := range SYSTEM_ROLES {
found, err := repo.FindRole(ctx, repository.FindRoleParams{ var found repository.Role
var err error
found, err = repo.FindRole(ctx, repository.FindRoleParams{
Scope: SYSTEM_SCOPE, Scope: SYSTEM_SCOPE,
Name: role.Name, Name: role.Name,
}) })
@ -196,17 +198,13 @@ func EnsureSystemPermissions(ctx context.Context, repo *repository.Queries) {
} }
} }
var mappedPerms []string
for _, perm := range role.Permissions { for _, perm := range role.Permissions {
mappedPerms = append(mappedPerms, fmt.Sprintf("%s_%s", SYSTEM_SCOPE, perm)) if err := repo.AssignRolePermission(ctx, repository.AssignRolePermissionParams{
}
if err := repo.AddPermissionsToRoleByKey(ctx, repository.AddPermissionsToRoleByKeyParams{
RoleID: found.ID, RoleID: found.ID,
PermissionKeys: mappedPerms, Key: perm,
}); err != nil { }); err != nil {
log.Fatalf("ERR: Failed to assign required permissions to SYSTEM role %s: %v\n", found.Name, err) log.Fatalf("ERR: Failed to assign permission '%s' to SYSTEM role %s: %v\n", perm, found.Name, err)
}
} }
} }
} }

11
queries/roles.sql
View File

@ -53,6 +53,17 @@ INSERT INTO roles (name, scope, description)
VALUES ($1, $2, $3) VALUES ($1, $2, $3)
RETURNING *; RETURNING *;
-- name: AssignRolePermission :exec
INSERT INTO role_permissions (role_id, permission_id)
VALUES (
$1,
(
SELECT id
FROM permissions p
WHERE p.scope = split_part(sqlc.arg('key'), '_', 1)
AND p.name = right(sqlc.arg('key'), length(sqlc.arg('key')) - position('_' IN sqlc.arg('key')))
)
);
-- name: AddPermissionsToRoleByKey :exec -- name: AddPermissionsToRoleByKey :exec
INSERT INTO role_permissions (role_id, permission_id) INSERT INTO role_permissions (role_id, permission_id)
SELECT SELECT