niki/repository/mysql/admin/authorization.go

100 lines
2.9 KiB
Go
Raw Permalink Normal View History

package mysqladmin
import (
"time"
"git.gocasts.ir/ebhomengo/niki/entity"
errmsg "git.gocasts.ir/ebhomengo/niki/pkg/err_msg"
richerror "git.gocasts.ir/ebhomengo/niki/pkg/rich_error"
"git.gocasts.ir/ebhomengo/niki/pkg/slice"
"git.gocasts.ir/ebhomengo/niki/repository/mysql"
)
func (d *DB) GetAdminPermissions(adminID uint, role entity.AdminRole) ([]entity.AdminPermission, error) {
const op = "mysqladmin.GetAdminPermissions"
// get adminRoleACL
adminRoleACL := make([]entity.AdminAccessControl, 0)
adminRoleRows, err := d.conn.Conn().Query(`select * from admin_access_controls where actor_type = ? and actor_id = ?`,
entity.AdminRoleActorType, role)
if err != nil {
return nil, richerror.New(op).WithErr(err).
WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
}
defer adminRoleRows.Close()
for adminRoleRows.Next() {
acl, err := scanAccessControl(adminRoleRows)
if err != nil {
return nil, richerror.New(op).WithErr(err).
WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
}
adminRoleACL = append(adminRoleACL, acl)
}
if err := adminRoleRows.Err(); err != nil {
return nil, richerror.New(op).WithErr(err).
WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
}
// get adminACL
adminACL := make([]entity.AdminAccessControl, 0)
adminRows, err := d.conn.Conn().Query(`select * from admin_access_controls where actor_type = ? and actor_id = ?`,
entity.AdminAdminActorType, adminID)
if err != nil {
return nil, richerror.New(op).WithErr(err).
WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
}
defer adminRows.Close()
for adminRows.Next() {
acl, err := scanAccessControl(adminRows)
if err != nil {
return nil, richerror.New(op).WithErr(err).
WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
}
adminACL = append(adminACL, acl)
}
if err := adminRows.Err(); err != nil {
return nil, richerror.New(op).WithErr(err).
WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
}
// merge ACLs by permission
adminPermissions := make([]entity.AdminPermission, 0)
for _, r := range adminRoleACL {
if !slice.DoesExist(adminPermissions, r.Permission) {
adminPermissions = append(adminPermissions, r.Permission)
}
}
for _, a := range adminACL {
if !slice.DoesExist(adminPermissions, a.Permission) {
adminPermissions = append(adminPermissions, a.Permission)
}
}
if len(adminPermissions) == 0 {
return nil, nil
}
return adminPermissions, nil
}
func scanAccessControl(scanner mysql.Scanner) (entity.AdminAccessControl, error) {
var (
createdAt time.Time
updateAt time.Time
acl entity.AdminAccessControl
)
err := scanner.Scan(&acl.ID, &acl.ActorID, &acl.ActorType, &acl.Permission, &createdAt, &updateAt)
return acl, err
}