forked from ebhomengo/niki
1
0
Fork 0
niki/repository/mysql/admin/authorization.go

103 lines
3.0 KiB
Go
Raw Normal View History

package mysqladmin
import (
"context"
"slices"
"time"
"git.gocasts.ir/ebhomengo/niki/entity"
errmsg "git.gocasts.ir/ebhomengo/niki/pkg/err_msg"
richerror "git.gocasts.ir/ebhomengo/niki/pkg/rich_error"
"git.gocasts.ir/ebhomengo/niki/repository/mysql"
)
func (d *DB) GetAdminPermissions(ctx context.Context, adminID uint, role entity.AdminRole) ([]entity.AdminPermission, error) {
const op = "mysqladmin.GetAdminPermissions"
query := `select * from admin_access_controls where actor_type = ? and actor_id = ?`
//nolint
stmt, err := d.conn.PrepareStatement(ctx, mysql.StatementKeyAdminAccessControlGetPermissions, query)
if err != nil {
return nil, richerror.New(op).WithErr(err).
WithMessage(errmsg.ErrorMsgCantPrepareStatement).WithKind(richerror.KindUnexpected)
}
// Get admin role ACL
adminRoleRows, err := stmt.Query(entity.AdminRoleActorType, role)
if err != nil {
return nil, richerror.New(op).WithErr(err).
WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
}
defer adminRoleRows.Close()
adminRoleACL := make([]entity.AdminAccessControl, 0)
for adminRoleRows.Next() {
acl, err := scanAccessControl(adminRoleRows)
if err != nil {
return nil, richerror.New(op).WithErr(err).
WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
}
adminRoleACL = append(adminRoleACL, acl)
}
if err = adminRoleRows.Err(); err != nil {
return nil, richerror.New(op).WithErr(err).
WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
}
// Get admin ACL
adminRows, err := stmt.Query(entity.AdminAdminActorType, adminID)
if err != nil {
return nil, richerror.New(op).WithErr(err).
WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
}
defer adminRows.Close()
adminACL := make([]entity.AdminAccessControl, 0)
for adminRows.Next() {
acl, err := scanAccessControl(adminRows)
if err != nil {
return nil, richerror.New(op).WithErr(err).
WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
}
adminACL = append(adminACL, acl)
}
if err = adminRows.Err(); err != nil {
return nil, richerror.New(op).WithErr(err).
WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
}
// merge ACLs by permission
adminPermissions := make([]entity.AdminPermission, 0)
for _, r := range adminRoleACL {
if !slices.Contains(adminPermissions, r.Permission) {
adminPermissions = append(adminPermissions, r.Permission)
}
}
for _, a := range adminACL {
if !slices.Contains(adminPermissions, a.Permission) {
adminPermissions = append(adminPermissions, a.Permission)
}
}
if len(adminPermissions) == 0 {
return nil, nil
}
return adminPermissions, nil
}
func scanAccessControl(scanner mysql.Scanner) (entity.AdminAccessControl, error) {
var (
createdAt time.Time
updateAt time.Time
acl entity.AdminAccessControl
)
err := scanner.Scan(&acl.ID, &acl.ActorID, &acl.ActorType, &acl.Permission, &createdAt, &updateAt)
return acl, err
}