fixed doc env vars + mongo v2 migration
This commit is contained in:
Stephan D
@@ -13,8 +13,8 @@ import (
|
||||
"github.com/tech/sendico/pkg/model"
|
||||
"github.com/tech/sendico/pkg/mservice"
|
||||
"github.com/tech/sendico/pkg/mutil/mzap"
|
||||
"go.mongodb.org/mongo-driver/bson/primitive"
|
||||
"go.mongodb.org/mongo-driver/mongo"
|
||||
"go.mongodb.org/mongo-driver/v2/bson"
|
||||
"go.mongodb.org/mongo-driver/v2/mongo"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
@@ -22,11 +22,11 @@ type AccountBoundDBImp[T model.AccountBoundStorable] struct {
|
||||
Logger mlogger.Logger
|
||||
DBImp *template.DBImp[T]
|
||||
Enforcer Enforcer
|
||||
PermissionRef primitive.ObjectID
|
||||
PermissionRef bson.ObjectID
|
||||
Collection mservice.Type
|
||||
}
|
||||
|
||||
func (db *AccountBoundDBImp[T]) enforce(ctx context.Context, action model.Action, object model.AccountBoundStorable, accountRef primitive.ObjectID) error {
|
||||
func (db *AccountBoundDBImp[T]) enforce(ctx context.Context, action model.Action, object model.AccountBoundStorable, accountRef bson.ObjectID) error {
|
||||
// FIRST: Check if the object's AccountRef equals the calling accountRef - if so, ALLOW
|
||||
objectAccountRef := object.GetAccountRef()
|
||||
if objectAccountRef != nil && *objectAccountRef == accountRef {
|
||||
@@ -51,12 +51,12 @@ func (db *AccountBoundDBImp[T]) enforce(ctx context.Context, action model.Action
|
||||
db.Logger.Debug("Access denied", mzap.ObjRef("permission_ref", db.PermissionRef),
|
||||
mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", organizationRef),
|
||||
zap.String("action", string(action)))
|
||||
return merrors.AccessDenied(db.Collection, string(action), primitive.NilObjectID)
|
||||
return merrors.AccessDenied(db.Collection, string(action), bson.NilObjectID)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db *AccountBoundDBImp[T]) enforceInterface(ctx context.Context, action model.Action, object model.AccountBoundStorable, accountRef primitive.ObjectID) error {
|
||||
func (db *AccountBoundDBImp[T]) enforceInterface(ctx context.Context, action model.Action, object model.AccountBoundStorable, accountRef bson.ObjectID) error {
|
||||
// FIRST: Check if the object's AccountRef equals the calling accountRef - if so, ALLOW
|
||||
objectAccountRef := object.GetAccountRef()
|
||||
if objectAccountRef != nil && *objectAccountRef == accountRef {
|
||||
@@ -81,12 +81,12 @@ func (db *AccountBoundDBImp[T]) enforceInterface(ctx context.Context, action mod
|
||||
db.Logger.Debug("Access denied", mzap.ObjRef("permission_ref", db.PermissionRef),
|
||||
mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", organizationRef),
|
||||
zap.String("action", string(action)))
|
||||
return merrors.AccessDenied(db.Collection, string(action), primitive.NilObjectID)
|
||||
return merrors.AccessDenied(db.Collection, string(action), bson.NilObjectID)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db *AccountBoundDBImp[T]) Create(ctx context.Context, accountRef primitive.ObjectID, object T) error {
|
||||
func (db *AccountBoundDBImp[T]) Create(ctx context.Context, accountRef bson.ObjectID, object T) error {
|
||||
orgRef := object.GetOrganizationRef()
|
||||
db.Logger.Debug("Attempting to create object", mzap.ObjRef("account_ref", accountRef),
|
||||
mzap.ObjRef("organization_ref", orgRef), zap.String("collection", string(db.Collection)))
|
||||
@@ -107,7 +107,7 @@ func (db *AccountBoundDBImp[T]) Create(ctx context.Context, accountRef primitive
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db *AccountBoundDBImp[T]) Get(ctx context.Context, accountRef, objectRef primitive.ObjectID, result T) error {
|
||||
func (db *AccountBoundDBImp[T]) Get(ctx context.Context, accountRef, objectRef bson.ObjectID, result T) error {
|
||||
db.Logger.Debug("Attempting to get object", mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("object_ref", objectRef))
|
||||
|
||||
// First get the object to check its organization
|
||||
@@ -127,7 +127,7 @@ func (db *AccountBoundDBImp[T]) Get(ctx context.Context, accountRef, objectRef p
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db *AccountBoundDBImp[T]) Update(ctx context.Context, accountRef primitive.ObjectID, object T) error {
|
||||
func (db *AccountBoundDBImp[T]) Update(ctx context.Context, accountRef bson.ObjectID, object T) error {
|
||||
db.Logger.Debug("Attempting to update object", mzap.ObjRef("account_ref", accountRef), mzap.StorableRef(object))
|
||||
|
||||
// Check organization update permission
|
||||
@@ -146,7 +146,7 @@ func (db *AccountBoundDBImp[T]) Update(ctx context.Context, accountRef primitive
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db *AccountBoundDBImp[T]) Patch(ctx context.Context, accountRef, objectRef primitive.ObjectID, patch builder.Patch) error {
|
||||
func (db *AccountBoundDBImp[T]) Patch(ctx context.Context, accountRef, objectRef bson.ObjectID, patch builder.Patch) error {
|
||||
db.Logger.Debug("Attempting to patch object", mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("object_ref", objectRef))
|
||||
|
||||
// First get the object to check its organization
|
||||
@@ -175,7 +175,7 @@ func (db *AccountBoundDBImp[T]) Patch(ctx context.Context, accountRef, objectRef
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db *AccountBoundDBImp[T]) Delete(ctx context.Context, accountRef, objectRef primitive.ObjectID) error {
|
||||
func (db *AccountBoundDBImp[T]) Delete(ctx context.Context, accountRef, objectRef bson.ObjectID) error {
|
||||
db.Logger.Debug("Attempting to delete object", mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("object_ref", objectRef))
|
||||
|
||||
// First get the object to check its organization
|
||||
@@ -203,7 +203,7 @@ func (db *AccountBoundDBImp[T]) Delete(ctx context.Context, accountRef, objectRe
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db *AccountBoundDBImp[T]) DeleteMany(ctx context.Context, accountRef primitive.ObjectID, query builder.Query) error {
|
||||
func (db *AccountBoundDBImp[T]) DeleteMany(ctx context.Context, accountRef bson.ObjectID, query builder.Query) error {
|
||||
db.Logger.Debug("Attempting to delete many objects", mzap.ObjRef("account_ref", accountRef), zap.String("collection", string(db.Collection)))
|
||||
|
||||
// Get all candidate objects for batch permission checking
|
||||
@@ -221,7 +221,7 @@ func (db *AccountBoundDBImp[T]) DeleteMany(ctx context.Context, accountRef primi
|
||||
}
|
||||
|
||||
// Build query for objects that passed permission check
|
||||
var allowedIDs []primitive.ObjectID
|
||||
var allowedIDs []bson.ObjectID
|
||||
for _, obj := range allObjects {
|
||||
if allowedResults[*obj.GetID()] {
|
||||
allowedIDs = append(allowedIDs, *obj.GetID())
|
||||
@@ -244,7 +244,7 @@ func (db *AccountBoundDBImp[T]) DeleteMany(ctx context.Context, accountRef primi
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db *AccountBoundDBImp[T]) FindOne(ctx context.Context, accountRef primitive.ObjectID, query builder.Query, result T) error {
|
||||
func (db *AccountBoundDBImp[T]) FindOne(ctx context.Context, accountRef bson.ObjectID, query builder.Query, result T) error {
|
||||
db.Logger.Debug("Attempting to find one object", mzap.ObjRef("account_ref", accountRef), zap.String("collection", string(db.Collection)))
|
||||
|
||||
// For FindOne, we need to check read permission after finding the object
|
||||
@@ -263,7 +263,7 @@ func (db *AccountBoundDBImp[T]) FindOne(ctx context.Context, accountRef primitiv
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db *AccountBoundDBImp[T]) ListIDs(ctx context.Context, accountRef primitive.ObjectID, query builder.Query) ([]primitive.ObjectID, error) {
|
||||
func (db *AccountBoundDBImp[T]) ListIDs(ctx context.Context, accountRef bson.ObjectID, query builder.Query) ([]bson.ObjectID, error) {
|
||||
db.Logger.Debug("Attempting to list object IDs", mzap.ObjRef("account_ref", accountRef), zap.String("collection", string(db.Collection)))
|
||||
|
||||
// Get all candidate objects for batch permission checking
|
||||
@@ -281,7 +281,7 @@ func (db *AccountBoundDBImp[T]) ListIDs(ctx context.Context, accountRef primitiv
|
||||
}
|
||||
|
||||
// Filter to only allowed object IDs
|
||||
var allowedIDs []primitive.ObjectID
|
||||
var allowedIDs []bson.ObjectID
|
||||
for _, obj := range allObjects {
|
||||
if allowedResults[*obj.GetID()] {
|
||||
allowedIDs = append(allowedIDs, *obj.GetID())
|
||||
@@ -293,7 +293,7 @@ func (db *AccountBoundDBImp[T]) ListIDs(ctx context.Context, accountRef primitiv
|
||||
return allowedIDs, nil
|
||||
}
|
||||
|
||||
func (db *AccountBoundDBImp[T]) ListAccountBound(ctx context.Context, accountRef, organizationRef primitive.ObjectID, query builder.Query) ([]model.AccountBoundStorable, error) {
|
||||
func (db *AccountBoundDBImp[T]) ListAccountBound(ctx context.Context, accountRef, organizationRef bson.ObjectID, query builder.Query) ([]model.AccountBoundStorable, error) {
|
||||
db.Logger.Debug("Attempting to list account bound objects", mzap.ObjRef("account_ref", accountRef), zap.String("collection", string(db.Collection)))
|
||||
|
||||
// Build query to find objects where accountRef matches OR is null/absent
|
||||
@@ -327,7 +327,7 @@ func (db *AccountBoundDBImp[T]) ListAccountBound(ctx context.Context, accountRef
|
||||
return allowedObjects, nil
|
||||
}
|
||||
|
||||
func (db *AccountBoundDBImp[T]) GetByAccountRef(ctx context.Context, accountRef primitive.ObjectID, result T) error {
|
||||
func (db *AccountBoundDBImp[T]) GetByAccountRef(ctx context.Context, accountRef bson.ObjectID, result T) error {
|
||||
db.Logger.Debug("Attempting to get object by account ref", mzap.ObjRef("account_ref", accountRef))
|
||||
|
||||
// Build query to find objects where accountRef matches OR is null/absent
|
||||
@@ -348,7 +348,7 @@ func (db *AccountBoundDBImp[T]) GetByAccountRef(ctx context.Context, accountRef
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db *AccountBoundDBImp[T]) DeleteByAccountRef(ctx context.Context, accountRef primitive.ObjectID) error {
|
||||
func (db *AccountBoundDBImp[T]) DeleteByAccountRef(ctx context.Context, accountRef bson.ObjectID) error {
|
||||
db.Logger.Debug("Attempting to delete objects by account ref", mzap.ObjRef("account_ref", accountRef))
|
||||
|
||||
// Build query to find objects where accountRef matches OR is null/absent
|
||||
@@ -362,7 +362,7 @@ func (db *AccountBoundDBImp[T]) DeleteByAccountRef(ctx context.Context, accountR
|
||||
}
|
||||
|
||||
// Check permissions for each object individually (AccountBoundStorable doesn't have permission info)
|
||||
var allowedIDs []primitive.ObjectID
|
||||
var allowedIDs []bson.ObjectID
|
||||
for _, obj := range allObjects {
|
||||
if err := db.enforceInterface(ctx, model.ActionUpdate, obj, accountRef); err == nil {
|
||||
allowedIDs = append(allowedIDs, *obj.GetID())
|
||||
@@ -390,7 +390,7 @@ func (db *AccountBoundDBImp[T]) DeleteByAccountRef(ctx context.Context, accountR
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db *AccountBoundDBImp[T]) DeleteCascade(ctx context.Context, objectRef primitive.ObjectID) error {
|
||||
func (db *AccountBoundDBImp[T]) DeleteCascade(ctx context.Context, objectRef bson.ObjectID) error {
|
||||
return db.DBImp.DeleteCascade(ctx, objectRef)
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user