service backend

api/pkg/auth/internal/casbin/serialization/internal/policy.go

@@ -0,0 +1,81 @@
+package serializationimp
+
+import (
+	"github.com/tech/sendico/pkg/auth/anyobject"
+	"github.com/tech/sendico/pkg/merrors"
+	"github.com/tech/sendico/pkg/model"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+)
+
+// PolicySerializer implements CasbinSerializer for Permission.
+type PolicySerializer struct{}
+
+// Serialize converts a Permission object into a Casbin policy.
+func (s *PolicySerializer) Serialize(entity *model.RolePolicy) ([]any, error) {
+	if entity.RoleDescriptionRef.IsZero() ||
+		entity.OrganizationRef.IsZero() ||
+		entity.DescriptionRef.IsZero() || // Ensure permissionRef is valid
+		entity.Effect.Action == "" || // Ensure action is not empty
+		entity.Effect.Effect == "" { // Ensure effect (eft) is not empty
+		return nil, merrors.InvalidArgument("permission contains invalid object references or missing fields")
+	}
+
+	objectRef := anyobject.ID
+	if entity.ObjectRef != nil {
+		objectRef = entity.ObjectRef.Hex()
+	}
+
+	return []any{
+		entity.RoleDescriptionRef.Hex(), // Maps to p.roleRef
+		entity.OrganizationRef.Hex(),    // Maps to p.organizationRef
+		entity.DescriptionRef.Hex(),     // Maps to p.permissionRef
+		objectRef,                       // Maps to p.objectRef (wildcard if empty)
+		string(entity.Effect.Action),    // Maps to p.action
+		string(entity.Effect.Effect),    // Maps to p.eft
+	}, nil
+}
+
+// Deserialize converts a Casbin policy into a Permission object.
+func (s *PolicySerializer) Deserialize(policy []string) (*model.RolePolicy, error) {
+	if len(policy) != 6 { // Ensure policy has the correct number of fields
+		return nil, merrors.Internal("invalid policy format")
+	}
+
+	roleRef, err := primitive.ObjectIDFromHex(policy[0])
+	if err != nil {
+		return nil, merrors.InvalidArgument("invalid roleRef in policy")
+	}
+
+	organizationRef, err := primitive.ObjectIDFromHex(policy[1])
+	if err != nil {
+		return nil, merrors.InvalidArgument("invalid organizationRef in policy")
+	}
+
+	permissionRef, err := primitive.ObjectIDFromHex(policy[2])
+	if err != nil {
+		return nil, merrors.InvalidArgument("invalid permissionRef in policy")
+	}
+
+	// Handle wildcard for ObjectRef
+	var objectRef *primitive.ObjectID
+	if policy[3] != anyobject.ID {
+		ref, err := primitive.ObjectIDFromHex(policy[3])
+		if err != nil {
+			return nil, merrors.InvalidArgument("invalid objectRef in policy")
+		}
+		objectRef = &ref
+	}
+
+	return &model.RolePolicy{
+		RoleDescriptionRef: roleRef,
+		Policy: model.Policy{
+			OrganizationRef: organizationRef,
+			DescriptionRef:  permissionRef,
+			ObjectRef:       objectRef,
+			Effect: model.ActionEffect{
+				Action: model.Action(policy[4]),
+				Effect: model.Effect(policy[5]),
+			},
+		},
+	}, nil
+}

api/pkg/auth/internal/casbin/serialization/internal/role.go

@@ -0,0 +1,57 @@
+package serializationimp
+
+import (
+	"github.com/tech/sendico/pkg/merrors"
+	"github.com/tech/sendico/pkg/model"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+)
+
+// RoleSerializer implements CasbinSerializer for Role.
+type RoleSerializer struct{}
+
+// Serialize converts a Role object into a Casbin grouping policy.
+func (s *RoleSerializer) Serialize(entity *model.Role) ([]any, error) {
+	// Validate required fields
+	if entity.AccountRef.IsZero() || entity.DescriptionRef.IsZero() || entity.OrganizationRef.IsZero() {
+		return nil, merrors.InvalidArgument("role contains invalid object references")
+	}
+
+	return []any{
+		entity.AccountRef.Hex(),      // Maps to g(_, _, _) accountRef
+		entity.DescriptionRef.Hex(),  // Maps to g(_, _, _) roleRef
+		entity.OrganizationRef.Hex(), // Maps to g(_, _, _) organizationRef
+	}, nil
+}
+
+// Deserialize converts a Casbin grouping policy into a Role object.
+func (s *RoleSerializer) Deserialize(policy []string) (*model.Role, error) {
+	// Ensure the policy has exactly 3 fields
+	if len(policy) != 3 {
+		return nil, merrors.Internal("invalid grouping policy format")
+	}
+
+	// Parse accountRef
+	accountRef, err := primitive.ObjectIDFromHex(policy[0])
+	if err != nil {
+		return nil, merrors.InvalidArgument("invalid accountRef in grouping policy")
+	}
+
+	// Parse roleDescriptionRef (roleRef)
+	roleDescriptionRef, err := primitive.ObjectIDFromHex(policy[1])
+	if err != nil {
+		return nil, merrors.InvalidArgument("invalid roleRef in grouping policy")
+	}
+
+	// Parse organizationRef
+	organizationRef, err := primitive.ObjectIDFromHex(policy[2])
+	if err != nil {
+		return nil, merrors.InvalidArgument("invalid organizationRef in grouping policy")
+	}
+
+	// Return the constructed Role object
+	return &model.Role{
+		AccountRef:      accountRef,
+		DescriptionRef:  roleDescriptionRef,
+		OrganizationRef: organizationRef,
+	}, nil
+}

api/pkg/auth/internal/casbin/serialization/policy.go

@@ -0,0 +1,12 @@
+package serialization
+
+import (
+	serializationimp "github.com/tech/sendico/pkg/auth/internal/casbin/serialization/internal"
+	"github.com/tech/sendico/pkg/model"
+)
+
+type Policy = CasbinSerializer[model.RolePolicy]
+
+func NewPolicySerializer() Policy {
+	return &serializationimp.PolicySerializer{}
+}

api/pkg/auth/internal/casbin/serialization/role.go

@@ -0,0 +1,12 @@
+package serialization
+
+import (
+	serializationimp "github.com/tech/sendico/pkg/auth/internal/casbin/serialization/internal"
+	"github.com/tech/sendico/pkg/model"
+)
+
+type Role = CasbinSerializer[model.Role]
+
+func NewRoleSerializer() Role {
+	return &serializationimp.RoleSerializer{}
+}

api/pkg/auth/internal/casbin/serialization/serializer.go

@@ -0,0 +1,10 @@
+package serialization
+
+// CasbinSerializer defines methods for serializing and deserializing any Casbin-compatible entity.
+type CasbinSerializer[T any] interface {
+	// Serialize converts an entity (Role or Permission) into a Casbin policy.
+	Serialize(entity *T) ([]any, error)
+
+	// Deserialize converts a Casbin policy into an entity (Role or Permission).
+	Deserialize(policy []string) (*T, error)
+}