service backend

api/pkg/auth/internal/native/db/policies.go

@@ -0,0 +1,151 @@
+package db
+
+import (
+	"context"
+
+	"github.com/tech/sendico/pkg/auth/internal/native/nstructures"
+	"github.com/tech/sendico/pkg/db/repository"
+	ri "github.com/tech/sendico/pkg/db/repository/index"
+	"github.com/tech/sendico/pkg/db/template"
+	"github.com/tech/sendico/pkg/mlogger"
+	"github.com/tech/sendico/pkg/model"
+	"github.com/tech/sendico/pkg/mservice"
+	mutil "github.com/tech/sendico/pkg/mutil/db"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/mongo"
+	"go.uber.org/zap"
+)
+
+type PermissionsDBImp struct {
+	template.DBImp[*nstructures.PolicyAssignment]
+}
+
+func (db *PermissionsDBImp) Policies(ctx context.Context, object model.PermissionBoundStorable, action model.Action) ([]nstructures.PolicyAssignment, error) {
+	return mutil.GetObjects[nstructures.PolicyAssignment](
+		ctx,
+		db.Logger,
+		repository.Query().And(
+			repository.Filter("policy.organizationRef", object.GetOrganizationRef()),
+			repository.Filter("policy.descriptionRef", object.GetPermissionRef()),
+			repository.Filter("policy.effect.action", action),
+			repository.Query().Or(
+				repository.Filter("policy.objectRef", *object.GetID()),
+				repository.Filter("policy.objectRef", nil),
+			),
+		),
+		nil,
+		db.Repository,
+	)
+}
+
+func (db *PermissionsDBImp) PoliciesForPermissionAction(ctx context.Context, roleRef, permissionRef primitive.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
+	return mutil.GetObjects[nstructures.PolicyAssignment](
+		ctx,
+		db.Logger,
+		repository.Query().And(
+			repository.Filter("roleRef", roleRef),
+			repository.Filter("policy.descriptionRef", permissionRef),
+			repository.Filter("policy.effect.action", action),
+		),
+		nil,
+		db.Repository,
+	)
+}
+
+func (db *PermissionsDBImp) Remove(ctx context.Context, policy *model.RolePolicy) error {
+	objRefFilter := repository.Query().Or(
+		repository.Filter("policy.objectRef", nil),
+		repository.Filter("policy.objectRef", primitive.NilObjectID),
+	)
+	if policy.ObjectRef != nil {
+		objRefFilter = repository.Filter("policy.objectRef", *policy.ObjectRef)
+	}
+	return db.Repository.DeleteMany(
+		ctx,
+		repository.Query().And(
+			repository.Filter("roleRef", policy.RoleDescriptionRef),
+			repository.Filter("policy.organizationRef", policy.OrganizationRef),
+			repository.Filter("policy.descriptionRef", policy.DescriptionRef),
+			objRefFilter,
+			repository.Filter("policy.effect.action", policy.Effect.Action),
+			repository.Filter("policy.effect.effect", policy.Effect.Effect),
+		),
+	)
+}
+
+func (db *PermissionsDBImp) PoliciesForRole(ctx context.Context, roleRef primitive.ObjectID) ([]nstructures.PolicyAssignment, error) {
+	return mutil.GetObjects[nstructures.PolicyAssignment](
+		ctx,
+		db.Logger,
+		repository.Filter("roleRef", roleRef),
+		nil,
+		db.Repository,
+	)
+}
+
+func (db *PermissionsDBImp) PoliciesForRoles(ctx context.Context, roleRefs []primitive.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
+	if len(roleRefs) == 0 {
+		db.Logger.Debug("Empty role references list provided, returning empty resposnse")
+		return []nstructures.PolicyAssignment{}, nil
+	}
+	return mutil.GetObjects[nstructures.PolicyAssignment](
+		ctx,
+		db.Logger,
+		repository.Query().And(
+			repository.Query().In(repository.Field("roleRef"), roleRefs),
+			repository.Filter("policy.effect.action", action),
+		),
+		nil,
+		db.Repository,
+	)
+}
+
+func NewPoliciesDB(logger mlogger.Logger, db *mongo.Database) (*PermissionsDBImp, error) {
+	p := &PermissionsDBImp{
+		DBImp: *template.Create[*nstructures.PolicyAssignment](logger, mservice.PolicyAssignements, db),
+	}
+
+	// faster
+	// harder
+	// index
+	policiesQueryIndex := &ri.Definition{
+		Keys: []ri.Key{
+			{Field: "policy.organizationRef", Sort: ri.Asc},
+			{Field: "policy.descriptionRef", Sort: ri.Asc},
+			{Field: "policy.effect.action", Sort: ri.Asc},
+			{Field: "policy.objectRef", Sort: ri.Asc},
+		},
+	}
+	if err := p.DBImp.Repository.CreateIndex(policiesQueryIndex); err != nil {
+		p.Logger.Warn("Failed to prepare policies query index", zap.Error(err))
+		return nil, err
+	}
+
+	roleBasedQueriesIndex := &ri.Definition{
+		Keys: []ri.Key{
+			{Field: "roleRef", Sort: ri.Asc},
+			{Field: "policy.effect.action", Sort: ri.Asc},
+		},
+	}
+	if err := p.DBImp.Repository.CreateIndex(roleBasedQueriesIndex); err != nil {
+		p.Logger.Warn("Failed to prepare role based query index", zap.Error(err))
+		return nil, err
+	}
+
+	uniquePolicyConstaint := &ri.Definition{
+		Keys: []ri.Key{
+			{Field: "policy.organizationRef", Sort: ri.Asc},
+			{Field: "roleRef", Sort: ri.Asc},
+			{Field: "policy.descriptionRef", Sort: ri.Asc},
+			{Field: "policy.effect.action", Sort: ri.Asc},
+			{Field: "policy.objectRef", Sort: ri.Asc},
+		},
+		Unique: true,
+	}
+	if err := p.DBImp.Repository.CreateIndex(uniquePolicyConstaint); err != nil {
+		p.Logger.Warn("Failed to unique policy assignment index", zap.Error(err))
+		return nil, err
+	}
+
+	return p, nil
+}

api/pkg/auth/internal/native/db/roles.go

@@ -0,0 +1,99 @@
+package db
+
+import (
+	"context"
+
+	"github.com/tech/sendico/pkg/auth/internal/native/nstructures"
+	"github.com/tech/sendico/pkg/db/repository"
+	ri "github.com/tech/sendico/pkg/db/repository/index"
+	"github.com/tech/sendico/pkg/db/template"
+	"github.com/tech/sendico/pkg/mlogger"
+	mutil "github.com/tech/sendico/pkg/mutil/db"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/mongo"
+	"go.uber.org/zap"
+)
+
+type RolesDBImp struct {
+	template.DBImp[*nstructures.RoleAssignment]
+}
+
+func (db *RolesDBImp) Roles(ctx context.Context, accountRef, organizationRef primitive.ObjectID) ([]nstructures.RoleAssignment, error) {
+	return mutil.GetObjects[nstructures.RoleAssignment](
+		ctx,
+		db.Logger,
+		repository.Query().And(
+			repository.Filter("role.accountRef", accountRef),
+			repository.Filter("role.organizationRef", organizationRef),
+		),
+		nil,
+		db.Repository,
+	)
+}
+
+func (db *RolesDBImp) RolesForVenue(ctx context.Context, organizationRef primitive.ObjectID) ([]nstructures.RoleAssignment, error) {
+	return mutil.GetObjects[nstructures.RoleAssignment](
+		ctx,
+		db.Logger,
+		repository.Query().And(
+			repository.Filter("role.organizationRef", organizationRef),
+		),
+		nil,
+		db.Repository,
+	)
+}
+
+func (db *RolesDBImp) DeleteRole(ctx context.Context, roleRef primitive.ObjectID) error {
+	return db.DeleteMany(
+		ctx,
+		repository.Query().And(
+			repository.Filter("role.descriptionRef", roleRef),
+		),
+	)
+}
+
+func (db *RolesDBImp) RemoveRole(ctx context.Context, roleRef, organizationRef, accountRef primitive.ObjectID) error {
+	return db.DeleteMany(
+		ctx,
+		repository.Query().And(
+			repository.Filter("role.accountRef", accountRef),
+			repository.Filter("role.organizationRef", organizationRef),
+			repository.Filter("role.descriptionRef", roleRef),
+		),
+	)
+}
+
+func NewRolesDB(logger mlogger.Logger, db *mongo.Database) (*RolesDBImp, error) {
+	p := &RolesDBImp{
+		DBImp: *template.Create[*nstructures.RoleAssignment](logger, "role_assignments", db),
+	}
+
+	if err := p.DBImp.Repository.CreateIndex(&ri.Definition{
+		Keys: []ri.Key{{Field: "role.organizationRef", Sort: ri.Asc}},
+	}); err != nil {
+		p.Logger.Warn("Failed to prepare venue index", zap.Error(err))
+		return nil, err
+	}
+
+	if err := p.DBImp.Repository.CreateIndex(&ri.Definition{
+		Keys: []ri.Key{{Field: "role.descriptionRef", Sort: ri.Asc}},
+	}); err != nil {
+		p.Logger.Warn("Failed to prepare role description index", zap.Error(err))
+		return nil, err
+	}
+
+	uniqueRoleConstaint := &ri.Definition{
+		Keys: []ri.Key{
+			{Field: "role.organizationRef", Sort: ri.Asc},
+			{Field: "role.accountRef", Sort: ri.Asc},
+			{Field: "role.descriptionRef", Sort: ri.Asc},
+		},
+		Unique: true,
+	}
+	if err := p.DBImp.Repository.CreateIndex(uniqueRoleConstaint); err != nil {
+		p.Logger.Warn("Failed to prepare role assignment index", zap.Error(err))
+		return nil, err
+	}
+
+	return p, nil
+}