service backend

api/pkg/auth/management/permission.go

@@ -0,0 +1,27 @@
+package management
+
+import (
+	"context"
+
+	"github.com/tech/sendico/pkg/model"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+)
+
+type Permission interface {
+	// Grant a permission to a role with an optional object scope and specified effect.
+	// Use primitive.NilObjectID for 'any' objectRef.
+	GrantToRole(ctx context.Context, policy *model.RolePolicy) error
+
+	// Revoke a permission from a role with an optional object scope and specified effect.
+	// Use primitive.NilObjectID for 'any' objectRef.
+	RevokeFromRole(ctx context.Context, policy *model.RolePolicy) error
+
+	// Retrieve all policies assigned to a specific role, including scope and effects.
+	GetPolicies(
+		ctx context.Context,
+		roleRef primitive.ObjectID,
+	) ([]model.RolePolicy, error)
+
+	// Persist any changes made to permissions.
+	Save() error
+}

api/pkg/auth/management/role.go

@@ -0,0 +1,41 @@
+package management
+
+import (
+	"context"
+
+	"github.com/tech/sendico/pkg/model"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+)
+
+type Role interface {
+	// Create a new role in an organization (returns the created Role with its ID).
+	Create(
+		ctx context.Context,
+		orgRef primitive.ObjectID,
+		description *model.Describable,
+	) (*model.RoleDescription, error)
+
+	// Delete a role entirely. This will cascade and remove all associated
+	Delete(
+		ctx context.Context,
+		roleRef primitive.ObjectID,
+	) error
+
+	// Assign a role to a user in a specific organization.
+	Assign(
+		ctx context.Context,
+		role *model.Role,
+	) error
+
+	// Revoke a role from a user in a specific organization.
+	Revoke(
+		ctx context.Context,
+		roleRef, accountRef, orgRef primitive.ObjectID,
+	) error
+
+	// List all roles in an organization or globally if orgRef is primitive.NilObjectID.
+	List(
+		ctx context.Context,
+		orgRef primitive.ObjectID,
+	) ([]model.RoleDescription, error)
+}