unified code verification service

api/pkg/auth/internal/casbin/enforcer.go

@@ -104,7 +104,7 @@ func (c *CasbinEnforcer) EnforceBatch(
 		ok, err := c.Enforce(ctx, desc.GetPermissionRef(), accountRef, desc.GetOrganizationRef(), *desc.GetID(), action)
 		if err != nil {
 			c.logger.Warn("Failed to enforce", zap.Error(err), mzap.ObjRef("permission_ref", desc.GetPermissionRef()),
-				mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", desc.GetOrganizationRef()),
+				mzap.AccRef(accountRef), mzap.ObjRef("organization_ref", desc.GetOrganizationRef()),
 				mzap.ObjRef("object_ref", *desc.GetID()), zap.String("action", string(action)))
 			return nil, err
 		}
@@ -146,7 +146,7 @@ func (c *CasbinEnforcer) GetRoles(ctx context.Context, accountRef, orgRef bson.O
 
 // GetPermissions retrieves all effective policies for the user within the domain.
 func (c *CasbinEnforcer) GetPermissions(ctx context.Context, accountRef, orgRef bson.ObjectID) ([]model.Role, []model.Permission, error) {
-	c.logger.Debug("Fetching policies for user", mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", orgRef))
+	c.logger.Debug("Fetching policies for user", mzap.AccRef(accountRef), mzap.ObjRef("organization_ref", orgRef))
 
 	// Step 1: Retrieve all roles assigned to the user within the domain
 	roles, err := c.GetRoles(ctx, accountRef, orgRef)

api/pkg/auth/internal/casbin/role.go

@@ -182,14 +182,14 @@ func (rm *RoleManager) Revoke(ctx context.Context, roleRef, accountRef, orgRef b
 // logPolicyResult logs results for Assign and Revoke.
 func (rm *RoleManager) logPolicyResult(action string, result bool, err error, roleRef, accountRef, orgRef bson.ObjectID) error {
 	if err != nil {
-		rm.logger.Warn("Failed to "+action+" role", zap.Error(err), mzap.ObjRef("role_ref", roleRef), mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", orgRef))
+		rm.logger.Warn("Failed to "+action+" role", zap.Error(err), mzap.ObjRef("role_ref", roleRef), mzap.AccRef(accountRef), mzap.ObjRef("organization_ref", orgRef))
 		return err
 	}
 	msg := "Role " + action + "ed successfully"
 	if !result {
 		msg = "Role already " + action + "ed"
 	}
-	rm.logger.Info(msg, mzap.ObjRef("role_ref", roleRef), mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", orgRef))
+	rm.logger.Info(msg, mzap.ObjRef("role_ref", roleRef), mzap.AccRef(accountRef), mzap.ObjRef("organization_ref", orgRef))
 	return nil
 }
 

api/pkg/auth/internal/native/enforcer.go

@@ -48,24 +48,24 @@ func (n *Enforcer) Enforce(
 	action model.Action,
 ) (bool, error) {
 	if organizationRef.IsZero() {
-		n.logger.Warn("Missing organization context", mzap.ObjRef("account_ref", accountRef),
+		n.logger.Warn("Missing organization context", mzap.AccRef(accountRef),
 			mzap.ObjRef("organization_ref", organizationRef), mzap.ObjRef("permission_ref", permissionRef),
 			mzap.ObjRef("object", objectRef), zap.String("action", string(action)))
 		return false, merrors.InvalidArgument("organization context missing", "organizationRef")
 	}
 	roleAssignments, err := n.rdb.Roles(ctx, accountRef, organizationRef)
 	if errors.Is(err, merrors.ErrNoData) {
-		n.logger.Debug("No roles defined for account", mzap.ObjRef("account_ref", accountRef))
+		n.logger.Debug("No roles defined for account", mzap.AccRef(accountRef))
 		return false, nil
 	}
 	if err != nil {
-		n.logger.Warn("Failed to fetch roles while checking permissions", zap.Error(err), mzap.ObjRef("account_ref", accountRef),
+		n.logger.Warn("Failed to fetch roles while checking permissions", zap.Error(err), mzap.AccRef(accountRef),
 			mzap.ObjRef("organization_ref", organizationRef), mzap.ObjRef("permission_ref", permissionRef),
 			mzap.ObjRef("object", objectRef), zap.String("action", string(action)))
 		return false, err
 	}
 	if len(roleAssignments) == 0 {
-		n.logger.Warn("No roles found for account", zap.Error(err), mzap.ObjRef("account_ref", accountRef),
+		n.logger.Warn("No roles found for account", zap.Error(err), mzap.AccRef(accountRef),
 			mzap.ObjRef("organization_ref", organizationRef), mzap.ObjRef("permission_ref", permissionRef),
 			mzap.ObjRef("object_ref", objectRef), zap.String("action", string(action)))
 		return false, merrors.Internal("No roles found for account " + accountRef.Hex())
@@ -75,7 +75,7 @@ func (n *Enforcer) Enforce(
 	for _, roleAssignment := range roleAssignments {
 		policies, err := n.pdb.PoliciesForPermissionAction(ctx, roleAssignment.DescriptionRef, permissionRef, action)
 		if err != nil && !errors.Is(err, merrors.ErrNoData) {
-			n.logger.Warn("Failed to fetch permissions", zap.Error(err), mzap.ObjRef("account_ref", accountRef),
+			n.logger.Warn("Failed to fetch permissions", zap.Error(err), mzap.AccRef(accountRef),
 				mzap.ObjRef("organization_ref", organizationRef), mzap.ObjRef("permission_ref", permissionRef),
 				mzap.ObjRef("object_ref", objectRef), zap.String("action", string(action)))
 			return false, err
@@ -137,7 +137,7 @@ func (n *Enforcer) EnforceBatch(
 		if err != nil {
 			if errors.Is(err, merrors.ErrNoData) {
 				n.logger.Debug("No roles defined for account", zap.Error(err),
-					mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", organizationRef))
+					mzap.AccRef(accountRef), mzap.ObjRef("organization_ref", organizationRef))
 				// With no roles, mark all objects in this venue as denied.
 				for _, obj := range objs {
 					results[*obj.GetID()] = false
@@ -146,7 +146,7 @@ func (n *Enforcer) EnforceBatch(
 				continue
 			}
 			n.logger.Warn("Failed to fetch roles", zap.Error(err),
-				mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", organizationRef))
+				mzap.AccRef(accountRef), mzap.ObjRef("organization_ref", organizationRef))
 			return nil, err
 		}
 
@@ -198,14 +198,14 @@ func (n *Enforcer) EnforceBatch(
 
 // GetRoles retrieves all roles assigned to the user within the domain.
 func (n *Enforcer) GetRoles(ctx context.Context, accountRef, organizationRef bson.ObjectID) ([]model.Role, error) {
-	n.logger.Debug("Fetching roles for user", mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", organizationRef))
+	n.logger.Debug("Fetching roles for user", mzap.AccRef(accountRef), mzap.ObjRef("organization_ref", organizationRef))
 	ra, err := n.rdb.Roles(ctx, accountRef, organizationRef)
 	if errors.Is(err, merrors.ErrNoData) {
-		n.logger.Debug("No roles assigned to user", mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", organizationRef))
+		n.logger.Debug("No roles assigned to user", mzap.AccRef(accountRef), mzap.ObjRef("organization_ref", organizationRef))
 		return []model.Role{}, nil
 	}
 	if err != nil {
-		n.logger.Warn("Failed to fetch roles", zap.Error(err), mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", organizationRef))
+		n.logger.Warn("Failed to fetch roles", zap.Error(err), mzap.AccRef(accountRef), mzap.ObjRef("organization_ref", organizationRef))
 		return nil, err
 	}
 
@@ -225,7 +225,7 @@ func (n *Enforcer) Reload() error {
 
 // GetPermissions retrieves all effective policies for the user within the domain.
 func (n *Enforcer) GetPermissions(ctx context.Context, accountRef, organizationRef bson.ObjectID) ([]model.Role, []model.Permission, error) {
-	n.logger.Debug("Fetching policies for user", mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", organizationRef))
+	n.logger.Debug("Fetching policies for user", mzap.AccRef(accountRef), mzap.ObjRef("organization_ref", organizationRef))
 
 	roles, err := n.GetRoles(ctx, accountRef, organizationRef)
 	if err != nil {

api/pkg/auth/internal/native/role.go

@@ -117,14 +117,14 @@ func (rm *RoleManager) Revoke(ctx context.Context, roleRef, accountRef, organiza
 // logPolicyResult logs results for Assign and Revoke.
 func (rm *RoleManager) logPolicyResult(action string, result bool, err error, roleRef, accountRef, organizationRef bson.ObjectID) error {
 	if err != nil {
-		rm.logger.Warn("Failed to "+action+" role", zap.Error(err), mzap.ObjRef("role_ref", roleRef), mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", organizationRef))
+		rm.logger.Warn("Failed to "+action+" role", zap.Error(err), mzap.ObjRef("role_ref", roleRef), mzap.AccRef(accountRef), mzap.ObjRef("organization_ref", organizationRef))
 		return err
 	}
 	msg := "Role " + action + "ed successfully"
 	if !result {
 		msg = "Role already " + action + "ed"
 	}
-	rm.logger.Info(msg, mzap.ObjRef("role_ref", roleRef), mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", organizationRef))
+	rm.logger.Info(msg, mzap.ObjRef("role_ref", roleRef), mzap.AccRef(accountRef), mzap.ObjRef("organization_ref", organizationRef))
 	return nil
 }