118 lines
4.4 KiB
Dart
118 lines
4.4 KiB
Dart
import 'package:pshared/models/describable.dart';
|
|
import 'package:pshared/models/permissions/access.dart';
|
|
import 'package:pshared/models/permissions/action.dart';
|
|
import 'package:pshared/models/permissions/action_effect.dart';
|
|
import 'package:pshared/models/permissions/data/permission.dart';
|
|
import 'package:pshared/models/permissions/data/permissions.dart';
|
|
import 'package:pshared/models/permissions/data/policy.dart';
|
|
import 'package:pshared/models/permissions/data/role.dart';
|
|
import 'package:pshared/models/permissions/descriptions/permissions.dart';
|
|
import 'package:pshared/models/permissions/descriptions/policy.dart';
|
|
import 'package:pshared/models/permissions/descriptions/role.dart';
|
|
import 'package:pshared/models/permissions/effect.dart';
|
|
import 'package:pshared/models/resources.dart';
|
|
import 'package:pshared/models/storable.dart';
|
|
|
|
import 'mock_ids.dart';
|
|
|
|
class PermissionsService {
|
|
static const String _objectType = 'permissions';
|
|
|
|
Future<UserAccess> loadForAccount(String accountRef) async {
|
|
await Future.delayed(const Duration(milliseconds: 200));
|
|
final baseAccess = _buildMockUserAccess();
|
|
|
|
final roles = [...baseAccess.permissions.roles];
|
|
final permissions = [...baseAccess.permissions.permissions];
|
|
final policies = [...baseAccess.permissions.policies];
|
|
|
|
final hasAccount = roles.any((r) => r.accountRef == accountRef);
|
|
if (!hasAccount) {
|
|
roles.add(Role(accountRef: accountRef, descriptionRef: recipientRoleId, organizationRef: mockOrganizationRef));
|
|
}
|
|
|
|
final relevantRoleRefs = roles
|
|
.where((r) => r.accountRef == accountRef)
|
|
.map((r) => r.descriptionRef)
|
|
.toSet();
|
|
|
|
final filteredPolicies = permissions
|
|
.where((p) => p.accountRef == accountRef && relevantRoleRefs.contains(p.policy.roleDescriptionRef))
|
|
.toList();
|
|
|
|
return UserAccess(
|
|
descriptions: baseAccess.descriptions,
|
|
permissions: PermissionsData(
|
|
roles: roles.where((r) => r.accountRef == accountRef).toList(),
|
|
policies: policies.where((p) => relevantRoleRefs.contains(p.roleDescriptionRef)).toList(),
|
|
permissions: filteredPolicies,
|
|
),
|
|
);
|
|
}
|
|
|
|
UserAccess _buildMockUserAccess() {
|
|
final roleDescriptions = [
|
|
RoleDescription(
|
|
storable: newStorable(id: companyRoleId),
|
|
describable: newDescribable(name: 'Компания'),
|
|
organizationRef: mockOrganizationRef,
|
|
),
|
|
RoleDescription(
|
|
storable: newStorable(id: recipientRoleId),
|
|
describable: newDescribable(name: 'Получатель'),
|
|
organizationRef: mockOrganizationRef,
|
|
),
|
|
];
|
|
|
|
final policyDescriptions = [
|
|
PolicyDescription(
|
|
storable: newStorable(id: accountsPolicyDescriptionId),
|
|
describable: newDescribable(name: 'Управление аккаунтами'),
|
|
resourceTypes: const [ResourceType.accounts],
|
|
organizationRef: mockOrganizationRef,
|
|
),
|
|
PolicyDescription(
|
|
storable: newStorable(id: rolesPolicyDescriptionId),
|
|
describable: newDescribable(name: 'Управление ролями'),
|
|
resourceTypes: const [ResourceType.roles],
|
|
organizationRef: mockOrganizationRef,
|
|
),
|
|
];
|
|
|
|
final companyAccountsPolicy = Policy(
|
|
roleDescriptionRef: companyRoleId,
|
|
organizationRef: mockOrganizationRef,
|
|
descriptionRef: accountsPolicyDescriptionId,
|
|
objectRef: null,
|
|
effect: const ActionEffect(action: Action.read, effect: Effect.allow),
|
|
);
|
|
|
|
final companyRolesPolicy = Policy(
|
|
roleDescriptionRef: companyRoleId,
|
|
organizationRef: mockOrganizationRef,
|
|
descriptionRef: rolesPolicyDescriptionId,
|
|
objectRef: null,
|
|
effect: const ActionEffect(action: Action.read, effect: Effect.allow),
|
|
);
|
|
|
|
final roles = [
|
|
Role(accountRef: companyAccountRef, descriptionRef: companyRoleId, organizationRef: mockOrganizationRef),
|
|
Role(accountRef: recipientAccountRef, descriptionRef: recipientRoleId, organizationRef: mockOrganizationRef),
|
|
];
|
|
|
|
final permissions = [
|
|
Permission(policy: companyAccountsPolicy, accountRef: companyAccountRef),
|
|
Permission(policy: companyRolesPolicy, accountRef: companyAccountRef),
|
|
];
|
|
|
|
return UserAccess(
|
|
descriptions: PermissionsDescription(roles: roleDescriptions, policies: policyDescriptions),
|
|
permissions: PermissionsData(
|
|
roles: roles,
|
|
policies: [companyAccountsPolicy, companyRolesPolicy],
|
|
permissions: permissions,
|
|
),
|
|
);
|
|
}
|
|
}
|