152 lines
4.8 KiB
Go
152 lines
4.8 KiB
Go
package db
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/tech/sendico/pkg/auth/internal/native/nstructures"
|
|
"github.com/tech/sendico/pkg/db/repository"
|
|
ri "github.com/tech/sendico/pkg/db/repository/index"
|
|
"github.com/tech/sendico/pkg/db/template"
|
|
"github.com/tech/sendico/pkg/mlogger"
|
|
"github.com/tech/sendico/pkg/model"
|
|
"github.com/tech/sendico/pkg/mservice"
|
|
mutil "github.com/tech/sendico/pkg/mutil/db"
|
|
"go.mongodb.org/mongo-driver/bson/primitive"
|
|
"go.mongodb.org/mongo-driver/mongo"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
type PermissionsDBImp struct {
|
|
template.DBImp[*nstructures.PolicyAssignment]
|
|
}
|
|
|
|
func (db *PermissionsDBImp) Policies(ctx context.Context, object model.PermissionBoundStorable, action model.Action) ([]nstructures.PolicyAssignment, error) {
|
|
return mutil.GetObjects[nstructures.PolicyAssignment](
|
|
ctx,
|
|
db.Logger,
|
|
repository.Query().And(
|
|
repository.Filter("policy.organizationRef", object.GetOrganizationRef()),
|
|
repository.Filter("policy.descriptionRef", object.GetPermissionRef()),
|
|
repository.Filter("policy.effect.action", action),
|
|
repository.Query().Or(
|
|
repository.Filter("policy.objectRef", *object.GetID()),
|
|
repository.Filter("policy.objectRef", nil),
|
|
),
|
|
),
|
|
nil,
|
|
db.Repository,
|
|
)
|
|
}
|
|
|
|
func (db *PermissionsDBImp) PoliciesForPermissionAction(ctx context.Context, roleRef, permissionRef primitive.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
|
|
return mutil.GetObjects[nstructures.PolicyAssignment](
|
|
ctx,
|
|
db.Logger,
|
|
repository.Query().And(
|
|
repository.Filter("roleRef", roleRef),
|
|
repository.Filter("policy.descriptionRef", permissionRef),
|
|
repository.Filter("policy.effect.action", action),
|
|
),
|
|
nil,
|
|
db.Repository,
|
|
)
|
|
}
|
|
|
|
func (db *PermissionsDBImp) Remove(ctx context.Context, policy *model.RolePolicy) error {
|
|
objRefFilter := repository.Query().Or(
|
|
repository.Filter("policy.objectRef", nil),
|
|
repository.Filter("policy.objectRef", primitive.NilObjectID),
|
|
)
|
|
if policy.ObjectRef != nil {
|
|
objRefFilter = repository.Filter("policy.objectRef", *policy.ObjectRef)
|
|
}
|
|
return db.Repository.DeleteMany(
|
|
ctx,
|
|
repository.Query().And(
|
|
repository.Filter("roleRef", policy.RoleDescriptionRef),
|
|
repository.Filter("policy.organizationRef", policy.OrganizationRef),
|
|
repository.Filter("policy.descriptionRef", policy.DescriptionRef),
|
|
objRefFilter,
|
|
repository.Filter("policy.effect.action", policy.Effect.Action),
|
|
repository.Filter("policy.effect.effect", policy.Effect.Effect),
|
|
),
|
|
)
|
|
}
|
|
|
|
func (db *PermissionsDBImp) PoliciesForRole(ctx context.Context, roleRef primitive.ObjectID) ([]nstructures.PolicyAssignment, error) {
|
|
return mutil.GetObjects[nstructures.PolicyAssignment](
|
|
ctx,
|
|
db.Logger,
|
|
repository.Filter("roleRef", roleRef),
|
|
nil,
|
|
db.Repository,
|
|
)
|
|
}
|
|
|
|
func (db *PermissionsDBImp) PoliciesForRoles(ctx context.Context, roleRefs []primitive.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
|
|
if len(roleRefs) == 0 {
|
|
db.Logger.Debug("Empty role references list provided, returning empty resposnse")
|
|
return []nstructures.PolicyAssignment{}, nil
|
|
}
|
|
return mutil.GetObjects[nstructures.PolicyAssignment](
|
|
ctx,
|
|
db.Logger,
|
|
repository.Query().And(
|
|
repository.Query().In(repository.Field("roleRef"), roleRefs),
|
|
repository.Filter("policy.effect.action", action),
|
|
),
|
|
nil,
|
|
db.Repository,
|
|
)
|
|
}
|
|
|
|
func NewPoliciesDB(logger mlogger.Logger, db *mongo.Database) (*PermissionsDBImp, error) {
|
|
p := &PermissionsDBImp{
|
|
DBImp: *template.Create[*nstructures.PolicyAssignment](logger, mservice.PolicyAssignements, db),
|
|
}
|
|
|
|
// faster
|
|
// harder
|
|
// index
|
|
policiesQueryIndex := &ri.Definition{
|
|
Keys: []ri.Key{
|
|
{Field: "policy.organizationRef", Sort: ri.Asc},
|
|
{Field: "policy.descriptionRef", Sort: ri.Asc},
|
|
{Field: "policy.effect.action", Sort: ri.Asc},
|
|
{Field: "policy.objectRef", Sort: ri.Asc},
|
|
},
|
|
}
|
|
if err := p.DBImp.Repository.CreateIndex(policiesQueryIndex); err != nil {
|
|
p.Logger.Warn("Failed to prepare policies query index", zap.Error(err))
|
|
return nil, err
|
|
}
|
|
|
|
roleBasedQueriesIndex := &ri.Definition{
|
|
Keys: []ri.Key{
|
|
{Field: "roleRef", Sort: ri.Asc},
|
|
{Field: "policy.effect.action", Sort: ri.Asc},
|
|
},
|
|
}
|
|
if err := p.DBImp.Repository.CreateIndex(roleBasedQueriesIndex); err != nil {
|
|
p.Logger.Warn("Failed to prepare role based query index", zap.Error(err))
|
|
return nil, err
|
|
}
|
|
|
|
uniquePolicyConstaint := &ri.Definition{
|
|
Keys: []ri.Key{
|
|
{Field: "policy.organizationRef", Sort: ri.Asc},
|
|
{Field: "roleRef", Sort: ri.Asc},
|
|
{Field: "policy.descriptionRef", Sort: ri.Asc},
|
|
{Field: "policy.effect.action", Sort: ri.Asc},
|
|
{Field: "policy.objectRef", Sort: ri.Asc},
|
|
},
|
|
Unique: true,
|
|
}
|
|
if err := p.DBImp.Repository.CreateIndex(uniquePolicyConstaint); err != nil {
|
|
p.Logger.Warn("Failed to unique policy assignment index", zap.Error(err))
|
|
return nil, err
|
|
}
|
|
|
|
return p, nil
|
|
}
|