88 lines
3.0 KiB
Go
88 lines
3.0 KiB
Go
package permissionsimp
|
|
|
|
import (
|
|
"context"
|
|
|
|
api "github.com/tech/sendico/pkg/api/http"
|
|
"github.com/tech/sendico/pkg/auth"
|
|
"github.com/tech/sendico/pkg/db/organization"
|
|
"github.com/tech/sendico/pkg/db/policy"
|
|
"github.com/tech/sendico/pkg/db/role"
|
|
"github.com/tech/sendico/pkg/db/transaction"
|
|
"github.com/tech/sendico/pkg/mlogger"
|
|
"github.com/tech/sendico/pkg/model"
|
|
"github.com/tech/sendico/pkg/mservice"
|
|
eapi "github.com/tech/sendico/server/interface/api"
|
|
mutil "github.com/tech/sendico/server/internal/mutil/param"
|
|
"go.mongodb.org/mongo-driver/bson/primitive"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
type PermissionsAPI struct {
|
|
logger mlogger.Logger
|
|
db organization.DB
|
|
pdb policy.DB
|
|
rdb role.DB
|
|
enforcer auth.Enforcer
|
|
manager auth.Manager
|
|
rolesPermissionRef primitive.ObjectID
|
|
policiesPermissionRef primitive.ObjectID
|
|
Rph mutil.ParamHelper
|
|
tf transaction.Factory
|
|
auth auth.Manager
|
|
}
|
|
|
|
func (a *PermissionsAPI) Name() mservice.Type {
|
|
return mservice.Permissions
|
|
}
|
|
|
|
func (a *PermissionsAPI) Finish(_ context.Context) error {
|
|
return nil
|
|
}
|
|
|
|
func CreateAPI(a eapi.API) (*PermissionsAPI, error) {
|
|
p := &PermissionsAPI{
|
|
enforcer: a.Permissions().Enforcer(),
|
|
manager: a.Permissions().Manager(),
|
|
Rph: mutil.CreatePH("role"),
|
|
tf: a.DBFactory().TransactionFactory(),
|
|
auth: a.Permissions().Manager(),
|
|
}
|
|
p.logger = a.Logger().Named(p.Name())
|
|
|
|
var err error
|
|
if p.db, err = a.DBFactory().NewOrganizationDB(); err != nil {
|
|
p.logger.Error("Failed to create organizations database", zap.Error(err))
|
|
return nil, err
|
|
}
|
|
if p.rdb, err = a.DBFactory().NewRolesDB(); err != nil {
|
|
p.logger.Error("Failed to create roles database", zap.Error(err))
|
|
return nil, err
|
|
}
|
|
if p.pdb, err = a.DBFactory().NewPoliciesDB(); err != nil {
|
|
p.logger.Error("Failed to create policies database", zap.Error(err))
|
|
return nil, err
|
|
}
|
|
|
|
var pdesc model.PolicyDescription
|
|
if err := p.pdb.GetBuiltInPolicy(context.Background(), mservice.Roles, &pdesc); err != nil {
|
|
p.logger.Warn("Failed to fetch roles management permission description", zap.Error(err))
|
|
return nil, err
|
|
}
|
|
p.rolesPermissionRef = pdesc.ID
|
|
if err := p.pdb.GetBuiltInPolicy(context.Background(), mservice.Policies, &pdesc); err != nil {
|
|
p.logger.Warn("Failed to fetch policies management permission description", zap.Error(err))
|
|
return nil, err
|
|
}
|
|
p.policiesPermissionRef = pdesc.ID
|
|
|
|
a.Register().AccountHandler(p.Name(), mutil.AddOrganizaztionRef("/"), api.Get, p.get)
|
|
a.Register().AccountHandler(p.Name(), mutil.AddOrganizaztionRef("/all"), api.Get, p.getAll)
|
|
a.Register().AccountHandler(p.Name(), mutil.AddOrganizaztionRef("/change_role"), api.Post, p.changeRole)
|
|
a.Register().AccountHandler(p.Name(), "/policies", api.Put, p.changePolicies)
|
|
a.Register().AccountHandler(p.Name(), "/role", api.Post, p.createRoleDescription)
|
|
a.Register().AccountHandler(p.Name(), p.Rph.AddRef("/role"), api.Delete, p.deleteRoleDescription)
|
|
|
|
return p, nil
|
|
}
|