big ole refactor

internal/db/role.go

@@ -25,13 +25,6 @@ type Role struct {
 	Permissions []Permission `bun:"m2m:role_permissions,join:Role=Permission"`
 }
 
-type RolePermission struct {
-	RoleID       int         `bun:",pk"`
-	Role         *Role       `bun:"rel:belongs-to,join:role_id=id"`
-	PermissionID int         `bun:",pk"`
-	Permission   *Permission `bun:"rel:belongs-to,join:permission_id=id"`
-}
-
 func (r Role) isSystem() bool {
 	return r.IsSystem
 }
@@ -42,17 +35,12 @@ func GetRoleByName(ctx context.Context, tx bun.Tx, name roles.Role) (*Role, erro
 	if name == "" {
 		return nil, errors.New("name cannot be empty")
 	}
-	return GetByField[Role](tx, "name", name).Get(ctx)
+	return GetByField[Role](tx, "name", name).Relation("Permissions").Get(ctx)
 }
 
 // GetRoleByID queries the database for a role matching the given ID
 // Returns nil, nil if no role is found
 func GetRoleByID(ctx context.Context, tx bun.Tx, id int) (*Role, error) {
-	return GetByID[Role](tx, id).Get(ctx)
-}
-
-// GetRoleWithPermissions loads a role and all its permissions
-func GetRoleWithPermissions(ctx context.Context, tx bun.Tx, id int) (*Role, error) {
 	return GetByID[Role](tx, id).Relation("Permissions").Get(ctx)
 }
 
@@ -73,7 +61,7 @@ func GetRoles(ctx context.Context, tx bun.Tx, pageOpts *PageOpts) (*List[Role],
 }
 
 // CreateRole creates a new role
-func CreateRole(ctx context.Context, tx bun.Tx, role *Role) error {
+func CreateRole(ctx context.Context, tx bun.Tx, role *Role, audit *AuditMeta) error {
 	if role == nil {
 		return errors.New("role cannot be nil")
 	}
@@ -81,6 +69,7 @@ func CreateRole(ctx context.Context, tx bun.Tx, role *Role) error {
 
 	err := Insert(tx, role).
 		Returning("id").
+		WithAudit(audit, nil).
 		Exec(ctx)
 	if err != nil {
 		return errors.Wrap(err, "db.Insert")
@@ -90,7 +79,7 @@ func CreateRole(ctx context.Context, tx bun.Tx, role *Role) error {
 }
 
 // UpdateRole updates an existing role
-func UpdateRole(ctx context.Context, tx bun.Tx, role *Role) error {
+func UpdateRole(ctx context.Context, tx bun.Tx, role *Role, audit *AuditMeta) error {
 	if role == nil {
 		return errors.New("role cannot be nil")
 	}
@@ -100,6 +89,7 @@ func UpdateRole(ctx context.Context, tx bun.Tx, role *Role) error {
 
 	err := Update(tx, role).
 		WherePK().
+		WithAudit(audit, nil).
 		Exec(ctx)
 	if err != nil {
 		return errors.Wrap(err, "db.Update")
@@ -110,7 +100,7 @@ func UpdateRole(ctx context.Context, tx bun.Tx, role *Role) error {
 
 // DeleteRole deletes a role (checks IsSystem protection)
 // Also cleans up join table entries in role_permissions and user_roles
-func DeleteRole(ctx context.Context, tx bun.Tx, id int) error {
+func DeleteRole(ctx context.Context, tx bun.Tx, id int, audit *AuditMeta) error {
 	if id <= 0 {
 		return errors.New("id must be positive")
 	}
@@ -146,47 +136,5 @@ func DeleteRole(ctx context.Context, tx bun.Tx, id int) error {
 	}
 
 	// Finally delete the role
-	return DeleteWithProtection[Role](ctx, tx, id)
-}
-
-// AddPermissionToRole grants a permission to a role
-func AddPermissionToRole(ctx context.Context, tx bun.Tx, roleID, permissionID int) error {
-	if roleID <= 0 {
-		return errors.New("roleID must be positive")
-	}
-	if permissionID <= 0 {
-		return errors.New("permissionID must be positive")
-	}
-	rolePerm := &RolePermission{
-		RoleID:       roleID,
-		PermissionID: permissionID,
-	}
-	err := Insert(tx, rolePerm).
-		ConflictNothing("role_id", "permission_id").
-		Exec(ctx)
-	if err != nil {
-		return errors.Wrap(err, "db.Insert")
-	}
-
-	return nil
-}
-
-// RemovePermissionFromRole revokes a permission from a role
-func RemovePermissionFromRole(ctx context.Context, tx bun.Tx, roleID, permissionID int) error {
-	if roleID <= 0 {
-		return errors.New("roleID must be positive")
-	}
-	if permissionID <= 0 {
-		return errors.New("permissionID must be positive")
-	}
-
-	err := DeleteItem[RolePermission](tx).
-		Where("role_id = ?", roleID).
-		Where("permission_id = ?", permissionID).
-		Delete(ctx)
-	if err != nil {
-		return errors.Wrap(err, "DeleteItem")
-	}
-
-	return nil
+	return DeleteWithProtection[Role](ctx, tx, id, audit)
 }