138 lines
3.5 KiB
Go
138 lines
3.5 KiB
Go
package db
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"git.haelnorr.com/h/oslstats/internal/roles"
|
|
"github.com/pkg/errors"
|
|
"github.com/uptrace/bun"
|
|
)
|
|
|
|
type Role struct {
|
|
bun.BaseModel `bun:"table:roles,alias:r"`
|
|
|
|
ID int `bun:"id,pk,autoincrement"`
|
|
Name roles.Role `bun:"name,unique,notnull"`
|
|
DisplayName string `bun:"display_name,notnull"`
|
|
Description string `bun:"description"`
|
|
IsSystem bool `bun:"is_system,default:false"`
|
|
CreatedAt int64 `bun:"created_at,notnull"`
|
|
UpdatedAt *int64 `bun:"updated_at"`
|
|
|
|
// Relations (loaded on demand)
|
|
Users []User `bun:"m2m:user_roles,join:Role=User"`
|
|
Permissions []Permission `bun:"m2m:role_permissions,join:Role=Permission"`
|
|
}
|
|
|
|
func (r Role) isSystem() bool {
|
|
return r.IsSystem
|
|
}
|
|
|
|
// GetRoleByName queries the database for a role matching the given name
|
|
// Returns a BadRequestNotFound error if no role is found
|
|
func GetRoleByName(ctx context.Context, tx bun.Tx, name roles.Role) (*Role, error) {
|
|
if name == "" {
|
|
return nil, errors.New("name cannot be empty")
|
|
}
|
|
return GetByField[Role](tx, "name", name).Relation("Permissions").Get(ctx)
|
|
}
|
|
|
|
// GetRoleByID queries the database for a role matching the given ID
|
|
// Returns a BadRequestNotFound error if no role is found
|
|
func GetRoleByID(ctx context.Context, tx bun.Tx, id int) (*Role, error) {
|
|
return GetByID[Role](tx, id).Relation("Permissions").Get(ctx)
|
|
}
|
|
|
|
// ListAllRoles returns all roles
|
|
func ListAllRoles(ctx context.Context, tx bun.Tx) ([]*Role, error) {
|
|
return GetList[Role](tx).GetAll(ctx)
|
|
}
|
|
|
|
// GetRoles returns a paginated list of roles
|
|
func GetRoles(ctx context.Context, tx bun.Tx, pageOpts *PageOpts) (*List[Role], error) {
|
|
defaults := &PageOpts{
|
|
Page: 1,
|
|
PerPage: 25,
|
|
Order: bun.OrderAsc,
|
|
OrderBy: "display_name",
|
|
}
|
|
return GetList[Role](tx).GetPaged(ctx, pageOpts, defaults)
|
|
}
|
|
|
|
// CreateRole creates a new role
|
|
func CreateRole(ctx context.Context, tx bun.Tx, role *Role, audit *AuditMeta) error {
|
|
if role == nil {
|
|
return errors.New("role cannot be nil")
|
|
}
|
|
role.CreatedAt = time.Now().Unix()
|
|
|
|
err := Insert(tx, role).
|
|
Returning("id").
|
|
WithAudit(audit, nil).
|
|
Exec(ctx)
|
|
if err != nil {
|
|
return errors.Wrap(err, "db.Insert")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// UpdateRole updates an existing role
|
|
func UpdateRole(ctx context.Context, tx bun.Tx, role *Role, audit *AuditMeta) error {
|
|
if role == nil {
|
|
return errors.New("role cannot be nil")
|
|
}
|
|
if role.ID <= 0 {
|
|
return errors.New("role id must be positive")
|
|
}
|
|
|
|
err := Update(tx, role).
|
|
WherePK().
|
|
WithAudit(audit, nil).
|
|
Exec(ctx)
|
|
if err != nil {
|
|
return errors.Wrap(err, "db.Update")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// DeleteRole deletes a role (checks IsSystem protection)
|
|
// Also cleans up join table entries in role_permissions and user_roles
|
|
func DeleteRole(ctx context.Context, tx bun.Tx, id int, audit *AuditMeta) error {
|
|
if id <= 0 {
|
|
return errors.New("id must be positive")
|
|
}
|
|
|
|
// First check if role exists and is not system
|
|
role, err := GetRoleByID(ctx, tx, id)
|
|
if err != nil {
|
|
return errors.Wrap(err, "GetRoleByID")
|
|
}
|
|
if role.IsSystem {
|
|
return errors.New("cannot delete system roles")
|
|
}
|
|
|
|
// Delete role_permissions entries
|
|
_, err = tx.NewDelete().
|
|
Model((*RolePermission)(nil)).
|
|
Where("role_id = ?", id).
|
|
Exec(ctx)
|
|
if err != nil {
|
|
return errors.Wrap(err, "delete role_permissions")
|
|
}
|
|
|
|
// Delete user_roles entries
|
|
_, err = tx.NewDelete().
|
|
Model((*UserRole)(nil)).
|
|
Where("role_id = ?", id).
|
|
Exec(ctx)
|
|
if err != nil {
|
|
return errors.Wrap(err, "delete user_roles")
|
|
}
|
|
|
|
// Finally delete the role
|
|
return DeleteWithProtection[Role](ctx, tx, id, audit)
|
|
}
|