-
Notifications
You must be signed in to change notification settings - Fork 0
/
role_service.go
109 lines (90 loc) · 3.09 KB
/
role_service.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
package service
import (
"context"
"github.com/midaef/emmet-server/internal/api"
"github.com/midaef/emmet-server/internal/models"
"github.com/midaef/emmet-server/internal/repository"
"github.com/midaef/emmet-server/pkg/helpers"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
)
type Role struct {
hasher *helpers.Md5
tokenService TokenService
roleRepository repository.RoleRepository
authRepository repository.AuthRepository
}
func NewRoleService(hasher *helpers.Md5, tokenService TokenService, roleRepository repository.RoleRepository,
authRepository repository.AuthRepository) *Role {
return &Role{
hasher: hasher,
tokenService: tokenService,
roleRepository: roleRepository,
authRepository: authRepository,
}
}
func (s *Role) CreateRoleByAccessToken(ctx context.Context, req *api.CreateRoleByAccessTokenRequest) (*api.CreateRoleResponseByAccessToken, error) {
claims, err := s.tokenService.CheckAccessToken(req.AccessToken)
if err != nil {
return nil, err
}
if !s.authRepository.IsExistByLogin(ctx, claims.Login) {
return nil, status.Error(codes.NotFound, "Your account not exists")
}
permissions, err := s.roleRepository.GetPermissionsByRole(ctx, claims.Subject)
if err != nil {
return nil, status.Error(codes.Internal, "Get permissions error")
}
if !permissions.CreateRole {
return nil, status.Error(codes.PermissionDenied, "Insufficient access rights")
}
if s.roleRepository.IsExistByRole(ctx, req.Role) {
return nil, status.Error(codes.AlreadyExists, "Role exists")
}
role := &models.Role{
CreatedBy: claims.Subject,
CreateRole: req.CreateRole,
CreateUser: req.CreateUser,
CreateValue: req.CreateValue,
DeleteRole: req.DeleteRole,
DeleteUser: req.DeleteUser,
DeleteValue: req.DeleteValue,
Role: req.Role,
}
err = s.roleRepository.CreateRole(ctx, role)
if err != nil {
return nil, status.Error(codes.Internal, "Create role error")
}
return &api.CreateRoleResponseByAccessToken{
Message: "Role created",
}, nil
}
func (s *Role) DeleteRoleByAccessToken(ctx context.Context, req *api.DeleteRoleByAccessTokenRequest) (*api.DeleteRoleResponseByAccessToken, error) {
claims, err := s.tokenService.CheckAccessToken(req.AccessToken)
if err != nil {
return nil, err
}
if !s.authRepository.IsExistByLogin(ctx, claims.Login) {
return nil, status.Error(codes.NotFound, "Your account not exists")
}
permissions, err := s.roleRepository.GetPermissionsByRole(ctx, claims.Subject)
if err != nil {
return nil, status.Error(codes.Internal, "Get permissions error")
}
if !permissions.DeleteRole {
return nil, status.Error(codes.PermissionDenied, "Insufficient access rights")
}
if req.Role == "root" {
return nil, status.Error(codes.PermissionDenied, "Root cannot be deleted")
}
if !s.roleRepository.IsExistByRole(ctx, req.Role) {
return nil, status.Error(codes.AlreadyExists, "Role not exists")
}
err = s.roleRepository.DeleteByRole(ctx, req.Role)
if err != nil {
return nil, status.Error(codes.Internal, "Delete role error")
}
return &api.DeleteRoleResponseByAccessToken{
Message: "Role deleted",
}, nil
}