restructure and process additions and deleteions of relationships, roles and memberships

internal/service/users.go

@@ -28,13 +28,16 @@ func (s *service) IsAssignableResource(id gidx.PrefixedID) bool {
 }
 
 func (s *service) AssignUser(ctx context.Context, userID gidx.PrefixedID, resourceIDs ...gidx.PrefixedID) error {
-	var memberships []ResourceMemberships
+	var totalResources, rolesChanged, assignmentsChanged int
+
+	mlogger := s.logger.With("member.id", userID.String())
+
+	memberID := prefixedID{userID}
 
 	for _, resourceID := range resourceIDs {
 		role, err := s.getUserResourceRole(ctx, userID, resourceID)
 		if err != nil {
-			s.logger.Warnw("failed to determine role for user resource", "error", err)
-
+			mlogger.Warnw("failed to determine role for user resource", "error", err)
 			continue
 		}
 
@@ -42,16 +45,25 @@ func (s *service) AssignUser(ctx context.Context, userID gidx.PrefixedID, resour
 			continue
 		}
 
-		memberships = append(memberships, ResourceMemberships{
+		roles, assignments := s.syncMemberships(ctx, Relationships{
 			Resource: prefixedID{resourceID},
-			Role:     role,
-			Member:   prefixedID{userID},
-		})
+			Memberships: []ResourceMemberships{
+				{
+					Role:   role,
+					Member: memberID,
+				},
+			},
+		}, true)
+
+		totalResources++
+		rolesChanged += roles
+		assignmentsChanged += assignments
 	}
 
-	s.syncMemberships(ctx, memberships)
-
-	s.logger.Infow("assignment sync complete", "memberships", len(memberships))
+	mlogger.Infow("assignment sync complete",
+		"membership.roles_changed", rolesChanged,
+		"membership.assignments_changed", assignmentsChanged,
+	)
 
 	return nil
 }