105 lines
2.2 KiB
Go
105 lines
2.2 KiB
Go
package permissions
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"go.infratographer.com/x/gidx"
|
|
"golang.org/x/exp/slices"
|
|
)
|
|
|
|
type ResourceRoleCreate struct {
|
|
Actions []string `json:"actions"`
|
|
}
|
|
|
|
type ResourceRoleCreateResponse struct {
|
|
ID string `json:"id"`
|
|
}
|
|
|
|
type ResourceRoleDeleteResponse struct {
|
|
Success bool `json:"success"`
|
|
}
|
|
|
|
type ResourceRoles []ResourceRole
|
|
|
|
type ResourceRole struct {
|
|
ID gidx.PrefixedID `json:"id"`
|
|
Actions []string `json:"actions"`
|
|
}
|
|
|
|
func (c *Client) CreateRole(ctx context.Context, resourceID gidx.PrefixedID, actions []string) (gidx.PrefixedID, error) {
|
|
path := fmt.Sprintf("/api/v1/resources/%s/roles", resourceID.String())
|
|
|
|
body, err := encodeJSON(ResourceRoleCreate{
|
|
Actions: actions,
|
|
})
|
|
if err != nil {
|
|
return gidx.NullPrefixedID, err
|
|
}
|
|
|
|
var response ResourceRoleCreateResponse
|
|
|
|
if _, err = c.DoRequest(ctx, http.MethodPost, path, body, &response); err != nil {
|
|
return gidx.NullPrefixedID, err
|
|
}
|
|
|
|
roleID, err := gidx.Parse(response.ID)
|
|
if err != nil {
|
|
return gidx.NullPrefixedID, err
|
|
}
|
|
|
|
return roleID, nil
|
|
}
|
|
|
|
func (c *Client) DeleteRole(ctx context.Context, roleID gidx.PrefixedID) error {
|
|
path := fmt.Sprintf("/api/v1/roles/%s", roleID.String())
|
|
|
|
var response ResourceRoleDeleteResponse
|
|
|
|
if _, err := c.DoRequest(ctx, http.MethodDelete, path, nil, &response); err != nil {
|
|
return err
|
|
}
|
|
|
|
if !response.Success {
|
|
return ErrUnexpectedRoleDeleteFailed
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (c *Client) ListResourceRoles(ctx context.Context, resourceID gidx.PrefixedID) (ResourceRoles, error) {
|
|
path := fmt.Sprintf("/api/v1/resources/%s/roles", resourceID.String())
|
|
|
|
var response struct {
|
|
Data ResourceRoles `json:"data"`
|
|
}
|
|
|
|
if _, err := c.DoRequest(ctx, http.MethodGet, path, nil, &response); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return response.Data, nil
|
|
}
|
|
|
|
func (c *Client) FindResourceRoleByActions(ctx context.Context, resourceID gidx.PrefixedID, actions []string) (ResourceRole, error) {
|
|
roles, err := c.ListResourceRoles(ctx, resourceID)
|
|
if err != nil {
|
|
return ResourceRole{}, err
|
|
}
|
|
|
|
slices.Sort(actions)
|
|
|
|
for _, role := range roles {
|
|
roleActions := role.Actions
|
|
|
|
slices.Sort(roleActions)
|
|
|
|
if slices.Equal(actions, roleActions) {
|
|
return role, nil
|
|
}
|
|
}
|
|
|
|
return ResourceRole{}, ErrRoleNotFound
|
|
}
|