[feature] migrate to monorepo

2025-02-21 00:49:20 +08:00 · 2025-02-21 00:49:20 +08:00 · 05ddc1f783
commit 05ddc1f783
267 changed files with 75165 additions and 0 deletions
--- a/backend/internal/rbac/init.go
+++ b/backend/internal/rbac/init.go
@ -0,0 +1,90 @@
+package rbac
+
+import (
+	"context"
+	"fmt"
+
+	"tss-rocks-be/ent"
+	"tss-rocks-be/ent/role"
+)
+
+// DefaultPermissions defines the default permissions for each resource
+var DefaultPermissions = map[string][]string{
+	"media": {"create", "read", "update", "delete", "list"},
+	"post":  {"create", "read", "update", "delete", "list"},
+	"daily": {"create", "read", "update", "delete", "list"},
+	"user":  {"create", "read", "update", "delete", "list"},
+}
+
+// DefaultRoles defines the default roles and their permissions
+var DefaultRoles = map[string]map[string][]string{
+	"admin": DefaultPermissions,
+	"editor": {
+		"media": {"create", "read", "update", "list"},
+		"post":  {"create", "read", "update", "list"},
+		"daily": {"create", "read", "update", "list"},
+		"user":  {"read"},
+	},
+	"contributor": {
+		"media": {"read", "list"},
+		"post":  {"read", "list"},
+		"daily": {"read", "list"},
+	},
+}
+
+// InitializeRBAC initializes the RBAC system with default roles and permissions
+func InitializeRBAC(ctx context.Context, client *ent.Client) error {
+	// Create permissions
+	permissionMap := make(map[string]*ent.Permission)
+	for resource, actions := range DefaultPermissions {
+		for _, action := range actions {
+			permission, err := client.Permission.Create().
+				SetResource(resource).
+				SetAction(action).
+				SetDescription(fmt.Sprintf("Permission to %s %s", action, resource)).
+				Save(ctx)
+			if err != nil {
+				return fmt.Errorf("failed creating permission: %w", err)
+			}
+			key := fmt.Sprintf("%s:%s", resource, action)
+			permissionMap[key] = permission
+		}
+	}
+
+	// Create roles with permissions
+	for roleName, permissions := range DefaultRoles {
+		roleCreate := client.Role.Create().
+			SetName(roleName).
+			SetDescription(fmt.Sprintf("Role for %s users", roleName))
+
+		// Add permissions to role
+		for resource, actions := range permissions {
+			for _, action := range actions {
+				key := fmt.Sprintf("%s:%s", resource, action)
+				if permission, exists := permissionMap[key]; exists {
+					roleCreate.AddPermissions(permission)
+				}
+			}
+		}
+
+		if _, err := roleCreate.Save(ctx); err != nil {
+			return fmt.Errorf("failed creating role %s: %w", roleName, err)
+		}
+	}
+
+	return nil
+}
+
+// AssignRoleToUser assigns a role to a user
+func AssignRoleToUser(ctx context.Context, client *ent.Client, userID int, roleName string) error {
+	role, err := client.Role.Query().
+		Where(role.Name(roleName)).
+		Only(ctx)
+	if err != nil {
+		return fmt.Errorf("failed querying role: %w", err)
+	}
+
+	return client.User.UpdateOneID(userID).
+		AddRoles(role).
+		Exec(ctx)
+}
--- a/backend/internal/rbac/init_test.go
+++ b/backend/internal/rbac/init_test.go
@ -0,0 +1,98 @@
+package rbac
+
+import (
+	"context"
+	"testing"
+
+	"tss-rocks-be/ent/enttest"
+	"tss-rocks-be/ent/role"
+
+	_ "github.com/mattn/go-sqlite3"
+)
+
+func TestInitializeRBAC(t *testing.T) {
+	// Create an in-memory SQLite client for testing
+	client := enttest.Open(t, "sqlite3", "file:ent?mode=memory&cache=shared&_fk=1")
+	defer client.Close()
+
+	ctx := context.Background()
+
+	// Test initialization
+	err := InitializeRBAC(ctx, client)
+	if err != nil {
+		t.Fatalf("Failed to initialize RBAC: %v", err)
+	}
+
+	// Verify roles were created
+	for roleName := range DefaultRoles {
+		r, err := client.Role.Query().Where(role.Name(roleName)).Only(ctx)
+		if err != nil {
+			t.Errorf("Role %s was not created: %v", roleName, err)
+		}
+
+		// Verify permissions for each role
+		perms, err := r.QueryPermissions().All(ctx)
+		if err != nil {
+			t.Errorf("Failed to query permissions for role %s: %v", roleName, err)
+		}
+
+		expectedPerms := DefaultRoles[roleName]
+		permCount := 0
+		for _, actions := range expectedPerms {
+			permCount += len(actions)
+		}
+
+		if len(perms) != permCount {
+			t.Errorf("Role %s has %d permissions, expected %d", roleName, len(perms), permCount)
+		}
+	}
+}
+
+func TestAssignRoleToUser(t *testing.T) {
+	// Create an in-memory SQLite client for testing
+	client := enttest.Open(t, "sqlite3", "file:ent?mode=memory&cache=shared&_fk=1")
+	defer client.Close()
+
+	ctx := context.Background()
+
+	// Initialize RBAC
+	err := InitializeRBAC(ctx, client)
+	if err != nil {
+		t.Fatalf("Failed to initialize RBAC: %v", err)
+	}
+
+	// Create a test user
+	user, err := client.User.Create().
+		SetEmail("test@example.com").
+		SetPasswordHash("$2a$10$hzLdXMZEIzgr8eGXL0YoCOIIrQhqEj6N.S3.wY1Jx5.4vWm1ZyHyy").
+		Save(ctx)
+	if err != nil {
+		t.Fatalf("Failed to create test user: %v", err)
+	}
+
+	// Test assigning role to user
+	err = AssignRoleToUser(ctx, client, user.ID, "editor")
+	if err != nil {
+		t.Fatalf("Failed to assign role to user: %v", err)
+	}
+
+	// Verify role assignment
+	assignedRoles, err := user.QueryRoles().All(ctx)
+	if err != nil {
+		t.Fatalf("Failed to query user roles: %v", err)
+	}
+
+	if len(assignedRoles) != 1 {
+		t.Errorf("Expected 1 role, got %d", len(assignedRoles))
+	}
+
+	if assignedRoles[0].Name != "editor" {
+		t.Errorf("Expected role name 'editor', got '%s'", assignedRoles[0].Name)
+	}
+
+	// Test assigning non-existent role
+	err = AssignRoleToUser(ctx, client, user.ID, "nonexistent")
+	if err == nil {
+		t.Error("Expected error when assigning non-existent role, got nil")
+	}
+}