[feature] migrate to monorepo
This commit is contained in:
commit
05ddc1f783
GPG key ID:
0C656827F9F80080
267 changed files with 75165 additions and 0 deletions
105
backend/internal/service/rbac_service.go
Normal file
105
backend/internal/service/rbac_service.go
Normal file
|
|
@ -0,0 +1,105 @@
|
|||
package service
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
|
||||
"tss-rocks-be/ent"
|
||||
"tss-rocks-be/ent/permission"
|
||||
"tss-rocks-be/ent/role"
|
||||
)
|
||||
|
||||
type RBACService struct {
|
||||
client *ent.Client
|
||||
}
|
||||
|
||||
func NewRBACService(client *ent.Client) *RBACService {
|
||||
return &RBACService{
|
||||
client: client,
|
||||
}
|
||||
}
|
||||
|
||||
// InitializeRBAC sets up the initial RBAC configuration
|
||||
func (s *RBACService) InitializeRBAC(ctx context.Context) error {
|
||||
// Create admin role if it doesn't exist
|
||||
adminRole, err := s.client.Role.Query().
|
||||
Where(role.Name("admin")).
|
||||
Only(ctx)
|
||||
if ent.IsNotFound(err) {
|
||||
adminRole, err = s.client.Role.Create().
|
||||
SetName("admin").
|
||||
Save(ctx)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to create admin role: %w", err)
|
||||
}
|
||||
} else if err != nil {
|
||||
return fmt.Errorf("failed to query admin role: %w", err)
|
||||
}
|
||||
|
||||
// Create editor role if it doesn't exist
|
||||
editorRole, err := s.client.Role.Query().
|
||||
Where(role.Name("editor")).
|
||||
Only(ctx)
|
||||
if ent.IsNotFound(err) {
|
||||
editorRole, err = s.client.Role.Create().
|
||||
SetName("editor").
|
||||
Save(ctx)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to create editor role: %w", err)
|
||||
}
|
||||
} else if err != nil {
|
||||
return fmt.Errorf("failed to query editor role: %w", err)
|
||||
}
|
||||
|
||||
// Define permissions
|
||||
permissions := []struct {
|
||||
role *ent.Role
|
||||
resource string
|
||||
actions []string
|
||||
}{
|
||||
{adminRole, "users", []string{"create", "read", "update", "delete", "assign_role"}},
|
||||
{adminRole, "roles", []string{"create", "read", "update", "delete"}},
|
||||
{adminRole, "media", []string{"create", "read", "update", "delete"}},
|
||||
{adminRole, "posts", []string{"create", "read", "update", "delete"}},
|
||||
{adminRole, "categories", []string{"create", "read", "update", "delete"}},
|
||||
{adminRole, "contributors", []string{"create", "read", "update", "delete"}},
|
||||
{adminRole, "dailies", []string{"create", "read", "update", "delete"}},
|
||||
|
||||
{editorRole, "media", []string{"create", "read", "update"}},
|
||||
{editorRole, "posts", []string{"create", "read", "update"}},
|
||||
{editorRole, "categories", []string{"read"}},
|
||||
{editorRole, "contributors", []string{"read"}},
|
||||
{editorRole, "dailies", []string{"create", "read", "update"}},
|
||||
}
|
||||
|
||||
// Create permissions for each role
|
||||
for _, p := range permissions {
|
||||
for _, action := range p.actions {
|
||||
// Check if permission already exists
|
||||
exists, err := s.client.Permission.Query().
|
||||
Where(
|
||||
permission.Resource(p.resource),
|
||||
permission.Action(action),
|
||||
permission.HasRolesWith(role.ID(p.role.ID)),
|
||||
).
|
||||
Exist(ctx)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to query permission: %w", err)
|
||||
}
|
||||
|
||||
if !exists {
|
||||
// Create permission and associate it with the role
|
||||
_, err = s.client.Permission.Create().
|
||||
SetResource(p.resource).
|
||||
SetAction(action).
|
||||
AddRoles(p.role).
|
||||
Save(ctx)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to create permission: %w", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue