[feature/backend] implement /users handler + switch to username + add display name + user management cli

2025-02-21 04:30:07 +08:00 · 2025-02-21 04:30:07 +08:00 · 86ab334bc9
commit 86ab334bc9
parent 1d712d4e6c
38 changed files with 1851 additions and 506 deletions
--- a/backend/internal/rbac/init.go
+++ b/backend/internal/rbac/init.go
@ -5,6 +5,7 @@ import (
 	"fmt"

 	"tss-rocks-be/ent"
+	"tss-rocks-be/ent/permission"
 	"tss-rocks-be/ent/role"
 )

@ -38,37 +39,69 @@ func InitializeRBAC(ctx context.Context, client *ent.Client) error {
 	permissionMap := make(map[string]*ent.Permission)
 	for resource, actions := range DefaultPermissions {
 		for _, action := range actions {
-			permission, err := client.Permission.Create().
-				SetResource(resource).
-				SetAction(action).
-				SetDescription(fmt.Sprintf("Permission to %s %s", action, resource)).
-				Save(ctx)
-			if err != nil {
-				return fmt.Errorf("failed creating permission: %w", err)
-			}
 			key := fmt.Sprintf("%s:%s", resource, action)
+			permission, err := client.Permission.Query().
+				Where(
+					permission.ResourceEQ(resource),
+					permission.ActionEQ(action),
+				).
+				Only(ctx)
+			if ent.IsNotFound(err) {
+				permission, err = client.Permission.Create().
+					SetResource(resource).
+					SetAction(action).
+					SetDescription(fmt.Sprintf("Permission to %s %s", action, resource)).
+					Save(ctx)
+				if err != nil {
+					return fmt.Errorf("failed creating permission: %w", err)
+				}
+			} else if err != nil {
+				return fmt.Errorf("failed querying permission: %w", err)
+			}
 			permissionMap[key] = permission
 		}
 	}

 	// Create roles with permissions
 	for roleName, permissions := range DefaultRoles {
-		roleCreate := client.Role.Create().
-			SetName(roleName).
-			SetDescription(fmt.Sprintf("Role for %s users", roleName))
+		role, err := client.Role.Query().
+			Where(role.NameEQ(roleName)).
+			Only(ctx)
+		if ent.IsNotFound(err) {
+			roleCreate := client.Role.Create().
+				SetName(roleName).
+				SetDescription(fmt.Sprintf("Role for %s users", roleName))

-		// Add permissions to role
-		for resource, actions := range permissions {
-			for _, action := range actions {
-				key := fmt.Sprintf("%s:%s", resource, action)
-				if permission, exists := permissionMap[key]; exists {
-					roleCreate.AddPermissions(permission)
+			// Add permissions to role
+			for resource, actions := range permissions {
+				for _, action := range actions {
+					key := fmt.Sprintf("%s:%s", resource, action)
+					if permission, exists := permissionMap[key]; exists {
+						roleCreate.AddPermissions(permission)
+					}
 				}
 			}
-		}

-		if _, err := roleCreate.Save(ctx); err != nil {
-			return fmt.Errorf("failed creating role %s: %w", roleName, err)
+			if _, err := roleCreate.Save(ctx); err != nil {
+				return fmt.Errorf("failed creating role %s: %w", roleName, err)
+			}
+		} else if err != nil {
+			return fmt.Errorf("failed querying role: %w", err)
+		} else {
+			// Update existing role's permissions
+			for resource, actions := range permissions {
+				for _, action := range actions {
+					key := fmt.Sprintf("%s:%s", resource, action)
+					if permission, exists := permissionMap[key]; exists {
+						err = client.Role.UpdateOne(role).
+							AddPermissions(permission).
+							Exec(ctx)
+						if err != nil {
+							return fmt.Errorf("failed updating role %s permissions: %w", roleName, err)
+						}
+					}
+				}
+			}
 		}
 	}