certmanager update

internal/grpc/handler/grant.go

@@ -0,0 +1,31 @@
+package handler
+
+import (
+	"context"
+
+	"certmanager/pkg/cmctl"
+)
+
+func (hand *Handler) SetGrant(ctx context.Context, params *cmctl.SetGrantParams) (*cmctl.SetGrantResult, error) {
+	var err error
+	hand.log.Debugf("Handle SetGrant call")
+	res := &cmctl.SetGrantResult{}
+	userID, err := hand.Authentificate(ctx)
+	if err != nil {
+		return res, err
+	}
+	res, err = hand.lg.SetGrant(ctx, userID, params)
+	return res, err
+}
+
+func (hand *Handler) DeleteGrant(ctx context.Context, params *cmctl.DeleteGrantParams) (*cmctl.DeleteGrantResult, error) {
+	var err error
+	hand.log.Debugf("Handle DeleteGrant call")
+	res := &cmctl.DeleteGrantResult{}
+	userID, err := hand.Authentificate(ctx)
+	if err != nil {
+		return res, err
+	}
+	res, err = hand.lg.DeleteGrant(ctx, userID, params)
+	return res, err
+}

internal/logic/database.go

@@ -0,0 +1,64 @@
+package logic
+
+import (
+	"context"
+	"time"
+
+	"certmanager/internal/descriptor"
+	"certmanager/pkg/auxid"
+)
+
+func (lg *Logic) CleanDatabase(ctx context.Context) error {
+	var err error
+	err = lg.db.CleanDatabase(ctx)
+	if err != nil {
+		return err
+	}
+	return err
+}
+
+func (lg *Logic) SeedAccount(ctx context.Context) (int64, error) {
+	var err error
+	var userID int64
+	accountDescrs, err := lg.db.ListAccounts(ctx)
+	if err != nil {
+		return userID, err
+	}
+	if len(accountDescrs) == 0 {
+		now := time.Now().Format(time.RFC3339)
+		accountDescr := &descriptor.Account{
+			ID:        auxid.GenID(),
+			Username:  "certman",
+			Password:  "certman",
+			Disabled:  false,
+			CreatedAt: now,
+			UpdatedAt: now,
+		}
+		err = lg.db.InsertAccount(ctx, accountDescr)
+		if err != nil {
+			return userID, err
+		}
+		userID = accountDescr.ID
+		grantTypes := []string{
+			descriptor.GrantModifyServices,
+			descriptor.GrantModifyUssuers,
+			descriptor.GrantModifyUsers,
+		}
+		for _, grantType := range grantTypes {
+			grantDescr := &descriptor.Grant{
+				AccountID: accountDescr.ID,
+				Operation: grantType,
+				CreatedAt: now,
+			}
+			err = lg.db.InsertGrant(ctx, grantDescr)
+			if err != nil {
+				return userID, err
+			}
+
+		}
+
+	}
+
+	return userID, err
+
+}

internal/logic/grants.go

@@ -0,0 +1,129 @@
+package logic
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"certmanager/internal/descriptor"
+	"certmanager/pkg/auxid"
+	"certmanager/pkg/cmctl"
+)
+
+func (lg *Logic) SetGrant(ctx context.Context, userID int64, params *cmctl.SetGrantParams) (*cmctl.SetGrantResult, error) {
+	var err error
+	res := &cmctl.SetGrantResult{}
+
+	grantTypes := []string{
+		descriptor.GrantModifyServices,
+		descriptor.GrantModifyUssuers,
+		descriptor.GrantModifyUsers,
+	}
+	var grantOk bool
+	for _, grantType := range grantTypes {
+		if grantType == params.Operation {
+			grantOk = true
+			break
+		}
+	}
+	if !grantOk {
+		err := fmt.Errorf("Unknown grant type")
+		return res, err
+	}
+
+	var accountDescr *descriptor.Account
+	var accountExists bool
+	switch {
+	case params.AccountID != 0:
+		accountExists, accountDescr, err = lg.db.GetAccountByID(ctx, params.AccountID)
+		if err != nil {
+			return res, err
+		}
+	case params.Username != "":
+		accountExists, accountDescr, err = lg.db.GetAccountByUsername(ctx, params.Username)
+		if err != nil {
+			return res, err
+		}
+	}
+	if !accountExists || accountDescr == nil {
+		err := fmt.Errorf("Account with this id or name dont exists")
+		return res, err
+	}
+
+	//grantExists := true
+	grantExists, _, err := lg.db.GetGrant(ctx, accountDescr.ID, params.Operation)
+	if err != nil {
+		return res, err
+	}
+	if grantExists {
+		err := fmt.Errorf("Grant %s for the user already exists", params.Operation)
+		return res, err
+	}
+	now := time.Now().Format(time.RFC3339)
+	grantDescr := &descriptor.Grant{
+		ID:        auxid.GenID(),
+		AccountID: accountDescr.ID,
+		CreatedAt: now,
+		Operation: params.Operation,
+	}
+	err = lg.db.InsertGrant(ctx, grantDescr)
+	if err != nil {
+		return res, err
+	}
+	return res, err
+}
+
+func (lg *Logic) DeleteGrant(ctx context.Context, userID int64, params *cmctl.DeleteGrantParams) (*cmctl.DeleteGrantResult, error) {
+	var err error
+	res := &cmctl.DeleteGrantResult{}
+
+	grantTypes := []string{
+		descriptor.GrantModifyServices,
+		descriptor.GrantModifyUssuers,
+		descriptor.GrantModifyUsers,
+	}
+	var grantOk bool
+	for _, grantType := range grantTypes {
+		if grantType == params.Operation {
+			grantOk = true
+			break
+		}
+	}
+	if !grantOk {
+		err := fmt.Errorf("Unknown grant type")
+		return res, err
+	}
+
+	var accountDescr *descriptor.Account
+	var accountExists bool
+	switch {
+	case params.AccountID != 0:
+		accountExists, accountDescr, err = lg.db.GetAccountByID(ctx, params.AccountID)
+		if err != nil {
+			return res, err
+		}
+	case params.Username != "":
+		accountExists, accountDescr, err = lg.db.GetAccountByUsername(ctx, params.Username)
+		if err != nil {
+			return res, err
+		}
+	}
+	if !accountExists || accountDescr == nil {
+		err := fmt.Errorf("Account with this id or name dont exists")
+		return res, err
+	}
+
+	grantExists, _, err := lg.db.GetGrant(ctx, accountDescr.ID, params.Operation)
+	if err != nil {
+		return res, err
+	}
+	if !grantExists {
+		err := fmt.Errorf("Grant %s for the user not exists")
+		return res, err
+	}
+	err = lg.db.DeleteGrantByAccountID(ctx, accountDescr.ID, params.Operation)
+	if err != nil {
+		return res, err
+	}
+	return res, err
+}