package logic import ( "context" "fmt" "time" "certmanager/internal/descriptor" "certmanager/pkg/auxid" "certmanager/pkg/cmctl" ) func (lg *Logic) SetGrant(ctx context.Context, accountID int64, params *cmctl.SetGrantParams) (*cmctl.SetGrantResult, error) { var err error res := &cmctl.SetGrantResult{} grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUsers) if err != nil { return res, err } if !grantExists { err := fmt.Errorf("Operation not allowed for the user") return res, err } grantTypes := []string{ descriptor.GrantModifyServices, descriptor.GrantModifyUssuers, descriptor.GrantModifyUsers, } var grantOk bool for _, grantType := range grantTypes { if grantType == params.Operation { grantOk = true break } } if !grantOk { err := fmt.Errorf("Unknown grant type") return res, err } var accountDescr *descriptor.Account var accountExists bool switch { case params.AccountID != 0: accountExists, accountDescr, err = lg.db.GetAccountByID(ctx, params.AccountID) if err != nil { return res, err } case params.Username != "": accountExists, accountDescr, err = lg.db.GetAccountByUsername(ctx, params.Username) if err != nil { return res, err } } if !accountExists || accountDescr == nil { err := fmt.Errorf("Account with this id or name dont exists") return res, err } grantExists, _, err = lg.db.GetGrant(ctx, accountDescr.ID, params.Operation) if err != nil { return res, err } if grantExists { err := fmt.Errorf("Grant %s for the user already exists", params.Operation) return res, err } now := time.Now().Format(time.RFC3339) grantDescr := &descriptor.Grant{ ID: auxid.GenID(), AccountID: accountDescr.ID, CreatedAt: now, Operation: params.Operation, } err = lg.db.InsertGrant(ctx, grantDescr) if err != nil { return res, err } return res, err } func (lg *Logic) DeleteGrant(ctx context.Context, accountID int64, params *cmctl.DeleteGrantParams) (*cmctl.DeleteGrantResult, error) { var err error res := &cmctl.DeleteGrantResult{} grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUsers) if err != nil { return res, err } if !grantExists { err := fmt.Errorf("Operation not allowed for the user") return res, err } grantTypes := []string{ descriptor.GrantModifyServices, descriptor.GrantModifyUssuers, descriptor.GrantModifyUsers, } var grantOk bool for _, grantType := range grantTypes { if grantType == params.Operation { grantOk = true break } } if !grantOk { err := fmt.Errorf("Unknown grant type") return res, err } var accountDescr *descriptor.Account var accountExists bool switch { case params.AccountID != 0: accountExists, accountDescr, err = lg.db.GetAccountByID(ctx, params.AccountID) if err != nil { return res, err } case params.Username != "": accountExists, accountDescr, err = lg.db.GetAccountByUsername(ctx, params.Username) if err != nil { return res, err } } if !accountExists || accountDescr == nil { err := fmt.Errorf("Account with this id or name dont exists") return res, err } grantExists, _, err = lg.db.GetGrant(ctx, accountDescr.ID, params.Operation) if err != nil { return res, err } if !grantExists { err := fmt.Errorf("Grant %s for the user not exists") return res, err } err = lg.db.DeleteGrantByAccountID(ctx, accountDescr.ID, params.Operation) if err != nil { return res, err } return res, err }