147 lines
3.4 KiB
Go
147 lines
3.4 KiB
Go
package logic
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"time"
|
|
|
|
"certmanager/internal/descriptor"
|
|
"certmanager/pkg/auxid"
|
|
"certmanager/pkg/cmctl"
|
|
)
|
|
|
|
func (lg *Logic) SetGrant(ctx context.Context, accountID int64, params *cmctl.SetGrantParams) (*cmctl.SetGrantResult, error) {
|
|
var err error
|
|
res := &cmctl.SetGrantResult{}
|
|
|
|
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUsers)
|
|
if err != nil {
|
|
return res, err
|
|
}
|
|
if !grantExists {
|
|
err := fmt.Errorf("Operation not allowed for the user")
|
|
return res, err
|
|
}
|
|
|
|
grantTypes := []string{
|
|
descriptor.GrantModifyServices,
|
|
descriptor.GrantModifyUssuers,
|
|
descriptor.GrantModifyUsers,
|
|
}
|
|
var grantOk bool
|
|
for _, grantType := range grantTypes {
|
|
if grantType == params.Operation {
|
|
grantOk = true
|
|
break
|
|
}
|
|
}
|
|
if !grantOk {
|
|
err := fmt.Errorf("Unknown grant type")
|
|
return res, err
|
|
}
|
|
|
|
var accountDescr *descriptor.Account
|
|
var accountExists bool
|
|
switch {
|
|
case params.AccountID != 0:
|
|
accountExists, accountDescr, err = lg.db.GetAccountByID(ctx, params.AccountID)
|
|
if err != nil {
|
|
return res, err
|
|
}
|
|
case params.Username != "":
|
|
accountExists, accountDescr, err = lg.db.GetAccountByUsername(ctx, params.Username)
|
|
if err != nil {
|
|
return res, err
|
|
}
|
|
}
|
|
if !accountExists || accountDescr == nil {
|
|
err := fmt.Errorf("Account with this id or name dont exists")
|
|
return res, err
|
|
}
|
|
|
|
grantExists, _, err = lg.db.GetGrant(ctx, accountDescr.ID, params.Operation)
|
|
if err != nil {
|
|
return res, err
|
|
}
|
|
if grantExists {
|
|
err := fmt.Errorf("Grant %s for the user already exists", params.Operation)
|
|
return res, err
|
|
}
|
|
now := time.Now().Format(time.RFC3339)
|
|
grantDescr := &descriptor.Grant{
|
|
ID: auxid.GenID(),
|
|
AccountID: accountDescr.ID,
|
|
CreatedAt: now,
|
|
Operation: params.Operation,
|
|
}
|
|
err = lg.db.InsertGrant(ctx, grantDescr)
|
|
if err != nil {
|
|
return res, err
|
|
}
|
|
return res, err
|
|
}
|
|
|
|
func (lg *Logic) DeleteGrant(ctx context.Context, accountID int64, params *cmctl.DeleteGrantParams) (*cmctl.DeleteGrantResult, error) {
|
|
var err error
|
|
res := &cmctl.DeleteGrantResult{}
|
|
|
|
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUsers)
|
|
if err != nil {
|
|
return res, err
|
|
}
|
|
if !grantExists {
|
|
err := fmt.Errorf("Operation not allowed for the user")
|
|
return res, err
|
|
}
|
|
|
|
grantTypes := []string{
|
|
descriptor.GrantModifyServices,
|
|
descriptor.GrantModifyUssuers,
|
|
descriptor.GrantModifyUsers,
|
|
}
|
|
var grantOk bool
|
|
for _, grantType := range grantTypes {
|
|
if grantType == params.Operation {
|
|
grantOk = true
|
|
break
|
|
}
|
|
}
|
|
if !grantOk {
|
|
err := fmt.Errorf("Unknown grant type")
|
|
return res, err
|
|
}
|
|
|
|
var accountDescr *descriptor.Account
|
|
var accountExists bool
|
|
switch {
|
|
case params.AccountID != 0:
|
|
accountExists, accountDescr, err = lg.db.GetAccountByID(ctx, params.AccountID)
|
|
if err != nil {
|
|
return res, err
|
|
}
|
|
case params.Username != "":
|
|
accountExists, accountDescr, err = lg.db.GetAccountByUsername(ctx, params.Username)
|
|
if err != nil {
|
|
return res, err
|
|
}
|
|
}
|
|
if !accountExists || accountDescr == nil {
|
|
err := fmt.Errorf("Account with this id or name dont exists")
|
|
return res, err
|
|
}
|
|
|
|
grantExists, _, err = lg.db.GetGrant(ctx, accountDescr.ID, params.Operation)
|
|
if err != nil {
|
|
return res, err
|
|
}
|
|
if !grantExists {
|
|
err := fmt.Errorf("Grant %s for the user not exists")
|
|
return res, err
|
|
}
|
|
err = lg.db.DeleteGrantByAccountID(ctx, accountDescr.ID, params.Operation)
|
|
if err != nil {
|
|
return res, err
|
|
}
|
|
return res, err
|
|
}
|