diff --git a/job/permission.go b/job/permission.go deleted file mode 100644 index 6572f232..00000000 --- a/job/permission.go +++ /dev/null @@ -1,35 +0,0 @@ -package job - -import ( - "github.com/flanksource/duty/context" - "github.com/flanksource/duty/models" - "gorm.io/gorm/clause" -) - -func SyncPermissionToCasbinRule(ctx context.Context) error { - var permissions []models.Permission - if err := ctx.DB().Find(&permissions).Error; err != nil { - return err - } - - for _, permission := range permissions { - rule := permissionToCasbinRule(permission) - if err := ctx.DB().Clauses(clause.OnConflict{OnConstraint: "casbin_rule_idx", UpdateAll: true}).Create(&rule).Error; err != nil { - return err - } - } - - return nil -} - -func permissionToCasbinRule(permission models.Permission) models.CasbinRule { - m := models.CasbinRule{ - PType: "p", - V0: permission.Principal(), - V1: "", // the principal (v0) handles this - V2: permission.Action, - V3: permission.Effect(), - } - - return m -} diff --git a/models/permission.go b/models/permission.go index afe6d035..e0a85636 100644 --- a/models/permission.go +++ b/models/permission.go @@ -8,36 +8,38 @@ import ( "github.com/google/uuid" ) -type CasbinRule struct { - ID int64 `gorm:"primaryKey;autoIncrement"` - PType string `json:"ptype"` - V0 string `json:"v0"` - V1 string `json:"v1"` - V2 string `json:"v2"` - V3 string `json:"v3"` - V4 string `json:"v4"` - V5 string `json:"v5"` -} - type Permission struct { - ID uuid.UUID `json:"id" gorm:"default:generate_ulid()"` - Action string `json:"action"` - CanaryID *uuid.UUID `json:"canary_id,omitempty"` - ComponentID *uuid.UUID `json:"component_id,omitempty"` - ConfigID *uuid.UUID `json:"config_id,omitempty"` - CreatedAt time.Time `json:"created_at"` - CreatedBy uuid.UUID `json:"created_by"` - Deny bool `json:"deny"` - Description string `json:"description"` - PersonID *uuid.UUID `json:"person_id,omitempty"` - PlaybookID *uuid.UUID `json:"playbook_id,omitempty"` - TeamID *uuid.UUID `json:"team_id,omitempty"` - Until *time.Time `json:"until"` - UpdatedAt *time.Time `json:"updated_at"` - UpdatedBy *uuid.UUID `json:"updated_by"` + ID uuid.UUID `json:"id" gorm:"default:generate_ulid()"` + Action string `json:"action"` + ConnectionID *uuid.UUID `json:"connection_id,omitempty"` + CanaryID *uuid.UUID `json:"canary_id,omitempty"` + ComponentID *uuid.UUID `json:"component_id,omitempty"` + ConfigID *uuid.UUID `json:"config_id,omitempty"` + CreatedAt time.Time `json:"created_at"` + CreatedBy uuid.UUID `json:"created_by"` + Deny bool `json:"deny"` + Description string `json:"description"` + PersonID *uuid.UUID `json:"person_id,omitempty"` + PlaybookID *uuid.UUID `json:"playbook_id,omitempty"` + TeamID *uuid.UUID `json:"team_id,omitempty"` + Until *time.Time `json:"until"` + UpdatedAt *time.Time `json:"updated_at"` + UpdatedBy *uuid.UUID `json:"updated_by"` } func (t *Permission) Principal() string { + if t.PersonID != nil { + return t.PersonID.String() + } + + if t.TeamID != nil { + return t.TeamID.String() + } + + return "" +} + +func (t *Permission) Condition() string { var rule []string if t.PersonID != nil { diff --git a/models/permission_test.go b/models/permission_test.go index f2cc655f..e64500f7 100644 --- a/models/permission_test.go +++ b/models/permission_test.go @@ -7,7 +7,7 @@ import ( "github.com/samber/lo" ) -func TestPermission_Principal(t *testing.T) { +func TestPermission_Condition(t *testing.T) { tests := []struct { name string perm Permission @@ -53,7 +53,7 @@ func TestPermission_Principal(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - result := tt.perm.Principal() + result := tt.perm.Condition() if tt.expected != result { t.Errorf("Expected %s, got %s", tt.expected, result) } diff --git a/schema/permissions.hcl b/schema/permissions.hcl index e418a223..f099f0ac 100644 --- a/schema/permissions.hcl +++ b/schema/permissions.hcl @@ -58,8 +58,9 @@ table "permissions" { null = true type = uuid } + column "updated_by" { - null = false + null = true type = uuid }