package services import ( "context" "git.sch9.ru/new_gate/ms-auth/internal/lib" "git.sch9.ru/new_gate/ms-auth/internal/models" ) type UserStorage interface { CreateUser(ctx context.Context, user *models.User) (int32, error) ReadUserByEmail(ctx context.Context, email string) (*models.User, error) ReadUserByUsername(ctx context.Context, username string) (*models.User, error) ReadUserById(ctx context.Context, id int32) (*models.User, error) UpdateUser(ctx context.Context, user *models.User) error DeleteUser(ctx context.Context, id int32) error } type UserService struct { userProvider UserStorage sessionProvider SessionProvider cfg lib.Config } func NewUserService( userProvider UserStorage, sessionProvider SessionProvider, cfg lib.Config, ) *UserService { return &UserService{ userProvider: userProvider, sessionProvider: sessionProvider, cfg: cfg, } } func (u *UserService) CreateUser(ctx context.Context, user *models.User) (int32, error) { me := ctx.Value("user").(*models.User) switch *me.Role { case models.RoleAdmin: break case models.RoleModerator: if !user.Role.AtMost(models.RoleParticipant) { return 0, lib.ErrNoPermission } default: return 0, lib.ErrNoPermission } return u.userProvider.CreateUser(ctx, user) } func (u *UserService) ReadUserBySessionToken(ctx context.Context, token string) (*models.User, error) { session, err := u.sessionProvider.ReadSessionByToken(ctx, token) if err != nil { return nil, err } return u.userProvider.ReadUserById(ctx, *session.UserId) } func (u *UserService) ReadUser(ctx context.Context, id int32) (*models.User, error) { return u.userProvider.ReadUserById(ctx, id) } func (u *UserService) ReadUserByEmail(ctx context.Context, email string) (*models.User, error) { return u.userProvider.ReadUserByEmail(ctx, email) } func (u *UserService) ReadUserByUsername(ctx context.Context, username string) (*models.User, error) { return u.userProvider.ReadUserByUsername(ctx, username) } func (u *UserService) UpdateUser(ctx context.Context, modifiedUser *models.User) error { me := ctx.Value("user").(*models.User) user, err := u.userProvider.ReadUserById(ctx, *modifiedUser.Id) if err != nil { return err } hasAccess := func() bool { if me.Role.IsAdmin() { return true } if me.Role.IsModerator() { if !user.Role.AtMost(models.RoleParticipant) { return false } return true } if me.Role.IsParticipant() { if me.Id != user.Id { return false } if modifiedUser.Username != nil { return false } if modifiedUser.Email != nil { return false } if modifiedUser.ExpiresAt != nil { return false } if modifiedUser.Role != nil { return false } return true } if me.Role.IsSpectator() { return false } return false }() if !hasAccess { return lib.ErrNoPermission } return u.userProvider.UpdateUser(ctx, user) } func (u *UserService) DeleteUser(ctx context.Context, id int32) error { me := ctx.Value("user").(*models.User) if *me.Id == id || !me.Role.IsAdmin() { return lib.ErrNoPermission } return u.userProvider.DeleteUser(ctx, id) }