ms-tester/internal/problems/usecase/policy_agent.go

package usecase

import (
	"context"
	"git.sch9.ru/new_gate/ms-tester/internal/models"
	"github.com/open-policy-agent/opa/rego"
)

type PermissionService struct {
	query *rego.PreparedEvalQuery
}

func NewPermissionService() *PermissionService {
	query, err := rego.New(
		rego.Query("allow = data.problem.rbac.allow"),
		rego.Load([]string{"./opa/problem.rego"}, nil),
	).PrepareForEval(context.TODO())

	if err != nil {
		panic(err)
	}

	return &PermissionService{
		query: &query,
	}
}

func (s *PermissionService) Allowed(ctx context.Context, user *models.User, action string) bool {
	input := map[string]interface{}{
		"user":   user,
		"action": action,
	}

	result, err := s.query.Eval(ctx, rego.EvalInput(input))
	if err != nil {
		panic(err)
	}
	return result[0].Bindings["allow"].(bool)
}

//func (service *ProblemUseCase) CanCreateProblem(ctx context.Context) error {
//	if !service.permissionService.Allowed(ctx, extractUser(ctx), "create") {
//		return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
//	}
//	return nil
//}
//
//func (service *ProblemUseCase) CanReadProblemById(ctx context.Context) error {
//	if !service.permissionService.Allowed(ctx, extractUser(ctx), "read") {
//		return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
//	}
//	return nil
//}
//
//func (service *ProblemUseCase) CanUpdateProblem(ctx context.Context) error {
//	if !service.permissionService.Allowed(ctx, extractUser(ctx), "update") {
//		return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
//	}
//	return nil
//}
//
//func (service *ProblemUseCase) CanDeleteProblem(ctx context.Context) error {
//	if !service.permissionService.Allowed(ctx, extractUser(ctx), "delete") {
//		return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
//	}
//	return nil
//}
feat: 2024-10-13 14:01:36 +00:00			`package usecase`

			`import (`
			`"context"`
feat: 2024-10-13 16:21:12 +00:00			`"git.sch9.ru/new_gate/ms-tester/internal/models"`
feat: 2024-10-13 14:01:36 +00:00			`"github.com/open-policy-agent/opa/rego"`
			`)`

			`type PermissionService struct {`
			`query *rego.PreparedEvalQuery`
			`}`

			`func NewPermissionService() *PermissionService {`
			`query, err := rego.New(`
			`rego.Query("allow = data.problem.rbac.allow"),`
			`rego.Load([]string{"./opa/problem.rego"}, nil),`
			`).PrepareForEval(context.TODO())`

			`if err != nil {`
			`panic(err)`
			`}`

			`return &PermissionService{`
			`query: &query,`
			`}`
			`}`

			`func (s PermissionService) Allowed(ctx context.Context, user models.User, action string) bool {`
			`input := map[string]interface{}{`
			`"user": user,`
			`"action": action,`
			`}`

			`result, err := s.query.Eval(ctx, rego.EvalInput(input))`
			`if err != nil {`
			`panic(err)`
			`}`
			`return result[0].Bindings["allow"].(bool)`
			`}`

			`//func (service *ProblemUseCase) CanCreateProblem(ctx context.Context) error {`
			`// if !service.permissionService.Allowed(ctx, extractUser(ctx), "create") {`
			`// return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")`
			`// }`
			`// return nil`
			`//}`
			`//`
			`//func (service *ProblemUseCase) CanReadProblemById(ctx context.Context) error {`
			`// if !service.permissionService.Allowed(ctx, extractUser(ctx), "read") {`
			`// return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")`
			`// }`
			`// return nil`
			`//}`
			`//`
			`//func (service *ProblemUseCase) CanUpdateProblem(ctx context.Context) error {`
			`// if !service.permissionService.Allowed(ctx, extractUser(ctx), "update") {`
			`// return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")`
			`// }`
			`// return nil`
			`//}`
			`//`
			`//func (service *ProblemUseCase) CanDeleteProblem(ctx context.Context) error {`
			`// if !service.permissionService.Allowed(ctx, extractUser(ctx), "delete") {`
			`// return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")`
			`// }`
			`// return nil`
			`//}`