feat:

internal/problems/usecase/policy_agent.go

@@ -0,0 +1,67 @@
+package usecase
+
+import (
+	"context"
+	"git.sch9.ru/new_gate/models"
+	"github.com/open-policy-agent/opa/rego"
+)
+
+type PermissionService struct {
+	query *rego.PreparedEvalQuery
+}
+
+func NewPermissionService() *PermissionService {
+	query, err := rego.New(
+		rego.Query("allow = data.problem.rbac.allow"),
+		rego.Load([]string{"./opa/problem.rego"}, nil),
+	).PrepareForEval(context.TODO())
+
+	if err != nil {
+		panic(err)
+	}
+
+	return &PermissionService{
+		query: &query,
+	}
+}
+
+func (s *PermissionService) Allowed(ctx context.Context, user *models.User, action string) bool {
+	input := map[string]interface{}{
+		"user":   user,
+		"action": action,
+	}
+
+	result, err := s.query.Eval(ctx, rego.EvalInput(input))
+	if err != nil {
+		panic(err)
+	}
+	return result[0].Bindings["allow"].(bool)
+}
+
+//func (service *ProblemUseCase) CanCreateProblem(ctx context.Context) error {
+//	if !service.permissionService.Allowed(ctx, extractUser(ctx), "create") {
+//		return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
+//	}
+//	return nil
+//}
+//
+//func (service *ProblemUseCase) CanReadProblemById(ctx context.Context) error {
+//	if !service.permissionService.Allowed(ctx, extractUser(ctx), "read") {
+//		return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
+//	}
+//	return nil
+//}
+//
+//func (service *ProblemUseCase) CanUpdateProblem(ctx context.Context) error {
+//	if !service.permissionService.Allowed(ctx, extractUser(ctx), "update") {
+//		return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
+//	}
+//	return nil
+//}
+//
+//func (service *ProblemUseCase) CanDeleteProblem(ctx context.Context) error {
+//	if !service.permissionService.Allowed(ctx, extractUser(ctx), "delete") {
+//		return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
+//	}
+//	return nil
+//}

internal/problems/usecase/usecase.go

@@ -2,100 +2,34 @@ package usecase
 
 import (
 	"context"
-	"git.sch9.ru/new_gate/models"
+	"git.sch9.ru/new_gate/ms-tester/internal/models"
+	"git.sch9.ru/new_gate/ms-tester/internal/problems"
 	"git.sch9.ru/new_gate/ms-tester/pkg/external/pandoc"
-	"git.sch9.ru/new_gate/ms-tester/pkg/utils"
 )
 
-type ProblemStorage interface {
-	CreateProblem(ctx context.Context, problem *models.Problem, testGroupData []models.TestGroupData) (int32, error)
-	ReadProblemById(ctx context.Context, id int32) (*models.Problem, error)
-	UpdateProblem(ctx context.Context, problem *models.Problem) error
-	DeleteProblem(ctx context.Context, id int32) error
-}
-
-type IPermissionService interface {
-	Allowed(ctx context.Context, user *models.User, action string) bool
-}
-
 type ProblemUseCase struct {
-	problemStorage    ProblemStorage
-	pandocClient      pandoc.PandocClient
-	permissionService IPermissionService
+	problemRepo  problems.ProblemPostgresRepository
+	pandocClient pandoc.PandocClient
 }
 
 func NewProblemUseCase(
-	problemStorage ProblemStorage,
+	problemRepo problems.ProblemPostgresRepository,
 	pandocClient pandoc.PandocClient,
-	permissionService IPermissionService,
 ) *ProblemUseCase {
 	return &ProblemUseCase{
-		problemStorage:    problemStorage,
-		pandocClient:      pandocClient,
-		permissionService: permissionService,
+		problemRepo:  problemRepo,
+		pandocClient: pandocClient,
 	}
 }
 
-func extractUser(ctx context.Context) *models.User {
-	return ctx.Value("user").(*models.User)
+func (u *ProblemUseCase) CreateProblem(ctx context.Context, title string) (int32, error) {
+	return u.problemRepo.CreateProblem(ctx, title)
 }
 
-func (service *ProblemUseCase) CanCreateProblem(ctx context.Context) error {
-	if !service.permissionService.Allowed(ctx, extractUser(ctx), "create") {
-		return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
-	}
-	return nil
+func (u *ProblemUseCase) ReadProblemById(ctx context.Context, id int32) (*models.Problem, error) {
+	return u.problemRepo.ReadProblemById(ctx, id)
 }
 
-func (service *ProblemUseCase) CanReadProblemById(ctx context.Context) error {
-	if !service.permissionService.Allowed(ctx, extractUser(ctx), "read") {
-		return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
-	}
-	return nil
-}
-
-func (service *ProblemUseCase) CanUpdateProblem(ctx context.Context) error {
-	if !service.permissionService.Allowed(ctx, extractUser(ctx), "update") {
-		return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
-	}
-	return nil
-}
-
-func (service *ProblemUseCase) CanDeleteProblem(ctx context.Context) error {
-	if !service.permissionService.Allowed(ctx, extractUser(ctx), "delete") {
-		return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
-	}
-	return nil
-}
-
-func (service *ProblemUseCase) CreateProblem(ctx context.Context, problem *models.Problem) (int32, error) {
-	if err := service.CanCreateProblem(ctx); err != nil {
-		return 0, err
-	}
-	_, err := service.pandocClient.ConvertLatexToHtml5(ctx, *problem.Description)
-	if err != nil {
-		return 0, err
-	}
-	return service.problemStorage.CreateProblem(ctx, problem, nil)
-}
-
-func (service *ProblemUseCase) ReadProblemById(ctx context.Context, id int32) (*models.Problem, error) {
-	if err := service.CanReadProblemById(ctx); err != nil {
-		return nil, err
-	}
-	return service.problemStorage.ReadProblemById(ctx, id)
-}
-
-func (service *ProblemUseCase) UpdateProblem(ctx context.Context, problem *models.Problem) error {
-	if err := service.CanUpdateProblem(ctx); err != nil {
-		return err
-	}
-	return service.problemStorage.UpdateProblem(ctx, problem)
-}
-
-func (service *ProblemUseCase) DeleteProblem(ctx context.Context, id int32) error {
-	if err := service.CanDeleteProblem(ctx); err != nil {
-		return err
-	}
-	return service.problemStorage.DeleteProblem(ctx, id)
+func (u *ProblemUseCase) DeleteProblem(ctx context.Context, id int32) error {
+	return u.problemRepo.DeleteProblem(ctx, id)
 }