refactor:

2024-10-09 23:55:16 +05:00 · 2024-10-09 23:55:16 +05:00 · d62ae666d5
commit d62ae666d5
parent 81e75e5a9c
57 changed files with 656 additions and 310 deletions
--- a/internal/contests/usecase/all.rego
+++ b/internal/contests/usecase/all.rego
@ -0,0 +1,44 @@
+package problem.rbac
+
+import rego.v1
+
+spectator := 0
+participant := 1
+moderator := 2
+admin := 3
+
+permissions := {
+	"read": is_spectator,
+	"participate": is_participant,
+	"update": is_moderator,
+	"create": is_moderator,
+	"delete": is_moderator,
+}
+
+default allow := false
+
+allow if is_admin
+
+allow if {
+	permissions[input.action]
+}
+
+default is_admin := false
+is_admin if {
+	input.user.role == admin
+}
+
+default is_moderator := false
+is_moderator if {
+	input.user.role >= moderator
+}
+
+default is_participant := false
+is_participant if {
+	input.user.role >= participant
+}
+
+default is_spectator := true
+is_spectator if {
+	input.user.role >= spectator
+}
--- a/internal/contests/usecase/participants.go
+++ b/internal/contests/usecase/participants.go
@ -0,0 +1,57 @@
+package usecase
+
+import (
+	"context"
+	"git.sch9.ru/new_gate/models"
+	"git.sch9.ru/new_gate/ms-tester/internal/lib"
+)
+
+type ParticipantStorage interface {
+	CreateParticipant(ctx context.Context, participant *models.Participant) (int32, error)
+	ReadParticipantById(ctx context.Context, id int32) (*models.Participant, error)
+	UpdateParticipant(ctx context.Context, participant *models.Participant) error
+	DeleteParticipant(ctx context.Context, id int32) error
+}
+
+type ParticipantService struct {
+	participantStorage ParticipantStorage
+	permissionService  IPermissionService
+}
+
+func NewParticipantService(
+	participantStorage ParticipantStorage,
+	permissionService IPermissionService,
+) *ParticipantService {
+	return &ParticipantService{
+		participantStorage: participantStorage,
+		permissionService:  permissionService,
+	}
+}
+
+func (service *ParticipantService) CreateParticipant(ctx context.Context, participant *models.Participant) (int32, error) {
+	if !service.permissionService.Allowed(ctx, extractUser(ctx), "create") {
+		return 0, lib.ServiceError(nil, lib.ErrNoPermission, "permission denied")
+	}
+	return service.participantStorage.CreateParticipant(ctx, participant)
+}
+
+func (service *ParticipantService) ReadParticipantById(ctx context.Context, id int32) (*models.Participant, error) {
+	if !service.permissionService.Allowed(ctx, extractUser(ctx), "read") {
+		return nil, lib.ServiceError(nil, lib.ErrNoPermission, "permission denied")
+	}
+	return service.participantStorage.ReadParticipantById(ctx, id)
+}
+
+func (service *ParticipantService) UpdateParticipant(ctx context.Context, participant *models.Participant) error {
+	if !service.permissionService.Allowed(ctx, extractUser(ctx), "update") {
+		return lib.ServiceError(nil, lib.ErrNoPermission, "permission denied")
+	}
+	return service.participantStorage.UpdateParticipant(ctx, participant)
+}
+
+func (service *ParticipantService) DeleteParticipant(ctx context.Context, id int32) error {
+	if !service.permissionService.Allowed(ctx, extractUser(ctx), "delete") {
+		return lib.ServiceError(nil, lib.ErrNoPermission, "permission denied")
+	}
+	return service.participantStorage.DeleteParticipant(ctx, id)
+}
--- a/internal/contests/usecase/permission.go
+++ b/internal/contests/usecase/permission.go
@ -0,0 +1,39 @@
+package services
+
+import (
+	"context"
+	"git.sch9.ru/new_gate/models"
+	"github.com/open-policy-agent/opa/rego"
+)
+
+type PermissionService struct {
+	query *rego.PreparedEvalQuery
+}
+
+func NewPermissionService() *PermissionService {
+	query, err := rego.New(
+		rego.Query("allow = data.problem.rbac.allow"),
+		rego.Load([]string{"./opa/all.rego"}, nil),
+	).PrepareForEval(context.TODO())
+
+	if err != nil {
+		panic(err)
+	}
+
+	return &PermissionService{
+		query: &query,
+	}
+}
+
+func (s *PermissionService) Allowed(ctx context.Context, user *models.User, action string) bool {
+	input := map[string]interface{}{
+		"user":   user,
+		"action": action,
+	}
+
+	result, err := s.query.Eval(ctx, rego.EvalInput(input))
+	if err != nil {
+		panic(err)
+	}
+	return result[0].Bindings["allow"].(bool)
+}
--- a/internal/contests/usecase/solution.go
+++ b/internal/contests/usecase/solution.go
@ -0,0 +1,57 @@
+package usecase
+
+import (
+	"context"
+	"git.sch9.ru/new_gate/models"
+	"git.sch9.ru/new_gate/ms-tester/internal/lib"
+)
+
+type SolutionStorage interface {
+	CreateSolution(ctx context.Context, solution models.Solution) (int32, error)
+	ReadSolutionById(ctx context.Context, id int32) (models.Solution, error)
+	RejudgeSolution(ctx context.Context, id int32) error
+	DeleteSolution(ctx context.Context, id int32) error
+}
+
+type SolutionService struct {
+	solutionStorage   SolutionStorage
+	permissionService IPermissionService
+}
+
+func NewSolutionService(
+	solutionStorage SolutionStorage,
+	permissionService IPermissionService,
+) *SolutionService {
+	return &SolutionService{
+		solutionStorage:   solutionStorage,
+		permissionService: permissionService,
+	}
+}
+
+func (service *SolutionService) CreateSolution(ctx context.Context, solution models.Solution) (int32, error) {
+	if !service.permissionService.Allowed(ctx, extractUser(ctx), "create") {
+		return 0, lib.ServiceError(nil, lib.ErrNoPermission, "permission denied")
+	}
+	return service.solutionStorage.CreateSolution(ctx, solution)
+}
+
+func (service *SolutionService) ReadSolutionById(ctx context.Context, id int32) (models.Solution, error) {
+	if !service.permissionService.Allowed(ctx, extractUser(ctx), "read") {
+		return models.Solution{}, lib.ServiceError(nil, lib.ErrNoPermission, "permission denied")
+	}
+	return service.solutionStorage.ReadSolutionById(ctx, id)
+}
+
+func (service *SolutionService) RejudgeSolution(ctx context.Context, id int32) error {
+	if !service.permissionService.Allowed(ctx, extractUser(ctx), "update") {
+		return lib.ServiceError(nil, lib.ErrNoPermission, "permission denied")
+	}
+	return service.solutionStorage.RejudgeSolution(ctx, id)
+}
+
+func (service *SolutionService) DeleteSolution(ctx context.Context, id int32) error {
+	if !service.permissionService.Allowed(ctx, extractUser(ctx), "delete") {
+		return lib.ServiceError(nil, lib.ErrNoPermission, "permission denied")
+	}
+	return service.solutionStorage.DeleteSolution(ctx, id)
+}
--- a/internal/contests/usecase/task.go
+++ b/internal/contests/usecase/task.go
@ -0,0 +1,41 @@
+package usecase
+
+import (
+	"context"
+	"git.sch9.ru/new_gate/models"
+	"git.sch9.ru/new_gate/ms-tester/pkg/utils"
+)
+
+type TaskStorage interface {
+	CreateTask(ctx context.Context, task models.Task) (int32, error)
+	DeleteTask(ctx context.Context, id int32) error
+}
+
+type TaskService struct {
+	taskStorage       TaskStorage
+	permissionService IPermissionService
+}
+
+func NewTaskService(
+	taskStorage TaskStorage,
+	permissionService IPermissionService,
+) *TaskService {
+	return &TaskService{
+		taskStorage:       taskStorage,
+		permissionService: permissionService,
+	}
+}
+
+func (service *TaskService) CreateTask(ctx context.Context, task models.Task) (int32, error) {
+	if !service.permissionService.Allowed(ctx, extractUser(ctx), "create") {
+		return 0, utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
+	}
+	return service.taskStorage.CreateTask(ctx, task)
+}
+
+func (service *TaskService) DeleteTask(ctx context.Context, id int32) error {
+	if !service.permissionService.Allowed(ctx, extractUser(ctx), "delete") {
+		return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
+	}
+	return service.taskStorage.DeleteTask(ctx, id)
+}
--- a/internal/contests/usecase/usecase.go
+++ b/internal/contests/usecase/usecase.go
@ -0,0 +1,50 @@
+package usecase
+
+import (
+	"context"
+	"git.sch9.ru/new_gate/models"
+	"git.sch9.ru/new_gate/ms-tester/internal/contests"
+)
+
+type ContestService struct {
+	contestStorage    contests.ContestRepository
+	permissionService IPermissionService
+}
+
+func NewContestService(
+	contestStorage ContestStorage,
+	permissionService IPermissionService,
+) *ContestService {
+	return &ContestService{
+		contestStorage:    contestStorage,
+		permissionService: permissionService,
+	}
+}
+
+func (service *ContestService) CreateContest(ctx context.Context, contest *models.Contest) (int32, error) {
+	if !service.permissionService.Allowed(ctx, extractUser(ctx), "create") {
+		return 0, lib.ServiceError(nil, lib.ErrNoPermission, "permission denied")
+	}
+	return service.contestStorage.CreateContest(ctx, contest)
+}
+
+func (service *ContestService) ReadContestById(ctx context.Context, id int32) (*models.Contest, error) {
+	if !service.permissionService.Allowed(ctx, extractUser(ctx), "read") {
+		return nil, lib.ServiceError(nil, lib.ErrNoPermission, "permission denied")
+	}
+	return service.contestStorage.ReadContestById(ctx, id)
+}
+
+func (service *ContestService) UpdateContest(ctx context.Context, contest *models.Contest) error {
+	if !service.permissionService.Allowed(ctx, extractUser(ctx), "update") {
+		return lib.ServiceError(nil, lib.ErrNoPermission, "permission denied")
+	}
+	return service.contestStorage.UpdateContest(ctx, contest)
+}
+
+func (service *ContestService) DeleteContest(ctx context.Context, id int32) error {
+	if !service.permissionService.Allowed(ctx, extractUser(ctx), "delete") {
+		return lib.ServiceError(nil, lib.ErrNoPermission, "permission denied")
+	}
+	return service.contestStorage.DeleteContest(ctx, id)
+}