refactor:

2024-10-09 23:55:16 +05:00 · 2024-10-09 23:55:16 +05:00 · d62ae666d5
commit d62ae666d5
parent 81e75e5a9c
57 changed files with 656 additions and 310 deletions
--- a/internal/problems/usecase/all.rego
+++ b/internal/problems/usecase/all.rego
@ -0,0 +1,44 @@
+package problem.rbac
+
+import rego.v1
+
+spectator := 0
+participant := 1
+moderator := 2
+admin := 3
+
+permissions := {
+	"read": is_spectator,
+	"participate": is_participant,
+	"update": is_moderator,
+	"create": is_moderator,
+	"delete": is_moderator,
+}
+
+default allow := false
+
+allow if is_admin
+
+allow if {
+	permissions[input.action]
+}
+
+default is_admin := false
+is_admin if {
+	input.user.role == admin
+}
+
+default is_moderator := false
+is_moderator if {
+	input.user.role >= moderator
+}
+
+default is_participant := false
+is_participant if {
+	input.user.role >= participant
+}
+
+default is_spectator := true
+is_spectator if {
+	input.user.role >= spectator
+}
--- a/internal/problems/usecase/permission.go
+++ b/internal/problems/usecase/permission.go
@ -0,0 +1,39 @@
+package services
+
+import (
+	"context"
+	"git.sch9.ru/new_gate/models"
+	"github.com/open-policy-agent/opa/rego"
+)
+
+type PermissionService struct {
+	query *rego.PreparedEvalQuery
+}
+
+func NewPermissionService() *PermissionService {
+	query, err := rego.New(
+		rego.Query("allow = data.problem.rbac.allow"),
+		rego.Load([]string{"./opa/all.rego"}, nil),
+	).PrepareForEval(context.TODO())
+
+	if err != nil {
+		panic(err)
+	}
+
+	return &PermissionService{
+		query: &query,
+	}
+}
+
+func (s *PermissionService) Allowed(ctx context.Context, user *models.User, action string) bool {
+	input := map[string]interface{}{
+		"user":   user,
+		"action": action,
+	}
+
+	result, err := s.query.Eval(ctx, rego.EvalInput(input))
+	if err != nil {
+		panic(err)
+	}
+	return result[0].Bindings["allow"].(bool)
+}
--- a/internal/problems/usecase/usecase.go
+++ b/internal/problems/usecase/usecase.go
@ -0,0 +1,101 @@
+package usecase
+
+import (
+	"context"
+	"git.sch9.ru/new_gate/models"
+	"git.sch9.ru/new_gate/ms-tester/internal/lib"
+	"git.sch9.ru/new_gate/ms-tester/pkg/external/pandoc"
+)
+
+type ProblemStorage interface {
+	CreateProblem(ctx context.Context, problem *models.Problem, testGroupData []models.TestGroupData) (int32, error)
+	ReadProblemById(ctx context.Context, id int32) (*models.Problem, error)
+	UpdateProblem(ctx context.Context, problem *models.Problem) error
+	DeleteProblem(ctx context.Context, id int32) error
+}
+
+type IPermissionService interface {
+	Allowed(ctx context.Context, user *models.User, action string) bool
+}
+
+type ProblemUseCase struct {
+	problemStorage    ProblemStorage
+	pandocClient      pandoc.PandocClient
+	permissionService IPermissionService
+}
+
+func NewProblemUseCase(
+	problemStorage ProblemStorage,
+	pandocClient pandoc.PandocClient,
+	permissionService IPermissionService,
+) *ProblemUseCase {
+	return &ProblemUseCase{
+		problemStorage:    problemStorage,
+		pandocClient:      pandocClient,
+		permissionService: permissionService,
+	}
+}
+
+func extractUser(ctx context.Context) *models.User {
+	return ctx.Value("user").(*models.User)
+}
+
+func (service *ProblemUseCase) CanCreateProblem(ctx context.Context) error {
+	if !service.permissionService.Allowed(ctx, extractUser(ctx), "create") {
+		return lib.ServiceError(nil, lib.ErrNoPermission, "permission denied")
+	}
+	return nil
+}
+
+func (service *ProblemUseCase) CanReadProblemById(ctx context.Context) error {
+	if !service.permissionService.Allowed(ctx, extractUser(ctx), "read") {
+		return lib.ServiceError(nil, lib.ErrNoPermission, "permission denied")
+	}
+	return nil
+}
+
+func (service *ProblemUseCase) CanUpdateProblem(ctx context.Context) error {
+	if !service.permissionService.Allowed(ctx, extractUser(ctx), "update") {
+		return lib.ServiceError(nil, lib.ErrNoPermission, "permission denied")
+	}
+	return nil
+}
+
+func (service *ProblemUseCase) CanDeleteProblem(ctx context.Context) error {
+	if !service.permissionService.Allowed(ctx, extractUser(ctx), "delete") {
+		return lib.ServiceError(nil, lib.ErrNoPermission, "permission denied")
+	}
+	return nil
+}
+
+func (service *ProblemUseCase) CreateProblem(ctx context.Context, problem *models.Problem) (int32, error) {
+	if err := service.CanCreateProblem(ctx); err != nil {
+		return 0, err
+	}
+	_, err := service.pandocClient.ConvertLatexToHtml5(ctx, *problem.Description)
+	if err != nil {
+		return 0, err
+	}
+	return service.problemStorage.CreateProblem(ctx, problem, nil)
+}
+
+func (service *ProblemUseCase) ReadProblemById(ctx context.Context, id int32) (*models.Problem, error) {
+	if err := service.CanReadProblemById(ctx); err != nil {
+		return nil, err
+	}
+	return service.problemStorage.ReadProblemById(ctx, id)
+}
+
+func (service *ProblemUseCase) UpdateProblem(ctx context.Context, problem *models.Problem) error {
+	if err := service.CanUpdateProblem(ctx); err != nil {
+		return err
+	}
+	return service.problemStorage.UpdateProblem(ctx, problem)
+}
+
+func (service *ProblemUseCase) DeleteProblem(ctx context.Context, id int32) error {
+	if err := service.CanDeleteProblem(ctx); err != nil {
+		return err
+	}
+	return service.problemStorage.DeleteProblem(ctx, id)
+}