refactor:

internal/tester/delivery.go

@@ -0,0 +1 @@
+package tester

internal/tester/delivery/grpc/handlers.go

@@ -0,0 +1 @@
+package grpc

internal/tester/pg_repository.go

@@ -0,0 +1 @@
+package tester

internal/tester/repository/pg_repository.go

@@ -0,0 +1 @@
+package repository

internal/tester/usecase.go

@@ -0,0 +1 @@
+package tester

internal/tester/usecase/all.rego

@@ -0,0 +1,44 @@
+package problem.rbac
+
+import rego.v1
+
+spectator := 0
+participant := 1
+moderator := 2
+admin := 3
+
+permissions := {
+	"read": is_spectator,
+	"participate": is_participant,
+	"update": is_moderator,
+	"create": is_moderator,
+	"delete": is_moderator,
+}
+
+default allow := false
+
+allow if is_admin
+
+allow if {
+	permissions[input.action]
+}
+
+default is_admin := false
+is_admin if {
+	input.user.role == admin
+}
+
+default is_moderator := false
+is_moderator if {
+	input.user.role >= moderator
+}
+
+default is_participant := false
+is_participant if {
+	input.user.role >= participant
+}
+
+default is_spectator := true
+is_spectator if {
+	input.user.role >= spectator
+}

internal/tester/usecase/permission.go

@@ -0,0 +1,39 @@
+package services
+
+import (
+	"context"
+	"git.sch9.ru/new_gate/models"
+	"github.com/open-policy-agent/opa/rego"
+)
+
+type PermissionService struct {
+	query *rego.PreparedEvalQuery
+}
+
+func NewPermissionService() *PermissionService {
+	query, err := rego.New(
+		rego.Query("allow = data.problem.rbac.allow"),
+		rego.Load([]string{"./opa/all.rego"}, nil),
+	).PrepareForEval(context.TODO())
+
+	if err != nil {
+		panic(err)
+	}
+
+	return &PermissionService{
+		query: &query,
+	}
+}
+
+func (s *PermissionService) Allowed(ctx context.Context, user *models.User, action string) bool {
+	input := map[string]interface{}{
+		"user":   user,
+		"action": action,
+	}
+
+	result, err := s.query.Eval(ctx, rego.EvalInput(input))
+	if err != nil {
+		panic(err)
+	}
+	return result[0].Bindings["allow"].(bool)
+}

internal/tester/usecase/usecase.go

@@ -0,0 +1 @@
+package usecase