ms-tester/internal/problems/usecase/policy_agent.go
Vyacheslav1557 be25404852 feat:
2024-10-13 19:01:36 +05:00

68 lines
1.8 KiB
Go

package usecase
import (
"context"
"git.sch9.ru/new_gate/models"
"github.com/open-policy-agent/opa/rego"
)
type PermissionService struct {
query *rego.PreparedEvalQuery
}
func NewPermissionService() *PermissionService {
query, err := rego.New(
rego.Query("allow = data.problem.rbac.allow"),
rego.Load([]string{"./opa/problem.rego"}, nil),
).PrepareForEval(context.TODO())
if err != nil {
panic(err)
}
return &PermissionService{
query: &query,
}
}
func (s *PermissionService) Allowed(ctx context.Context, user *models.User, action string) bool {
input := map[string]interface{}{
"user": user,
"action": action,
}
result, err := s.query.Eval(ctx, rego.EvalInput(input))
if err != nil {
panic(err)
}
return result[0].Bindings["allow"].(bool)
}
//func (service *ProblemUseCase) CanCreateProblem(ctx context.Context) error {
// if !service.permissionService.Allowed(ctx, extractUser(ctx), "create") {
// return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
// }
// return nil
//}
//
//func (service *ProblemUseCase) CanReadProblemById(ctx context.Context) error {
// if !service.permissionService.Allowed(ctx, extractUser(ctx), "read") {
// return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
// }
// return nil
//}
//
//func (service *ProblemUseCase) CanUpdateProblem(ctx context.Context) error {
// if !service.permissionService.Allowed(ctx, extractUser(ctx), "update") {
// return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
// }
// return nil
//}
//
//func (service *ProblemUseCase) CanDeleteProblem(ctx context.Context) error {
// if !service.permissionService.Allowed(ctx, extractUser(ctx), "delete") {
// return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
// }
// return nil
//}