65 lines
2 KiB
Go
65 lines
2 KiB
Go
// monorepo/cloud/backend/internal/maplefile/usecase/collection/check_access.go
|
|
package collection
|
|
|
|
import (
|
|
"context"
|
|
|
|
"go.uber.org/zap"
|
|
|
|
"github.com/gocql/gocql"
|
|
"codeberg.org/mapleopentech/monorepo/cloud/maplefile-backend/config"
|
|
dom_collection "codeberg.org/mapleopentech/monorepo/cloud/maplefile-backend/internal/domain/collection"
|
|
"codeberg.org/mapleopentech/monorepo/cloud/maplefile-backend/pkg/httperror"
|
|
)
|
|
|
|
type CheckCollectionAccessUseCase interface {
|
|
Execute(ctx context.Context, collectionID, userID gocql.UUID, requiredPermission string) (bool, error)
|
|
}
|
|
|
|
type checkCollectionAccessUseCaseImpl struct {
|
|
config *config.Configuration
|
|
logger *zap.Logger
|
|
repo dom_collection.CollectionRepository
|
|
}
|
|
|
|
func NewCheckCollectionAccessUseCase(
|
|
config *config.Configuration,
|
|
logger *zap.Logger,
|
|
repo dom_collection.CollectionRepository,
|
|
) CheckCollectionAccessUseCase {
|
|
logger = logger.Named("CheckCollectionAccessUseCase")
|
|
return &checkCollectionAccessUseCaseImpl{config, logger, repo}
|
|
}
|
|
|
|
func (uc *checkCollectionAccessUseCaseImpl) Execute(ctx context.Context, collectionID, userID gocql.UUID, requiredPermission string) (bool, error) {
|
|
//
|
|
// STEP 1: Validation.
|
|
//
|
|
|
|
e := make(map[string]string)
|
|
if collectionID.String() == "" {
|
|
e["collection_id"] = "Collection ID is required"
|
|
}
|
|
if userID.String() == "" {
|
|
e["user_id"] = "User ID is required"
|
|
}
|
|
if requiredPermission == "" {
|
|
// Default to read-only if not specified
|
|
requiredPermission = dom_collection.CollectionPermissionReadOnly
|
|
} else if requiredPermission != dom_collection.CollectionPermissionReadOnly &&
|
|
requiredPermission != dom_collection.CollectionPermissionReadWrite &&
|
|
requiredPermission != dom_collection.CollectionPermissionAdmin {
|
|
e["required_permission"] = "Invalid permission level"
|
|
}
|
|
if len(e) != 0 {
|
|
uc.logger.Warn("Failed validating check collection access",
|
|
zap.Any("error", e))
|
|
return false, httperror.NewForBadRequest(&e)
|
|
}
|
|
|
|
//
|
|
// STEP 2: Check access.
|
|
//
|
|
|
|
return uc.repo.CheckAccess(ctx, collectionID, userID, requiredPermission)
|
|
}
|