feat: roles, permissions
This commit is contained in:
@@ -3,6 +3,7 @@ package model
|
||||
import (
|
||||
"time"
|
||||
|
||||
"git.ma-al.com/goc_daniel/b2b/app/delivery/middleware/perms"
|
||||
"gorm.io/gorm"
|
||||
)
|
||||
|
||||
@@ -13,7 +14,8 @@ type Customer struct {
|
||||
Password string `gorm:"size:255" json:"-"` // Hashed password, not exposed in JSON
|
||||
FirstName string `gorm:"size:100" json:"first_name"`
|
||||
LastName string `gorm:"size:100" json:"last_name"`
|
||||
Role CustomerRole `gorm:"type:varchar(20);default:'user'" json:"role"`
|
||||
RoleID uint `gorm:"column:role_id;not null;default:1" json:"-"`
|
||||
Role Role `gorm:"foreignKey:RoleID" json:"role"`
|
||||
Provider AuthProvider `gorm:"type:varchar(20);default:'local'" json:"provider"`
|
||||
ProviderID string `gorm:"size:255" json:"provider_id,omitempty"` // ID from OAuth provider
|
||||
AvatarURL string `gorm:"size:500" json:"avatar_url,omitempty"`
|
||||
@@ -32,14 +34,6 @@ type Customer struct {
|
||||
DeletedAt gorm.DeletedAt `gorm:"index" json:"-"`
|
||||
}
|
||||
|
||||
// CustomerRole represents the role of a user
|
||||
type CustomerRole string
|
||||
|
||||
const (
|
||||
RoleUser CustomerRole = "user"
|
||||
RoleAdmin CustomerRole = "admin"
|
||||
)
|
||||
|
||||
// AuthProvider represents the authentication provider
|
||||
type AuthProvider string
|
||||
|
||||
@@ -53,16 +47,6 @@ func (Customer) TableName() string {
|
||||
return "b2b_customers"
|
||||
}
|
||||
|
||||
// IsAdmin checks if the user has admin role
|
||||
func (u *Customer) IsAdmin() bool {
|
||||
return u.Role == RoleAdmin
|
||||
}
|
||||
|
||||
// CanManageUsers checks if the user can manage other users
|
||||
func (u *Customer) CanManageUsers() bool {
|
||||
return u.Role == RoleAdmin
|
||||
}
|
||||
|
||||
// FullName returns the user's full name
|
||||
func (u *Customer) FullName() string {
|
||||
if u.FirstName == "" && u.LastName == "" {
|
||||
@@ -73,27 +57,51 @@ func (u *Customer) FullName() string {
|
||||
|
||||
// UserSession represents a user session for JWT claims
|
||||
type UserSession struct {
|
||||
UserID uint `json:"user_id"`
|
||||
Email string `json:"email"`
|
||||
Username string `json:"username"`
|
||||
Role CustomerRole `json:"role"`
|
||||
LangID uint `json:"lang_id"`
|
||||
CountryID uint `json:"country_id"`
|
||||
IsActive bool `json:"is_active"`
|
||||
UserID uint `json:"user_id"`
|
||||
Email string `json:"email"`
|
||||
Username string `json:"username"`
|
||||
RoleID uint `json:"role_id"`
|
||||
RoleName string `json:"role_name"`
|
||||
LangID uint `json:"lang_id"`
|
||||
CountryID uint `json:"country_id"`
|
||||
IsActive bool `json:"is_active"`
|
||||
Permissions []perms.Permission `json:"permissions"`
|
||||
}
|
||||
|
||||
func (us *UserSession) HasPermission(permission perms.Permission) bool {
|
||||
for _, p := range us.Permissions {
|
||||
if p == permission {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// ToSession converts User to UserSession
|
||||
func (u *Customer) ToSession() *UserSession {
|
||||
|
||||
return &UserSession{
|
||||
UserID: u.ID,
|
||||
Email: u.Email,
|
||||
Role: u.Role,
|
||||
LangID: u.LangID,
|
||||
CountryID: u.CountryID,
|
||||
IsActive: u.IsActive,
|
||||
UserID: u.ID,
|
||||
Email: u.Email,
|
||||
RoleID: u.Role.ID,
|
||||
RoleName: u.Role.Name,
|
||||
Permissions: BuildPermissionSlice(u),
|
||||
LangID: u.LangID,
|
||||
CountryID: u.CountryID,
|
||||
IsActive: u.IsActive,
|
||||
}
|
||||
}
|
||||
|
||||
func BuildPermissionSlice(user *Customer) []perms.Permission {
|
||||
var perms []perms.Permission
|
||||
|
||||
for _, p := range user.Role.Permissions {
|
||||
perms = append(perms, p.Name)
|
||||
}
|
||||
|
||||
return perms
|
||||
}
|
||||
|
||||
// LoginRequest represents the login form data
|
||||
type LoginRequest struct {
|
||||
Email string `json:"email" form:"email"`
|
||||
|
||||
Reference in New Issue
Block a user