wip: move permissions to fga

ZEISS · May 16, 2024 · 76fe93c · 76fe93c
1 parent 263a4f1
commit 76fe93c
Show file tree

Hide file tree

Showing 9 changed files with 29 additions and 138 deletions.
diff --git a/internal/api/adapters/db/db.go b/internal/api/adapters/db/db.go
@@ -24,7 +24,7 @@ func NewDB(conn *gorm.DB) *DB {
 // RunMigrations ...
 func (db *DB) RunMigrations() error {
 	return db.conn.AutoMigrate(
-		&models.Team{},
+		&authz.Team{},
 		&authz.User{},
 		&authz.Role{},
 		&authz.Permission{},
@@ -36,8 +36,6 @@ func (db *DB) RunMigrations() error {
 		&models.Account{},
 		&models.System{},
 		&models.Tag{},
-		&models.Ownership{},
-		&models.Allow{},
 		&models.Cluster{},
 		&models.SigningKeyGroup{},
 	)

diff --git a/internal/api/adapters/db/teams.go b/internal/api/adapters/db/teams.go
@@ -3,25 +3,26 @@ package db
 import (
 	"context"
 
+	authz "github.com/zeiss/fiber-authz"
 	"github.com/zeiss/typhoon/internal/api/models"
 )
 
 // CreateTeam creates a new team.
-func (db *DB) CreateTeam(ctx context.Context, team *models.Team) error {
+func (db *DB) CreateTeam(ctx context.Context, team *authz.Team) error {
 	return db.conn.WithContext(ctx).Create(team).Error
 }
 
 // GetTeam retrieves a team by its ID.
-func (db *DB) GetTeam(ctx context.Context, team *models.Team) error {
+func (db *DB) GetTeam(ctx context.Context, team *authz.Team) error {
 	return db.conn.WithContext(ctx).First(team).Error
 }
 
 // DeleteTeam deletes a team by its ID.
-func (db *DB) DeleteTeam(ctx context.Context, team *models.Team) error {
+func (db *DB) DeleteTeam(ctx context.Context, team *authz.Team) error {
 	return db.conn.WithContext(ctx).Delete(team).Error
 }
 
 // ListTeams retrieves all teams.
-func (db *DB) ListTeams(ctx context.Context, pagination *models.Pagination[models.Team]) error {
+func (db *DB) ListTeams(ctx context.Context, pagination *models.Pagination[authz.Team]) error {
 	return db.conn.WithContext(ctx).Scopes(models.Paginate(&pagination.Rows, pagination, db.conn)).Find(&pagination.Rows).Error
 }
diff --git a/internal/api/controllers/teams.go b/internal/api/controllers/teams.go
@@ -39,13 +39,13 @@ var _ TeamsController = (*teamsController)(nil)
 // TeamsController ...
 type TeamsController interface {
 	// CreateTeam ...
-	CreateTeam(ctx context.Context, cmd CreateTeamCommand) (models.Team, error)
+	CreateTeam(ctx context.Context, cmd CreateTeamCommand) (authz.Team, error)
 	// DeleteTeam ...
 	DeleteTeam(ctx context.Context, cmd DeleteTeamCommand) error
 	// GetTeam ...
-	GetTeam(ctx context.Context, query GetTeamQuery) (models.Team, error)
+	GetTeam(ctx context.Context, query GetTeamQuery) (authz.Team, error)
 	// ListTeams ...
-	ListTeams(ctx context.Context, query ListTeamsQuery) (models.Pagination[models.Team], error)
+	ListTeams(ctx context.Context, query ListTeamsQuery) (models.Pagination[authz.Team], error)
 }
 
 type teamsController struct {
@@ -58,12 +58,10 @@ func NewTeamsController(db ports.Teams) *teamsController {
 }
 
 // CreateTeam ...
-func (c *teamsController) CreateTeam(ctx context.Context, cmd CreateTeamCommand) (models.Team, error) {
-	team := models.Team{
-		Team: &authz.Team{
-			Name:        cmd.Name,
-			Description: utils.StrPtr(cmd.Description),
-		},
+func (c *teamsController) CreateTeam(ctx context.Context, cmd CreateTeamCommand) (authz.Team, error) {
+	team := authz.Team{
+		Name:        cmd.Name,
+		Description: utils.StrPtr(cmd.Description),
 	}
 
 	err := c.db.CreateTeam(ctx, &team)
@@ -76,21 +74,17 @@ func (c *teamsController) CreateTeam(ctx context.Context, cmd CreateTeamCommand)
 
 // DeleteTeam ...
 func (c *teamsController) DeleteTeam(ctx context.Context, cmd DeleteTeamCommand) error {
-	team := models.Team{
-		Team: &authz.Team{
-			ID: cmd.ID,
-		},
+	team := authz.Team{
+		ID: cmd.ID,
 	}
 
 	return c.db.DeleteTeam(ctx, &team)
 }
 
 // GetTeam ...
-func (c *teamsController) GetTeam(ctx context.Context, query GetTeamQuery) (models.Team, error) {
-	team := models.Team{
-		Team: &authz.Team{
-			ID: query.ID,
-		},
+func (c *teamsController) GetTeam(ctx context.Context, query GetTeamQuery) (authz.Team, error) {
+	team := authz.Team{
+		ID: query.ID,
 	}
 
 	err := c.db.GetTeam(ctx, &team)
@@ -102,8 +96,8 @@ func (c *teamsController) GetTeam(ctx context.Context, query GetTeamQuery) (mode
 }
 
 // ListTeams ...
-func (c *teamsController) ListTeams(ctx context.Context, query ListTeamsQuery) (models.Pagination[models.Team], error) {
-	pagination := models.Pagination[models.Team]{
+func (c *teamsController) ListTeams(ctx context.Context, query ListTeamsQuery) (models.Pagination[authz.Team], error) {
+	pagination := models.Pagination[authz.Team]{
 		Offset: query.Offset,
 		Limit:  query.Limit,
 		Search: query.Search,

diff --git a/internal/api/models/allow.go b/internal/api/models/allow.go
diff --git a/internal/api/models/ownership.go b/internal/api/models/ownership.go
diff --git a/internal/api/models/system.go b/internal/api/models/system.go
@@ -25,23 +25,13 @@ type System struct {
 	Name string `json:"name" gorm:"unique" validate:"required,min=3,max=128"`
 	// Description is the description of the system.
 	Description string `json:"description" validate:"max=1024"`
-
 	// Clusters is the clusters that are associated with the system.
 	Clusters []Cluster `json:"clusters" gorm:"foreignKey:SystemID"`
-
 	// Operator is the operator this is associated with this system to operate.
 	Operator   Operator  `json:"operator" gorm:"foreignKey:OperatorID"`
 	OperatorID uuid.UUID `json:"operator_id"`
-
 	// Tags is the tags that are associated with the system.
 	Tags []*Tag `json:"tags" gorm:"polymorphic:Taggable;polymorphicValue:system;"`
-
-	// OwnedBy is the owner of the account. This is usually a team.
-	OwnedBy Ownership `json:"owned_by" gorm:"polymorphic:Ownable;polymorphicValue:system;"`
-
-	// AllowedBy is the allowed by of the account. This is usually a team.
-	AllowedBy []Allow `json:"allowed_by" gorm:"polymorphic:Allowable;polymorphicValue:system;"`
-
 	// CreatedAt is the time the system was created.
 	CreatedAt time.Time `json:"created_at"`
 	// UpdatedAt is the time the system was updated.

diff --git a/internal/api/models/team.go b/internal/api/models/team.go
diff --git a/internal/api/ports/teams.go b/internal/api/ports/teams.go
@@ -3,17 +3,18 @@ package ports
 import (
 	"context"
 
+	authz "github.com/zeiss/fiber-authz"
 	"github.com/zeiss/typhoon/internal/api/models"
 )
 
 // Teams is the interface that wraps the methods to access data.
 type Teams interface {
 	// CreateTeam creates a new team.
-	CreateTeam(ctx context.Context, team *models.Team) error
+	CreateTeam(ctx context.Context, team *authz.Team) error
 	// GetTeam returns the team with the given id.
-	GetTeam(ctx context.Context, team *models.Team) error
+	GetTeam(ctx context.Context, team *authz.Team) error
 	// DeleteTeam deletes the team with the given id.
-	DeleteTeam(ctx context.Context, team *models.Team) error
+	DeleteTeam(ctx context.Context, team *authz.Team) error
 	// ListTeams returns all teams.
-	ListTeams(ctx context.Context, pagination *models.Pagination[models.Team]) error
+	ListTeams(ctx context.Context, pagination *models.Pagination[authz.Team]) error
 }
diff --git a/pkg/apis/dto/teams.go b/pkg/apis/dto/teams.go
@@ -1,6 +1,7 @@
 package dto
 
 import (
+	authz "github.com/zeiss/fiber-authz"
 	"github.com/zeiss/typhoon/internal/api/controllers"
 	"github.com/zeiss/typhoon/internal/api/models"
 	"github.com/zeiss/typhoon/internal/utils"
@@ -16,7 +17,7 @@ func FromCreateTeamRequest(req openapi.CreateTeamRequestObject) controllers.Crea
 }
 
 // ToCreateTeamResponse ...
-func ToCreateTeamResponse(team models.Team) openapi.CreateTeam201JSONResponse {
+func ToCreateTeamResponse(team authz.Team) openapi.CreateTeam201JSONResponse {
 	res := openapi.CreateTeam201JSONResponse{}
 	res.Id = utils.PtrUUID(team.ID)
 	res.Name = team.Name
@@ -35,7 +36,7 @@ func FromGetTeamRequest(req openapi.GetTeamRequestObject) controllers.GetTeamQue
 }
 
 // ToGetTeamResponse ...
-func ToGetTeamResponse(team models.Team) openapi.GetTeam200JSONResponse {
+func ToGetTeamResponse(team authz.Team) openapi.GetTeam200JSONResponse {
 	res := openapi.GetTeam200JSONResponse{}
 	res.Id = utils.PtrUUID(team.ID)
 	res.Name = team.Name
@@ -65,7 +66,7 @@ func FromListTeamsRequest(req openapi.ListTeamsRequestObject) controllers.ListTe
 }
 
 // ToListTeamsResponse ...
-func ToListTeamsResponse(pagination models.Pagination[models.Team]) openapi.ListTeams200JSONResponse {
+func ToListTeamsResponse(pagination models.Pagination[authz.Team]) openapi.ListTeams200JSONResponse {
 	res := openapi.ListTeams200JSONResponse{}
 	res.Limit = utils.PtrInt(pagination.Limit)
 	res.Offset = utils.PtrInt(pagination.Offset)