diff --git a/action.go b/action.go index 122ba1d..ca773c8 100644 --- a/action.go +++ b/action.go @@ -33,8 +33,8 @@ func (s Service) ChangeUserStatus(userID, newStatus string) error { return user.ChangeUserStatus(userID, newStatus) } -// GetAllUser ... -func (s Service) GetAllUser(query model.UserAllQuery) model.UserAll { +// GetAllUsers ... +func (s Service) GetAllUsers(query model.UserAllQuery) model.UserAll { return user.All(query) } @@ -48,6 +48,11 @@ func (s Service) LoginWithEmailAndPassword(email, password string) (model.User, return user.LoginWithEmailAndPassword(email, password) } +// IsPermission ... +func (s Service) IsPermission(userID, permission string) bool { + return user.IsPermission(userID, permission) +} + // // Role // diff --git a/user/db.go b/user/db.go index d6f9aa4..1c2fccb 100644 --- a/user/db.go +++ b/user/db.go @@ -66,6 +66,21 @@ func roleFindByID(ctx context.Context, id primitive.ObjectID) (model.DBRole, err return doc, err } +// permissionCountByCondition ... +func permissionCountByCondition(ctx context.Context, cond interface{}) int64 { + var ( + col = database.GetPermissionCol() + ) + total, err := col.CountDocuments(ctx, cond) + if err != nil { + logger.Error("usermngmt - Permission - CountDocuments", logger.LogData{ + "err": err.Error(), + "cond": cond, + }) + } + return total +} + func create(ctx context.Context, doc model.DBUser) error { var ( col = database.GetUserCol() diff --git a/user/handle.go b/user/handle.go index fc5831c..503689d 100644 --- a/user/handle.go +++ b/user/handle.go @@ -319,3 +319,54 @@ func LoginWithEmailAndPassword(email, password string) (result model.User, err e result = getResponse(ctx, user) return } + +// IsPermission ... +func IsPermission(userID, permission string) (result bool) { + var ( + ctx = context.Background() + ) + + // Validate userID, permission + if userID == "" || permission == "" { + logger.Error("usermngmt - IsPermission: email or password cannot be empty", logger.LogData{ + "userID": userID, + "permission": permission, + }) + return + } + id, isValid := mongodb.NewIDFromString(userID) + if !isValid { + logger.Error("usermngmt - IsPermission: invalid user id", logger.LogData{ + "userID": userID, + "permission": permission, + }) + return + } + + // Find user + user, _ := findByID(ctx, id) + if user.ID.IsZero() { + logger.Error("usermngmt - IsPermission: user not found", logger.LogData{ + "userID": userID, + "permission": permission, + }) + return + } + + // Check isAdmin + if role, _ := roleFindByID(ctx, user.RoleID); role.IsAdmin { + result = true + return + } + + // Check permission + if total := permissionCountByCondition(ctx, bson.M{ + "roleId": user.RoleID, + "code": permission, + }); total > 0 { + result = true + return + } + + return +}