package graph import ( "context" "forge.cadoles.com/Cadoles/daddy/internal/model" "github.com/pkg/errors" errs "github.com/pkg/errors" ) func handleWorkgroups(ctx context.Context, filter *model.WorkgroupsFilter) ([]*model.Workgroup, error) { db, err := getDB(ctx) if err != nil { return nil, errors.WithStack(err) } repo := model.NewWorkgroupRepository(db) criteria := make([]interface{}, 0) if filter != nil { if len(filter.Ids) > 0 { criteria = append(criteria, "id in (?)", filter.Ids) } } found, err := repo.FindWorkgroups(ctx, criteria...) if err != nil { return nil, errors.WithStack(err) } workgroups := make([]*model.Workgroup, 0) for _, wg := range found { authorized, err := isAuthorized(ctx, wg, model.ActionRead) if err != nil { return nil, errs.WithStack(err) } if authorized { workgroups = append(workgroups, wg) } } return workgroups, nil } func handleJoinWorkgroup(ctx context.Context, rawWorkgroupID string) (*model.Workgroup, error) { user, db, err := getSessionUser(ctx) if err != nil { return nil, errors.WithStack(err) } repo := model.NewWorkgroupRepository(db) workgroup, err := repo.Find(ctx, rawWorkgroupID) if err != nil { return nil, errors.WithStack(err) } authorized, err := isAuthorized(ctx, workgroup, model.ActionJoin) if err != nil { return nil, errs.WithStack(err) } if !authorized { return nil, errs.WithStack(ErrForbidden) } workgroup, err = repo.AddUserToWorkgroup(ctx, user.ID, workgroup.ID) if err != nil { return nil, errors.WithStack(err) } return workgroup, nil } func handleLeaveWorkgroup(ctx context.Context, workgroupID string) (*model.Workgroup, error) { user, db, err := getSessionUser(ctx) if err != nil { return nil, errors.WithStack(err) } repo := model.NewWorkgroupRepository(db) workgroup, err := repo.Find(ctx, workgroupID) if err != nil { return nil, errors.WithStack(err) } authorized, err := isAuthorized(ctx, workgroup, model.ActionLeave) if err != nil { return nil, errs.WithStack(err) } if !authorized { return nil, errs.WithStack(ErrForbidden) } workgroup, err = repo.RemoveUserFromWorkgroup(ctx, user.ID, workgroup.ID) if err != nil { return nil, errors.WithStack(err) } return workgroup, nil } func handleCreateWorkgroup(ctx context.Context, changes model.WorkgroupChanges) (*model.Workgroup, error) { authorized, err := isAuthorized(ctx, &model.Workgroup{}, model.ActionCreate) if err != nil { return nil, errs.WithStack(err) } if !authorized { return nil, errs.WithStack(ErrForbidden) } db, err := getDB(ctx) if err != nil { return nil, errors.WithStack(err) } repo := model.NewWorkgroupRepository(db) workgroup, err := repo.CreateWorkgroup(ctx, changes) if err != nil { return nil, errors.WithStack(err) } return workgroup, nil } func handleCloseWorkgroup(ctx context.Context, workgroupID string) (*model.Workgroup, error) { db, err := getDB(ctx) if err != nil { return nil, errors.WithStack(err) } repo := model.NewWorkgroupRepository(db) workgroup, err := repo.Find(ctx, workgroupID) if err != nil { return nil, errors.WithStack(err) } authorized, err := isAuthorized(ctx, workgroup, model.ActionClose) if err != nil { return nil, errs.WithStack(err) } if !authorized { return nil, errs.WithStack(ErrForbidden) } workgroup, err = repo.CloseWorkgroup(ctx, workgroup.ID) if err != nil { return nil, errors.WithStack(err) } return workgroup, nil } func handleUpdateWorkgroup(ctx context.Context, workgroupID string, changes model.WorkgroupChanges) (*model.Workgroup, error) { db, err := getDB(ctx) if err != nil { return nil, errors.WithStack(err) } repo := model.NewWorkgroupRepository(db) workgroup, err := repo.Find(ctx, workgroupID) if err != nil { return nil, errors.WithStack(err) } authorized, err := isAuthorized(ctx, workgroup, model.ActionUpdate) if err != nil { return nil, errs.WithStack(err) } if !authorized { return nil, errs.WithStack(ErrForbidden) } workgroup, err = repo.UpdateWorkgroup(ctx, workgroup.ID, changes) if err != nil { return nil, errors.WithStack(err) } return workgroup, nil }