still cycle

2025-01-21 08:20:13 -05:00 · 2025-01-21 08:20:13 -05:00 · e9415a471f
commit e9415a471f
parent 5ff3066d6d
2 changed files with 53 additions and 65 deletions
--- a/pkg/incidents/incstore/rbac.go
+++ b/pkg/incidents/incstore/rbac.go
@ -1,65 +0,0 @@
-package incstore
-
-import (
-	"context"
-	"errors"
-	"fmt"
-
-	"github.com/el-mike/restrict/v2"
-	"github.com/google/uuid"
-)
-
-const (
-	CallInIncidentConditionType = "CALL_IN_INCIDENT"
-)
-
-type CallInIncidentCondition struct {
-	ID    string                    `json:"name,omitempty" yaml:"name,omitempty"`
-	Call *restrict.ValueDescriptor `json:"call" yaml:"call"`
-	Incident *restrict.ValueDescriptor `json:"incident" yaml:"incident"`
-}
-
-func (*CallInIncidentCondition) Type() string {
-	return CallInIncidentConditionType
-}
-
-func (c *CallInIncidentCondition) Check(r *restrict.AccessRequest) error {
-	callVID, err := c.Call.GetValue(r)
-	if err != nil {
-		return err
-	}
-
-	incVID, err := c.Incident.GetValue(r)
-	if err != nil {
-		return err
-	}
-
-	ctx, hasCtx := r.Context["ctx"].(context.Context)
-	if !hasCtx {
-		return restrict.NewConditionNotSatisfiedError(c, r, fmt.Errorf("no context provided"))
-	}
-
-	incID, isUUID := incVID.(uuid.UUID)
-	if !isUUID {
-		return restrict.NewConditionNotSatisfiedError(c, r, errors.New("incident ID is not UUID"))
-	}
-
-	callID, isUUID := callVID.(uuid.UUID)
-	if !isUUID {
-		return restrict.NewConditionNotSatisfiedError(c, r, errors.New("call ID is not UUID"))
-	}
-
-	incs := FromCtx(ctx)
-	inCall, err := incs.CallIn(ctx, incID, incID)
-	if err != nil {
-		return restrict.NewConditionNotSatisfiedError(c, r, err)
-	}
-
-	if !inCall {
-		return restrict.NewConditionNotSatisfiedError(c, r, fmt.Errorf(`incident "%v" not in call "%v"`, incID, callID))
-	}
-
-	return nil
-}
-
-
--- a/pkg/rbac/conditions.go
+++ b/pkg/rbac/conditions.go
@ -1,17 +1,70 @@
 package rbac

 import (
+	"context"
+	"errors"
 	"fmt"
 	"reflect"

 	"github.com/el-mike/restrict/v2"
+	"github.com/google/uuid"
 )

 const (
 	SubmitterEqualConditionType = "SUBMITTER_EQUAL"
 	InMapConditionType = "IN_MAP"
+	CallInIncidentConditionType = "CALL_IN_INCIDENT"
 )

+type CallInIncidentCondition struct {
+	ID    string                    `json:"name,omitempty" yaml:"name,omitempty"`
+	Call *restrict.ValueDescriptor `json:"call" yaml:"call"`
+	Incident *restrict.ValueDescriptor `json:"incident" yaml:"incident"`
+}
+
+func (*CallInIncidentCondition) Type() string {
+	return CallInIncidentConditionType
+}
+
+func (c *CallInIncidentCondition) Check(r *restrict.AccessRequest) error {
+	callVID, err := c.Call.GetValue(r)
+	if err != nil {
+		return err
+	}
+
+	incVID, err := c.Incident.GetValue(r)
+	if err != nil {
+		return err
+	}
+
+	ctx, hasCtx := r.Context["ctx"].(context.Context)
+	if !hasCtx {
+		return restrict.NewConditionNotSatisfiedError(c, r, fmt.Errorf("no context provided"))
+	}
+
+	incID, isUUID := incVID.(uuid.UUID)
+	if !isUUID {
+		return restrict.NewConditionNotSatisfiedError(c, r, errors.New("incident ID is not UUID"))
+	}
+
+	callID, isUUID := callVID.(uuid.UUID)
+	if !isUUID {
+		return restrict.NewConditionNotSatisfiedError(c, r, errors.New("call ID is not UUID"))
+	}
+
+	incs := FromCtx(ctx)
+	inCall, err := incs.CallIn(ctx, incID, incID)
+	if err != nil {
+		return restrict.NewConditionNotSatisfiedError(c, r, err)
+	}
+
+	if !inCall {
+		return restrict.NewConditionNotSatisfiedError(c, r, fmt.Errorf(`incident "%v" not in call "%v"`, incID, callID))
+	}
+
+	return nil
+}
+
 type SubmitterEqualCondition struct {
 	ID    string                    `json:"name,omitempty" yaml:"name,omitempty"`
 	Left  *restrict.ValueDescriptor `json:"left" yaml:"left"`