From 625d777a8bef868498a9a2462c6306d7a92d9c52 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?William=20Bouzour=C3=A8ne?= <william@bouzourene.ch>
Date: Fri, 17 Jan 2025 15:59:13 +0100
Subject: [PATCH] Add permissions helper functions

---
 helpers/permissions.go | 118 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 118 insertions(+)
 create mode 100644 helpers/permissions.go

diff --git a/helpers/permissions.go b/helpers/permissions.go
new file mode 100644
index 0000000..4ad9881
--- /dev/null
+++ b/helpers/permissions.go
@@ -0,0 +1,118 @@
+package helpers
+
+import (
+	"fmt"
+
+	"git.readonly.ch/bouzoure/pop-camarades/models"
+)
+
+var Permissions = []string{
+	// Members
+	"show_member",
+	"create_member",
+	"edit_member",
+	"show_archived_member",
+	"archive_member",
+	"restore_member",
+	"purge_member",
+	"convert_member_to_contact",
+	// Contacts
+	"show_contact",
+	"create_contact",
+	"edit_contact",
+	"show_archived_contact",
+	"archive_contact",
+	"restore_contact",
+	"purge_contact",
+	"convert_contact_to_member",
+}
+
+func PermissionsGetSections(userid uint, permission string) ([]uint, error) {
+	var sections []uint
+
+	found := false
+	for _, item := range Permissions {
+		if item == permission {
+			found = true
+			break
+		}
+	}
+
+	if !found {
+		return sections, fmt.Errorf("unknown permission")
+	}
+
+	db, err := GetDatabase()
+	if err != nil {
+		return sections, err
+	}
+
+	var user models.User
+	result := db.Find(&user, "id = ?", userid)
+
+	if result.RowsAffected < 1 {
+		return sections, nil
+	}
+
+	if user.IsAdmin {
+		var allSections []models.Section
+		db.Find(&allSections)
+
+		for _, s := range allSections {
+			sections = append(sections, s.ID)
+		}
+
+		return sections, nil
+	}
+
+	var userRoles []models.UserRole
+	result = db.Joins(
+		"Role",
+	).Find(
+		&userRoles,
+		fmt.Sprintf(
+			"user_id = ? AND Role__%s = ?",
+			permission,
+		),
+		userid,
+		true,
+	)
+
+	if result.RowsAffected < 1 {
+		return sections, nil
+	}
+
+	for _, userRole := range userRoles {
+		sections = append(sections, userRole.SectionID)
+
+		var childSections []models.Section
+		db.Find(
+			&childSections,
+			"parent_section_id = ?",
+			userRole.SectionID,
+		)
+
+		for _, childSection := range childSections {
+			sections = append(sections, childSection.ID)
+		}
+	}
+
+	return sections, nil
+}
+
+func PermissionsCheckSection(userid uint, permission string, section uint) (bool, error) {
+	sections, err := PermissionsGetSections(userid, permission)
+	if err != nil {
+		return false, err
+	}
+
+	allow := false
+	for _, s := range sections {
+		if s == section {
+			allow = true
+			break
+		}
+	}
+
+	return allow, nil
+}