Introduce PermissionsService

Signed-off-by: montesm <[email protected]>

Author: montesmoci

UnityAuth/src/main/java/io/unityfoundation/auth/AuthController.java

@@ -1,6 +1,5 @@
 package io.unityfoundation.auth;
 
-import io.micronaut.core.annotation.Introspected;
 import io.micronaut.core.annotation.Nullable;
 import io.micronaut.http.HttpResponse;
 import io.micronaut.http.HttpStatus;
@@ -11,12 +10,10 @@
 import io.micronaut.security.rules.SecurityRule;
 import io.micronaut.serde.annotation.Serdeable;
 import io.unityfoundation.auth.entities.*;
-import io.unityfoundation.auth.entities.Permission.PermissionScope;
 import io.unityfoundation.auth.entities.Service.ServiceStatus;
 import jakarta.validation.constraints.NotNull;
 import java.util.List;
 import java.util.Optional;
-import java.util.function.BiPredicate;
 
 @Secured(SecurityRule.IS_AUTHENTICATED)
 @Controller("/api")
@@ -26,12 +23,14 @@ public class AuthController {
   private final ServiceRepo serviceRepo;
   private final TenantRepo tenantRepo;
   private final RoleRepo roleRepo;
+  private final PermissionsService permissionsService;
 
-  public AuthController(UserRepo userRepo, ServiceRepo serviceRepo, TenantRepo tenantRepo, RoleRepo roleRepo) {
+  public AuthController(UserRepo userRepo, ServiceRepo serviceRepo, TenantRepo tenantRepo, RoleRepo roleRepo, PermissionsService permissionsService) {
     this.userRepo = userRepo;
     this.serviceRepo = serviceRepo;
     this.tenantRepo = tenantRepo;
       this.roleRepo = roleRepo;
+      this.permissionsService = permissionsService;
   }
 
   @Post("/principal/permissions")
@@ -68,7 +67,7 @@ public UserPermissionsResponse permissions(@Body UserPermissionsRequest requestD
           "The Tenant and/or Service is not available for this user");
     }
 
-    return new UserPermissionsResponse.Success(getPermissionsFor(user, tenant));
+    return new UserPermissionsResponse.Success(permissionsService.getPermissionsFor(user, tenant));
   }
 
   @Post("/hasPermission")
@@ -96,7 +95,7 @@ public HttpResponse<HasPermissionResponse> hasPermission(@Body HasPermissionRequ
       return createHasPermissionResponse(false, user.getEmail(), "The requested service is not enabled for the requested tenant!", List.of());
     }
 
-    List<String> commonPermissions = checkUserPermission(user, tenantOptional.get(), requestDTO.permissions());
+    List<String> commonPermissions = permissionsService.checkUserPermission(user, tenantOptional.get(), requestDTO.permissions());
     if (commonPermissions.isEmpty()) {
       return createHasPermissionResponse(false, user.getEmail(), "The user does not have permission!", commonPermissions);
     }
@@ -159,28 +158,6 @@ private String checkServiceStatus(Optional<Service> service) {
     return null;
   }
 
-    private final BiPredicate<TenantPermission, Tenant> isTenantOrSystemOrSubtenantScopeAndBelongsToTenant = (tp, t) ->
-        PermissionScope.SYSTEM.equals(tp.permissionScope()) || (
-            (PermissionScope.TENANT.equals(tp.permissionScope())
-                || PermissionScope.SUBTENANT.equals(tp.permissionScope()))
-                && tp.tenantId == t.getId());
-
-
-  private List<String> checkUserPermission(User user, Tenant tenant, List<String> permissions) {
-    List<String> commonPermissions = getPermissionsFor(user, tenant).stream()
-        .filter(permissions::contains).toList();
-
-    return commonPermissions;
-  }
-
-  private List<String> getPermissionsFor(User user, Tenant tenant) {
-    return userRepo.getTenantPermissionsFor(user.getId()).stream()
-        .filter(tenantPermission ->
-            isTenantOrSystemOrSubtenantScopeAndBelongsToTenant.test(tenantPermission, tenant))
-        .map(TenantPermission::permissionName)
-        .toList();
-  }
-
   private HttpResponse<HasPermissionResponse> createHasPermissionResponse(boolean hasPermission,
                                                                           String userEmail,
                                                                           String message,
@@ -209,14 +186,6 @@ public record HasPermissionResponse(
       List<String> permissions
   ) {}
 
-  @Introspected
-  public record TenantPermission(
-      long tenantId,
-      String permissionName,
-      PermissionScope permissionScope
-  ) {}
-
-
   public sealed interface UserPermissionsResponse {
     @Serdeable
     record Success(List<String> permissions) implements UserPermissionsResponse {}

UnityAuth/src/main/java/io/unityfoundation/auth/PermissionsService.java

@@ -0,0 +1,47 @@
+package io.unityfoundation.auth;
+
+import io.micronaut.core.annotation.Introspected;
+import io.unityfoundation.auth.entities.Permission;
+import io.unityfoundation.auth.entities.Tenant;
+import io.unityfoundation.auth.entities.User;
+import io.unityfoundation.auth.entities.UserRepo;
+import jakarta.inject.Singleton;
+
+import java.util.List;
+import java.util.function.BiPredicate;
+
+@Singleton
+public class PermissionsService {
+
+    private final UserRepo userRepo;
+
+    private final BiPredicate<TenantPermission, Tenant> isTenantOrSystemOrSubtenantScopeAndBelongsToTenant = (tp, t) ->
+            Permission.PermissionScope.SYSTEM.equals(tp.permissionScope()) || (
+                    (Permission.PermissionScope.TENANT.equals(tp.permissionScope())
+                            || Permission.PermissionScope.SUBTENANT.equals(tp.permissionScope()))
+                            && tp.tenantId == t.getId());
+
+    public PermissionsService(UserRepo userRepo) {
+        this.userRepo = userRepo;
+    }
+
+    public List<String> checkUserPermission(User user, Tenant tenant, List<String> permissions) {
+        return getPermissionsFor(user, tenant).stream()
+                .filter(permissions::contains).toList();
+    }
+
+    public List<String> getPermissionsFor(User user, Tenant tenant) {
+        return userRepo.getTenantPermissionsFor(user.getId()).stream()
+                .filter(tenantPermission ->
+                        isTenantOrSystemOrSubtenantScopeAndBelongsToTenant.test(tenantPermission, tenant))
+                .map(TenantPermission::permissionName)
+                .toList();
+    }
+
+    @Introspected
+    public record TenantPermission(
+            long tenantId,
+            String permissionName,
+            Permission.PermissionScope permissionScope
+    ) {}
+}

UnityAuth/src/main/java/io/unityfoundation/auth/entities/UserRepo.java

@@ -5,10 +5,12 @@
 import io.micronaut.data.jdbc.annotation.JdbcRepository;
 import io.micronaut.data.model.query.builder.sql.Dialect;
 import io.micronaut.data.repository.CrudRepository;
-import io.unityfoundation.auth.AuthController.TenantPermission;
+
 import java.util.List;
 import java.util.Optional;
 
+import static io.unityfoundation.auth.PermissionsService.*;
+
 @JdbcRepository(dialect = Dialect.MYSQL)
 public interface UserRepo extends CrudRepository<User, Long> {