feat: add access profile selection support with device-specific profile persistence
Add SelectOwnProfile handler to allow users to choose from available access profiles. Store selected profile ID per device in settings table with device_access_profile category. Implement GetSelectedProfileID and SetSelectedProfileID repository methods using JSONB storage. Add ListSelectableProfiles to policy repository and service to query user/group/device-specific profiles ordered by priority. Filter gateway
This commit is contained in:
@@ -14,6 +14,7 @@ type Repository interface {
|
||||
Update(ctx context.Context, policyID uuid.UUID, input UpdateRequest) (Policy, error)
|
||||
Delete(ctx context.Context, policyID uuid.UUID) error
|
||||
ResolveDestinations(ctx context.Context, userID uuid.UUID, deviceID *uuid.UUID) ([]string, error)
|
||||
ListSelectableProfiles(ctx context.Context, userID uuid.UUID, deviceID *uuid.UUID) ([]SelectableProfile, error)
|
||||
}
|
||||
|
||||
type PGRepository struct {
|
||||
@@ -206,6 +207,53 @@ func (r *PGRepository) ResolveDestinations(ctx context.Context, userID uuid.UUID
|
||||
return destinations, rows.Err()
|
||||
}
|
||||
|
||||
func (r *PGRepository) ListSelectableProfiles(ctx context.Context, userID uuid.UUID, deviceID *uuid.UUID) ([]SelectableProfile, error) {
|
||||
query := `
|
||||
select
|
||||
p.id,
|
||||
p.name,
|
||||
p.description,
|
||||
p.full_tunnel,
|
||||
coalesce(array_agg(pd.destination::text order by pd.destination::text) filter (where pd.destination is not null), '{}')
|
||||
from policies p
|
||||
left join policy_destinations pd on pd.policy_id = p.id
|
||||
join policy_targets pt on pt.policy_id = p.id
|
||||
where p.deleted_at is null
|
||||
and p.is_active = true
|
||||
and p.effect = 'allow'
|
||||
and (
|
||||
(pt.target_type = 'user' and pt.target_id = $1)
|
||||
or (pt.target_type = 'group' and exists (
|
||||
select 1 from group_memberships gm
|
||||
where gm.group_id = pt.target_id and gm.user_id = $1
|
||||
))
|
||||
`
|
||||
args := []any{userID}
|
||||
if deviceID != nil {
|
||||
query += ` or (pt.target_type = 'device' and pt.target_id = $2)`
|
||||
args = append(args, *deviceID)
|
||||
}
|
||||
query += `)
|
||||
group by p.id, p.name, p.description, p.full_tunnel, p.priority, p.created_at
|
||||
order by p.priority asc, p.created_at desc`
|
||||
|
||||
rows, err := r.db.Query(ctx, query, args...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer rows.Close()
|
||||
|
||||
var profiles []SelectableProfile
|
||||
for rows.Next() {
|
||||
var item SelectableProfile
|
||||
if err := rows.Scan(&item.ID, &item.Name, &item.Description, &item.FullTunnel, &item.Destinations); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
profiles = append(profiles, item)
|
||||
}
|
||||
return profiles, rows.Err()
|
||||
}
|
||||
|
||||
func (r *PGRepository) getByID(ctx context.Context, policyID uuid.UUID) (Policy, error) {
|
||||
items, err := r.List(ctx)
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user