From 23841a240f26c8d6e4f87d186fd21dca29fefbb0 Mon Sep 17 00:00:00 2001
From: Denis Gukov <denguk@gmail.com>
Date: Fri, 7 Jul 2023 22:15:16 +0200
Subject: [PATCH] feat(be): add role based checks

---
 db/ProjectUser.go | 38 +++++++++++++++++++++++++++++++++-----
 1 file changed, 33 insertions(+), 5 deletions(-)

diff --git a/db/ProjectUser.go b/db/ProjectUser.go
index 78602498..a5171e46 100644
--- a/db/ProjectUser.go
+++ b/db/ProjectUser.go
@@ -1,8 +1,36 @@
 package db
 
-type ProjectUser struct {
-	ID        int  `db:"id" json:"-"`
-	ProjectID int  `db:"project_id" json:"project_id"`
-	UserID    int  `db:"user_id" json:"user_id"`
-	Admin     bool `db:"admin" json:"admin"`
+type ProjectUserRole string
+
+const (
+	ProjectUserOwner  ProjectUserRole = "owner"
+	ProjectUserRunner ProjectUserRole = "runner"
+	ProjectUserGuest  ProjectUserRole = "guest"
+)
+
+type ProjectUserPermission int
+
+const (
+	ProjectUserCanRunTask ProjectUserPermission = 1 << iota
+	ProjectCanEditProjectSettings
+	ProjectCanRunTasks
+)
+
+var rolePermissions = map[ProjectUserRole]ProjectUserPermission{
+	ProjectUserOwner:  ProjectUserCanRunTask | ProjectCanEditProjectSettings | ProjectCanRunTasks,
+	ProjectUserRunner: ProjectCanRunTasks,
+	ProjectUserGuest:  0,
+}
+
+type ProjectUser struct {
+	ID        int             `db:"id" json:"-"`
+	ProjectID int             `db:"project_id" json:"project_id"`
+	UserID    int             `db:"user_id" json:"user_id"`
+	Admin     bool            `db:"admin" json:"admin"`
+	Role      ProjectUserRole `db:"role" json:"role"`
+}
+
+func (u *ProjectUser) Can(permissions ProjectUserPermission) bool {
+	userPermissions := rolePermissions[u.Role]
+	return (userPermissions & userPermissions) == permissions
 }