OneAuth/api/policy/patch.go

//
// Copyright (C) 2024 veypi <i@veypi.com>
// 2025-03-04 16:08:06
// Distributed under terms of the MIT license.
//

package policy

import (
	"github.com/veypi/vbase/cfg"
	"github.com/veypi/vbase/models"
	"github.com/veypi/vigo"
)

type PatchRequest struct {
	PolicyID    string  `src:"path@policy_id" desc:"策略ID"`
	Name        *string `json:"name,omitempty" src:"json" desc:"策略名称"`
	Description *string `json:"description,omitempty" src:"json" desc:"描述"`
	Effect      *string `json:"effect,omitempty" src:"json" desc:"效果: allow/deny"`
	Condition   *string `json:"condition,omitempty" src:"json" desc:"条件"`
}

func patch(x *vigo.X, req *PatchRequest) (*models.Policy, error) {
	var policy models.Policy
	if err := cfg.DB().First(&policy, "id = ?", req.PolicyID).Error; err != nil {
		return nil, vigo.ErrNotFound
	}

	// 系统策略不允许修改
	if policy.Scope == models.PolicyScopePlatform {
		return nil, vigo.ErrForbidden.WithString("system policies cannot be modified")
	}

	updates := make(map[string]any)
	if req.Name != nil {
		updates["name"] = *req.Name
	}
	if req.Description != nil {
		updates["description"] = *req.Description
	}
	if req.Effect != nil {
		updates["effect"] = *req.Effect
	}
	if req.Condition != nil {
		updates["condition"] = *req.Condition
	}

	if err := cfg.DB().Model(&policy).Updates(updates).Error; err != nil {
		return nil, vigo.ErrInternalServer.WithError(err)
	}

	return &policy, nil
}