feat: add some api packages

internal/api/auth/permissions.go

@@ -0,0 +1,61 @@
+package auth
+
+import (
+	"context"
+
+	"github.com/caos/zitadel/internal/errors"
+)
+
+func getUserMethodPermissions(ctx context.Context, t TokenVerifier, requiredPerm string, authConfig *Config) (context.Context, []string, error) {
+	ctxData := GetCtxData(ctx)
+	if ctxData.IsZero() {
+		return nil, nil, errors.ThrowUnauthenticated(nil, "AUTH-rKLWEH", "context missing")
+	}
+	grants, err := t.ResolveGrants(ctx, ctxData.UserID, ctxData.OrgID)
+	if err != nil {
+		return nil, nil, err
+	}
+	permissions := mapGrantsToPermissions(requiredPerm, grants, authConfig)
+	return context.WithValue(ctx, CtxKeyPermissions{}, permissions), permissions, nil
+}
+
+func mapGrantsToPermissions(requiredPerm string, grants []*Grant, authConfig *Config) []string {
+	resolvedPermissions := make([]string, 0)
+	for _, grant := range grants {
+		for _, role := range grant.Roles {
+			resolvedPermissions = mapRoleToPerm(requiredPerm, role, authConfig, resolvedPermissions)
+		}
+	}
+	return resolvedPermissions
+}
+
+func mapRoleToPerm(requiredPerm, actualRole string, authConfig *Config, resolvedPermissions []string) []string {
+	roleName, roleContextID := SplitPermission(actualRole)
+	perms := authConfig.getPermissionsFromRole(roleName)
+
+	for _, p := range perms {
+		if p == requiredPerm {
+			p = addRoleContextIDToPerm(p, roleContextID)
+			if !existsPerm(resolvedPermissions, p) {
+				resolvedPermissions = append(resolvedPermissions, p)
+			}
+		}
+	}
+	return resolvedPermissions
+}
+
+func addRoleContextIDToPerm(perm, roleContextID string) string {
+	if roleContextID != "" {
+		perm = perm + ":" + roleContextID
+	}
+	return perm
+}
+
+func existsPerm(existing []string, perm string) bool {
+	for _, e := range existing {
+		if e == perm {
+			return true
+		}
+	}
+	return false
+}