template-monorepo/internal/model/permission/domain/usecase/role_mapping.go

package usecase

import (
	"context"

	"gateway/internal/model/permission/domain/entity"
	"gateway/internal/model/permission/domain/enum"
)

// UpsertMappingParam carries the fields a tenant admin submits when
// editing role mappings. ExternalKey is opaque: for Zitadel it's the
// project role key, for LDAP it's the group DN, for SCIM it's the group
// displayName.
type UpsertMappingParam struct {
	TenantID        string
	ExternalSource  enum.RoleSource
	ExternalKey     string
	InternalRoleKey string
}

// ListMappingQuery filters role mapping queries.
type ListMappingQuery struct {
	Source *enum.RoleSource
	Offset int64
	Limit  int64
}

// RoleMappingUseCase manages external→internal role mappings used by
// SyncFromX flows.
type RoleMappingUseCase interface {
	Upsert(ctx context.Context, param *UpsertMappingParam) (*entity.RoleMapping, error)
	Delete(ctx context.Context, tenantID string, source enum.RoleSource, externalKey string) error
	GetByExternal(
		ctx context.Context,
		tenantID string,
		source enum.RoleSource,
		externalKey string,
	) (*entity.RoleMapping, error)
	List(ctx context.Context, tenantID string, query *ListMappingQuery) ([]*entity.RoleMapping, int64, error)
}
feat(permission): add RBAC module with Casbin enforcement and policy reload - Multi-tenant RBAC: permission catalog, roles, role-permission mapping, user-role assignment, and external IdP role mapping (zitadel/ldap/scim). - Casbin enforcer with Redis-backed adapter and Pub/Sub reload for multi-instance policy sync; HTTP middleware enforces (tenant, role, path, method) with platform admin bypass. - /api/v1/permissions routes: catalog, me, policy/reload, roles CRUD, role permissions, user roles, role mappings. - New error scope (31) for Permission and biz code descriptions. - Wire Permission module into ServiceContext, config, mongo-index, and add cmd/permission-seed CLI plus etc/rbac.conf model. - Redis client gains lazy PubSubClient helper (go-zero wrapper lacks Subscribe). - Rewrite internal/model/member/README to cover Tenant/Member/Identity. Co-authored-by: Cursor <cursoragent@cursor.com> 2026-05-21 08:47:35 +00:00			`package usecase`

			`import (`
			`"context"`

			`"gateway/internal/model/permission/domain/entity"`
			`"gateway/internal/model/permission/domain/enum"`
			`)`

			`// UpsertMappingParam carries the fields a tenant admin submits when`
			`// editing role mappings. ExternalKey is opaque: for Zitadel it's the`
			`// project role key, for LDAP it's the group DN, for SCIM it's the group`
			`// displayName.`
			`type UpsertMappingParam struct {`
			`TenantID string`
			`ExternalSource enum.RoleSource`
			`ExternalKey string`
			`InternalRoleKey string`
			`}`

			`// ListMappingQuery filters role mapping queries.`
			`type ListMappingQuery struct {`
			`Source *enum.RoleSource`
			`Offset int64`
			`Limit int64`
			`}`

			`// RoleMappingUseCase manages external→internal role mappings used by`
			`// SyncFromX flows.`
			`type RoleMappingUseCase interface {`
			`Upsert(ctx context.Context, param UpsertMappingParam) (entity.RoleMapping, error)`
			`Delete(ctx context.Context, tenantID string, source enum.RoleSource, externalKey string) error`
			`GetByExternal(`
			`ctx context.Context,`
			`tenantID string,`
			`source enum.RoleSource,`
			`externalKey string,`
			`) (*entity.RoleMapping, error)`
			`List(ctx context.Context, tenantID string, query ListMappingQuery) ([]entity.RoleMapping, int64, error)`
			`}`