template-monorepo/internal/model/permission/repository/role_permission_mongo.go

package repository

import (
	"context"
	"time"

	libmongo "gateway/internal/library/mongo"
	permission "gateway/internal/model/permission/domain"
	"gateway/internal/model/permission/domain/entity"
	domrepo "gateway/internal/model/permission/domain/repository"

	"go.mongodb.org/mongo-driver/v2/bson"
	mongodriver "go.mongodb.org/mongo-driver/v2/mongo"
)

// RolePermissionRepositoryParam configures the Mongo role-permission repository.
type RolePermissionRepositoryParam struct {
	Conf *libmongo.Conf
}

type rolePermissionRepository struct {
	db libmongo.DocumentDBUseCase
}

// NewRolePermissionRepository creates a Mongo-backed RolePermissionRepository.
func NewRolePermissionRepository(param RolePermissionRepositoryParam) domrepo.RolePermissionRepository {
	documentDB, err := libmongo.NewDocumentDB(param.Conf, entity.RolePermission{}.CollectionName())
	if err != nil {
		panic(err)
	}
	return &rolePermissionRepository{db: documentDB}
}

func (r *rolePermissionRepository) Insert(ctx context.Context, rp *entity.RolePermission) error {
	now := time.Now().UTC().UnixMilli()
	if rp.ID.IsZero() {
		rp.ID = bson.NewObjectID()
	}
	if rp.CreateAt == 0 {
		rp.CreateAt = now
	}
	if rp.UpdateAt == 0 {
		rp.UpdateAt = now
	}
	_, err := r.db.GetClient().InsertOne(ctx, rp)
	if err != nil && mongodriver.IsDuplicateKeyError(err) {
		return nil
	}
	return err
}

func (r *rolePermissionRepository) BulkInsert(ctx context.Context, rps []*entity.RolePermission) error {
	if len(rps) == 0 {
		return nil
	}
	now := time.Now().UTC().UnixMilli()
	docs := make([]any, 0, len(rps))
	for _, rp := range rps {
		if rp.ID.IsZero() {
			rp.ID = bson.NewObjectID()
		}
		if rp.CreateAt == 0 {
			rp.CreateAt = now
		}
		if rp.UpdateAt == 0 {
			rp.UpdateAt = now
		}
		docs = append(docs, rp)
	}
	_, err := r.db.GetClient().InsertMany(ctx, docs)
	if err != nil && !mongodriver.IsDuplicateKeyError(err) {
		return err
	}
	return nil
}

func (r *rolePermissionRepository) DeleteByRole(ctx context.Context, tenantID, roleID string) error {
	filter := bson.M{
		permission.BSONFieldTenantID: tenantID,
		permission.BSONFieldRoleID:   roleID,
	}
	_, err := r.db.GetClient().DeleteMany(ctx, filter)
	return err
}

func (r *rolePermissionRepository) DeleteByPermission(ctx context.Context, permissionID string) (int64, error) {
	filter := bson.M{permission.BSONFieldPermissionID: permissionID}
	res, err := r.db.GetClient().DeleteMany(ctx, filter)
	return res, err
}

func (r *rolePermissionRepository) SetForRole(
	ctx context.Context,
	tenantID, roleID string,
	permissionIDs []string,
) error {
	if err := r.DeleteByRole(ctx, tenantID, roleID); err != nil {
		return err
	}
	if len(permissionIDs) == 0 {
		return nil
	}
	now := time.Now().UTC().UnixMilli()
	rows := make([]*entity.RolePermission, 0, len(permissionIDs))
	for _, pid := range permissionIDs {
		rows = append(rows, &entity.RolePermission{
			ID:           bson.NewObjectID(),
			TenantID:     tenantID,
			RoleID:       roleID,
			PermissionID: pid,
			CreateAt:     now,
			UpdateAt:     now,
		})
	}
	return r.BulkInsert(ctx, rows)
}

func (r *rolePermissionRepository) ListByRole(
	ctx context.Context,
	tenantID, roleID string,
) ([]*entity.RolePermission, error) {
	q := bson.M{
		permission.BSONFieldTenantID: tenantID,
		permission.BSONFieldRoleID:   roleID,
	}
	var docs []*entity.RolePermission
	if err := r.db.GetClient().Find(ctx, &docs, q); err != nil {
		return nil, err
	}
	return docs, nil
}

func (r *rolePermissionRepository) ListByRoles(
	ctx context.Context,
	tenantID string,
	roleIDs []string,
) ([]*entity.RolePermission, error) {
	if len(roleIDs) == 0 {
		return nil, nil
	}
	q := bson.M{
		permission.BSONFieldTenantID: tenantID,
		permission.BSONFieldRoleID:   bson.M{bsonOpIn: roleIDs},
	}
	var docs []*entity.RolePermission
	if err := r.db.GetClient().Find(ctx, &docs, q); err != nil {
		return nil, err
	}
	return docs, nil
}

func (r *rolePermissionRepository) ListByTenant(
	ctx context.Context,
	tenantID string,
) ([]*entity.RolePermission, error) {
	q := bson.M{permission.BSONFieldTenantID: tenantID}
	var docs []*entity.RolePermission
	if err := r.db.GetClient().Find(ctx, &docs, q); err != nil {
		return nil, err
	}
	return docs, nil
}

// Index20260521001UP ensures role_permissions collection indexes exist.
func (r *rolePermissionRepository) Index20260521001UP(ctx context.Context) error {
	if err := r.db.PopulateMultiIndex(ctx,
		[]string{permission.BSONFieldTenantID, permission.BSONFieldRoleID, permission.BSONFieldPermissionID},
		[]int32{1, 1, 1}, true); err != nil {
		return err
	}
	return r.db.PopulateMultiIndex(ctx,
		[]string{permission.BSONFieldTenantID, permission.BSONFieldPermissionID},
		[]int32{1, 1}, false)
}

var _ domrepo.RolePermissionRepository = (*rolePermissionRepository)(nil)