victorialogs-manager/backend/internal/models/user.go

package models

import "time"

// Role represents user roles
type Role string

const (
	RoleAdmin   Role = "admin"
	RoleEditor  Role = "editor"
	RoleAnalyst Role = "analyst"
	RoleViewer  Role = "viewer"
)

// Permission represents a specific permission
type Permission string

const (
	PermViewLogs       Permission = "logs:view"
	PermExportLogs     Permission = "logs:export"
	PermManageAlerts   Permission = "alerts:manage"
	PermViewAlerts     Permission = "alerts:view"
	PermManagePatterns Permission = "patterns:manage"
	PermRunML          Permission = "patterns:ml"
	PermManageReports  Permission = "reports:manage"
	PermManageUsers    Permission = "users:manage"
)

// RolePermissions maps roles to their permissions
var RolePermissions = map[Role][]Permission{
	RoleAdmin: {
		PermViewLogs, PermExportLogs, PermManageAlerts,
		PermViewAlerts, PermManagePatterns, PermRunML,
		PermManageReports, PermManageUsers,
	},
	RoleEditor: {
		PermViewLogs, PermExportLogs, PermManageAlerts,
		PermViewAlerts, PermManagePatterns, PermManageReports,
	},
	RoleAnalyst: {
		PermViewLogs, PermViewAlerts, PermManagePatterns, PermRunML,
	},
	RoleViewer: {
		PermViewLogs, PermViewAlerts,
	},
}

// User represents a user in the system
type User struct {
	ID           string    `json:"id" db:"id"`
	Username     string    `json:"username" db:"username"`
	Email        string    `json:"email" db:"email"`
	PasswordHash string    `json:"-" db:"password_hash"`
	Role         Role      `json:"role" db:"role"`
	IsActive     bool      `json:"is_active" db:"is_active"`
	CreatedAt    time.Time `json:"created_at" db:"created_at"`
	UpdatedAt    time.Time `json:"updated_at" db:"updated_at"`
}

// HasPermission checks if the user has a specific permission
func (u *User) HasPermission(perm Permission) bool {
	permissions, ok := RolePermissions[u.Role]
	if !ok {
		return false
	}

	for _, p := range permissions {
		if p == perm {
			return true
		}
	}
	return false
}

// GetPermissions returns all permissions for the user's role
func (u *User) GetPermissions() []Permission {
	return RolePermissions[u.Role]
}