mostly casbin related work

README.md

@@ -50,4 +50,19 @@ mysql -e "CREATE USER 'glued'@'%' IDENTIFIED BY 'glued-pw';"
 mysql -e "GRANT ALL PRIVILEGES ON glued.* TO 'glued'@'%';"
 mysql -e "GRANT SUPER ON *.* TO 'glued'@'%';"
 mysql -e "FLUSH PRIVILEGES;"
-```
+```
+
+## Coding style
+
+### Naming conventions
+
+
+
+| Convention | JSON path     | PHP Class names | PHP method names | URIs      | Database tables/columns |
+|------------|---------------|-----------------|------------------|-----------|-------------------------|
+| camelCase  | supported     |                 | supported        |           | tolerated               |
+| PascalCase | supported     | preferred       |                  |           |                         |
+| snake_case | unsupported*) |                 |                  |           | preferred               |
+| kebab-case | preferred     |                 | preferred        | preferred |                         |
+
+*) the underscore will be 

composer.json

@@ -23,7 +23,8 @@
     "ext-soap": "*",
     "ext-xml": "*",
     "ext-zip": "*",
-    "casbin/database-adapter": "^1",
+    "casbin/casbin": "^3",
+    "casbin/database-adapter": "^1.8",
     "facile-it/php-openid-client": "dev-master",
     "geocoder-php/geoip2-provider": "^4",
     "grasmash/yaml-expander": "^3",
@@ -96,7 +97,7 @@
     "post-update-cmd": [
       "composer migrate",
       "composer configure || echo \"[FAIL] Failed to configure glued. Please make sure all env variables are set. Rerun composer configure.\"",
-      "patch vendor/monolog/monolog/src/Monolog/Logger.php < glued/Config/Patches/Logger.patch",
+      "patch -s --reject-file=/dev/null -p1 vendor/monolog/monolog/src/Monolog/Logger.php < vendor/vaizard/glued-lib/src/Patches/Logger.patch",
       "echo \"Run 'composer nginx' manually to pick restart this microservice\""
     ],
     "backup": [

glued/Config/Migrations/20230702102850_core-init.sql

@@ -0,0 +1,77 @@
+-- migrate:up
+
+CREATE TABLE `casbin_rule` (
+  `id` binary(16) NOT NULL DEFAULT (uuid_to_bin(uuid(),true)),
+  `ptype` varchar(255) NOT NULL,
+  `v0` varchar(255) DEFAULT NULL,
+  `v1` varchar(255) DEFAULT NULL,
+  `v2` varchar(255) DEFAULT NULL,
+  `v3` varchar(255) DEFAULT NULL,
+  `v4` varchar(255) DEFAULT NULL,
+  `v5` varchar(255) DEFAULT NULL,
+  `hash` varchar(32) GENERATED ALWAYS AS (md5(concat_ws(_utf8mb4'.',`ptype`,`v0`,`v1`,`v2`,`v3`,`v4`,`v5`))) STORED,
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `unique_rule` (`hash`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
+
+
+CREATE TABLE `t_core_domains` (
+  `c_uuid` binary(16) NOT NULL DEFAULT (uuid_to_bin(uuid(),true)) COMMENT 'Domain UUID, generated automatically on insert.',
+  `c_primary_owner` binary(16) NOT NULL COMMENT 'Domain''s primary owner (c_core_users.uuid)',
+  `c_attr` json DEFAULT NULL COMMENT 'Domain attributes',
+  `c_name` varchar(255) GENERATED ALWAYS AS (json_unquote(json_extract(`c_attr`,_utf8mb4'$.name'))) VIRTUAL COMMENT '[VIRTUAL] Domain name',
+  `c_is_root` char(1) GENERATED ALWAYS AS (json_unquote(json_extract(`c_attr`,_utf8mb4'$._root'))) VIRTUAL COMMENT '[VIRTUAL] The root domain of all domains flag (can''t be deleted)',
+  `c_ts_created` timestamp NULL DEFAULT CURRENT_TIMESTAMP COMMENT 'Timestamp: account created',
+  `c_ts_updated` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT 'Timestamp: account modified',
+  `c_stor_name` varchar(255) GENERATED ALWAYS AS (`c_name`) VIRTUAL COMMENT '[VIRTUAL] Stor name',
+  PRIMARY KEY (`c_uuid`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci ROW_FORMAT=DYNAMIC COMMENT='Domains definition table.';
+
+
+CREATE TABLE `t_core_roles` (
+  `c_uuid` binary(16) NOT NULL DEFAULT (uuid_to_bin(uuid(),true)) COMMENT 'Role UUID, generated automatically on insert. NOTE to always insert with UUID_TO_BIN(UUID(), true)',
+  `c_name` varchar(255) DEFAULT NULL COMMENT 'Role name',
+  `c_dscr` varchar(255) DEFAULT NULL COMMENT 'Role description',
+  `c_stor_name` varchar(255) GENERATED ALWAYS AS (`c_name`) VIRTUAL COMMENT '[VIRTUAL] Stor name',
+  PRIMARY KEY (`c_uuid`),
+  UNIQUE `idx_unique_name` (`c_name`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci ROW_FORMAT=DYNAMIC COMMENT='Roles definition table.';
+
+
+CREATE TABLE `t_core_tokens` (
+  `c_uuid` binary(16) NOT NULL DEFAULT (uuid_to_bin(uuid(),true)) COMMENT 'API token UUID (v4), generated automatically on insert.',
+  `c_token` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL COMMENT 'The API token - a cryptographically strong random generated string.',
+  `c_inherit` binary(16) DEFAULT NULL COMMENT 'Inherit authorization rules (typically of t_core_users.c_uuid). When set to NULL, authorization scope must be defined.',
+  `c_expired_at` datetime DEFAULT NULL COMMENT 'Datetime of token expiry. NULL for tokens with infinite validity.',
+  `c_created_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
+  `c_updated_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+  `c_attr` json DEFAULT NULL COMMENT 'API token attributes.',
+  PRIMARY KEY (`c_uuid`),
+  UNIQUE KEY `unique_token` (`c_token`),
+  KEY `c_inherit` (`c_inherit`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='API authentication tokens.';
+
+
+CREATE TABLE `t_core_users` (
+  `c_uuid` binary(16) NOT NULL DEFAULT (uuid_to_bin(uuid(),true)) COMMENT 'User uuid (v4), generated by the identity server. NOTE to always insert with UUID_TO_BIN(UUID(), true)',
+  `c_profile` json DEFAULT NULL COMMENT 'User profile',
+  `c_attr` json DEFAULT NULL COMMENT 'Account attributes and state (locale, enabled/disabled, GDPR anonymised, etc.)',
+  `c_email` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL COMMENT 'Primary email',
+  `c_handle` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL COMMENT 'User handle',
+  `c_ts_created` timestamp NULL DEFAULT CURRENT_TIMESTAMP COMMENT 'Timestamp: account created',
+  `c_ts_updated` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT 'Timestamp: account modified',
+  `c_stor_name` varchar(255) GENERATED ALWAYS AS (`c_handle`) VIRTUAL COMMENT '[VIRTUAL] Stor name',
+  `c_locale` char(5) GENERATED ALWAYS AS (json_unquote(json_extract(`c_attr`,_utf8mb4'$."locale"'))) STORED COMMENT '[STORED] Preferred locale',
+  `c_active` tinyint(1) GENERATED ALWAYS AS (json_unquote(json_extract(`c_attr`,_utf8mb4'$.status.active'))) STORED COMMENT '[STORED] Account activity status',
+  PRIMARY KEY (`c_uuid`),
+  KEY `c_handle` (`c_handle`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci ROW_FORMAT=DYNAMIC COMMENT='Users profile, account settings, attriebutes, and default data.';
+
+
+-- migrate:down
+
+DROP TABLE IF EXISTS `casbin_rule`;
+DROP TABLE IF EXISTS `t_core_domains`;
+DROP TABLE IF EXISTS `t_core_roles`;
+DROP TABLE IF EXISTS `t_core_users`;
+DROP TABLE IF EXISTS `t_core_tokens`;

glued/Config/routes.yaml

@@ -136,6 +136,15 @@ routes:
         service:    core
         methods:
             get:    Glued\Controllers\AuthController:users_r1
+    be_core_auth_roles_v1:
+        pattern:    ${routes.be_core.path}/auth/roles/v1
+        path:       ${routes.be_core.path}/auth/roles/v1
+        label:      Manage roles
+        dscr:       Api endpoint for managing roles.
+        service:    core
+        methods:
+            get:    Glued\Controllers\AuthController:roles_r1
+            post:   Glued\Controllers\AuthController:roles_c1
     be_core_auth_domains_v1:
         pattern:    ${routes.be_core.path}/auth/domains/v1
         path:       ${routes.be_core.path}/auth/domains/v1