package main import ( "context" "ersteller-lib/schema/ent/example/ent" "ersteller-lib/schema/ent/example/ent/group" "ersteller-lib/schema/ent/example/ent/todo" "ersteller-lib/schema/ent/example/ent/user" "fmt" "log" "time" _ "github.com/mattn/go-sqlite3" ) func main() { //client, err := ent.Open("sqlite3", "file:ent?mode=memory&cache=shared&_fk=1") client, err := ent.Open("sqlite3", "/tmp/ersteller_ent_example.db?_fk=1", ent.Log(log.Println), ent.Debug()) if err != nil { log.Fatalf("failed opening connection to sqlite: %v", err) } log.Println("client", client) defer client.Close() // Add authorization interceptor for Todo queries client.Todo.Intercept(TodoAuthorizationInterceptor()) ctx, cancel := context.WithTimeout(context.Background(), time.Minute*5) defer cancel() if err := client.Schema.Create(ctx); err != nil { log.Fatalf("failed creating schema resources: %v", err) } testGroup, err := client.Group.Create().SetName("Test").Save(ctx) if err != nil { log.Fatalf("failed creating group: %w", err) } u, err := client.User. Create(). SetEmail("something@gorlug.de"). SetPassword("uhoh"). AddGroup(testGroup). Save(ctx) if err != nil { log.Fatalf("failed creating user: %w", err) } log.Println("user was created: ", u) //time.Sleep(time.Second * 1) //u, err = client.User.UpdateOneID(u.ID).SetPassword("wtf").Save(ctx) //if err != nil { // log.Fatalf("failed updating user: %w", err) //}j //log.Println("user was updated", u) query := client.User.Query() users, nextId, hasNext, err := query.PaginateAfterID(ctx, 0, 2) if err != nil { log.Fatalf("failed listing users: %w", err) } if hasNext { log.Println("next id", nextId) for _, u := range users { log.Println("user", u.ID, u.Email, u.Password) } } users, nextId, hasNext, err = query.PaginateAfterID(ctx, nextId, 2) if err != nil { log.Fatalf("failed listing users: %w", err) } if hasNext { log.Println("2 next id", nextId) for _, u := range users { log.Println("2 user", u.ID, u.Email, u.Password) } } todoItem, err := client.Todo.Create().SetTitle("test"). SetGroup(testGroup).Save(ctx) if err != nil { log.Fatalf("failed to create todo", err) } // Add user ID to context for authorization authorizedCtx := context.WithValue(ctx, UserIDKey, u.ID) // This should work - user is in the group retrievedTodo, err := client.Todo.Get(authorizedCtx, todoItem.ID) if err != nil { log.Fatalf("failed getting todo with authorization: %v", err) } log.Println("retrieved todo:", retrievedTodo) // This should fail - no user ID in context _, err = client.Todo.Get(ctx, todoItem.ID) if err != nil { log.Println("expected authorization error:", err) } secondGroup, err := client.Group.Create().SetName("second").Save(ctx) if err != nil { log.Fatalf("failed creating group: %w", err) } secondUser, err := client.User.Create().SetEmail("abc@def.de").AddGroup(secondGroup).Save(ctx) if err != nil { log.Fatalf("failed creating user: %w", err) } // Add user ID to context for authorization secondUserAuthorizedCtx := context.WithValue(ctx, UserIDKey, secondUser.ID) _, err = client.Todo.Get(secondUserAuthorizedCtx, todoItem.ID) if err != nil { log.Println("expected authorization error:", err) } } // UserIDKey is used to store user ID in context type contextKey string const UserIDKey = contextKey("userID") // TodoAuthorizationInterceptor returns an interceptor that enforces user authorization for todos func TodoAuthorizationInterceptor() ent.Interceptor { return ent.InterceptFunc(func(next ent.Querier) ent.Querier { return ent.QuerierFunc(func(ctx context.Context, query ent.Query) (ent.Value, error) { // Get user ID from context userID, ok := ctx.Value(UserIDKey).(int) if !ok { return nil, fmt.Errorf("user ID is required in context for todo operations") } // Cast to TodoQuery to add authorization filter if tq, ok := query.(*ent.TodoQuery); ok { // Add predicate to ensure user is in the same group as the todo tq = tq.Where(todo.HasGroupWith(group.HasUsersWith(user.ID(userID)))) return next.Query(ctx, tq) } return next.Query(ctx, query) }) }) }