feat: user roles (#852)

* [WIP] feat: user roles

* update

* update

* admin handler

* update

* feat: user-specific connection secret

* simplify some logics

* cleanup

* update waf

* update user api error handling

* update waf api

* fix codeql

* update waf table

* fix several problems

* add pagination for waf api

* update permission checks

* switch to runtime check

* 1

* cover?

* some changes

model/common.go

@@ -2,6 +2,8 @@ package model
 
 import (
 	"time"
+
+	"github.com/gin-gonic/gin"
 )
 
 const (
@@ -18,6 +20,47 @@ type Common struct {
 	UpdatedAt time.Time `gorm:"autoUpdateTime" json:"updated_at,omitempty"`
 	// Do not use soft deletion
 	// DeletedAt gorm.DeletedAt `gorm:"index" json:"deleted_at,omitempty"`
+
+	UserID uint64 `json:"-"`
+}
+
+func (c *Common) GetID() uint64 {
+	return c.ID
+}
+
+func (c *Common) GetUserID() uint64 {
+	return c.UserID
+}
+
+func (c *Common) HasPermission(ctx *gin.Context) bool {
+	auth, ok := ctx.Get(CtxKeyAuthorizedUser)
+	if !ok {
+		return false
+	}
+
+	user := *auth.(*User)
+	if user.Role == RoleAdmin {
+		return true
+	}
+
+	return user.ID == c.UserID
+}
+
+type CommonInterface interface {
+	GetID() uint64
+	GetUserID() uint64
+	HasPermission(*gin.Context) bool
+}
+
+func FindByUserID[S ~[]E, E CommonInterface](s S, uid uint64) []uint64 {
+	var list []uint64
+	for _, v := range s {
+		if v.GetUserID() == uid {
+			list = append(list, v.GetID())
+		}
+	}
+
+	return list
 }
 
 type Response struct {