feat: init

2026-06-07 11:30:56 +08:00
commit 563381c1ca
361 changed files with 41327 additions and 0 deletions
@@ -0,0 +1,148 @@
+use serde::{Deserialize, Serialize};
+use uuid::Uuid;
+
+use crate::error::AppError;
+use crate::models::common::{RequestType, Role, Status};
+use crate::models::workspaces::WorkspacePendingApproval;
+use crate::service::WorkspaceService;
+use crate::session::Session;
+
+use super::util::{clamp_limit_offset, ensure_affected, parse_enum};
+
+#[derive(Deserialize, Serialize, Clone, Debug, utoipa::ToSchema)]
+pub struct RequestApprovalParams {
+    pub request_type: String,
+    pub reason: Option<String>,
+}
+
+impl WorkspaceService {
+    pub async fn workspace_pending_approvals(
+        &self,
+        ctx: &Session,
+        workspace_id: Uuid,
+        limit: i64,
+        offset: i64,
+    ) -> Result<Vec<WorkspacePendingApproval>, AppError> {
+        let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
+        let ws = self.find_workspace_by_id(workspace_id).await?;
+        self.ensure_workspace_role_at_least(user_uid, &ws, Role::Admin)
+            .await?;
+        let (limit, offset) = clamp_limit_offset(limit, offset);
+        sqlx::query_as::<_, WorkspacePendingApproval>(
+            "SELECT id, workspace_id, requester_id, request_type, status, reason, \
+             reviewed_by, reviewed_at, expires_at, created_at, updated_at \
+             FROM workspace_pending_approval WHERE workspace_id = $1 ORDER BY created_at DESC LIMIT $2 OFFSET $3",
+        )
+        .bind(workspace_id)
+        .bind(limit)
+        .bind(offset)
+        .fetch_all(self.ctx.db.reader())
+        .await
+        .map_err(AppError::Database)
+    }
+
+    pub async fn workspace_request_approval(
+        &self,
+        ctx: &Session,
+        workspace_id: Uuid,
+        params: RequestApprovalParams,
+    ) -> Result<WorkspacePendingApproval, AppError> {
+        let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
+        let ws = self.find_workspace_by_id(workspace_id).await?;
+        self.ensure_workspace_readable(user_uid, &ws).await?;
+
+        let request_type = parse_enum(
+            Some(params.request_type),
+            RequestType::Unknown,
+            RequestType::Unknown,
+            "request_type",
+        )?;
+        let now = chrono::Utc::now();
+
+        let mut txn = self
+            .ctx
+            .db
+            .writer()
+            .begin()
+            .await
+            .map_err(|_| AppError::TxnError)?;
+        sqlx::query("SET LOCAL app.current_user_id = $1")
+            .bind(user_uid)
+            .execute(&mut *txn)
+            .await
+            .map_err(AppError::Database)?;
+
+        let result = sqlx::query_as::<_, WorkspacePendingApproval>(
+            "INSERT INTO workspace_pending_approval (id, workspace_id, requester_id, request_type, status, \
+             reason, expires_at, created_at, updated_at) VALUES ($1, $2, $3, $4, 'pending', $5, $6, $7, $7) \
+             RETURNING id, workspace_id, requester_id, request_type, status, reason, \
+             reviewed_by, reviewed_at, expires_at, created_at, updated_at",
+        )
+        .bind(Uuid::now_v7())
+        .bind(workspace_id)
+        .bind(user_uid)
+        .bind(request_type)
+        .bind(params.reason)
+        .bind(now + chrono::Duration::days(30))
+        .bind(now)
+        .fetch_one(&mut *txn)
+        .await
+        .map_err(AppError::Database)?;
+
+        txn.commit().await.map_err(|_| AppError::TxnError)?;
+        Ok(result)
+    }
+
+    pub async fn workspace_review_approval(
+        &self,
+        ctx: &Session,
+        workspace_id: Uuid,
+        approval_id: Uuid,
+        approved: bool,
+    ) -> Result<(), AppError> {
+        let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
+        let ws = self.find_workspace_by_id(workspace_id).await?;
+        self.ensure_workspace_role_at_least(user_uid, &ws, Role::Owner)
+            .await?;
+
+        let status = if approved {
+            Status::Accepted
+        } else {
+            Status::Rejected
+        };
+        let now = chrono::Utc::now();
+
+        let mut txn = self
+            .ctx
+            .db
+            .writer()
+            .begin()
+            .await
+            .map_err(|_| AppError::TxnError)?;
+        sqlx::query("SET LOCAL app.current_user_id = $1")
+            .bind(user_uid)
+            .execute(&mut *txn)
+            .await
+            .map_err(AppError::Database)?;
+
+        let result = sqlx::query(
+            "UPDATE workspace_pending_approval SET status = $1, reviewed_by = $2, reviewed_at = $3, updated_at = $3 \
+             WHERE id = $4 AND workspace_id = $5 AND status = 'pending'",
+        )
+        .bind(status.to_string())
+        .bind(user_uid)
+        .bind(now)
+        .bind(approval_id)
+        .bind(workspace_id)
+        .execute(&mut *txn)
+        .await
+        .map_err(AppError::Database)?;
+        ensure_affected(
+            result.rows_affected(),
+            "approval not found or already reviewed",
+        )?;
+
+        txn.commit().await.map_err(|_| AppError::TxnError)?;
+        Ok(())
+    }
+}