use serde::{Deserialize, Serialize}; use uuid::Uuid; use crate::error::AppError; use crate::models::common::{RequestType, Role, Status}; use crate::models::workspaces::WorkspacePendingApproval; use crate::service::WorkspaceService; use crate::session::Session; use super::util::{clamp_limit_offset, ensure_affected, parse_enum}; #[derive(Deserialize, Serialize, Clone, Debug, utoipa::ToSchema)] pub struct RequestApprovalParams { pub request_type: String, pub reason: Option, } impl WorkspaceService { pub async fn workspace_pending_approvals( &self, ctx: &Session, workspace_id: Uuid, limit: i64, offset: i64, ) -> Result, AppError> { let user_uid = ctx.user().ok_or(AppError::Unauthorized)?; let ws = self.find_workspace_by_id(workspace_id).await?; self.ensure_workspace_role_at_least(user_uid, &ws, Role::Admin) .await?; let (limit, offset) = clamp_limit_offset(limit, offset); sqlx::query_as::<_, WorkspacePendingApproval>( "SELECT id, workspace_id, requester_id, request_type, status, reason, \ reviewed_by, reviewed_at, expires_at, created_at, updated_at \ FROM workspace_pending_approval WHERE workspace_id = $1 ORDER BY created_at DESC LIMIT $2 OFFSET $3", ) .bind(workspace_id) .bind(limit) .bind(offset) .fetch_all(self.ctx.db.reader()) .await .map_err(AppError::Database) } pub async fn workspace_request_approval( &self, ctx: &Session, workspace_id: Uuid, params: RequestApprovalParams, ) -> Result { let user_uid = ctx.user().ok_or(AppError::Unauthorized)?; let ws = self.find_workspace_by_id(workspace_id).await?; self.ensure_workspace_readable(user_uid, &ws).await?; let request_type = parse_enum( Some(params.request_type), RequestType::Unknown, RequestType::Unknown, "request_type", )?; let now = chrono::Utc::now(); let mut txn = self .ctx .db .writer() .begin() .await .map_err(|_| AppError::TxnError)?; sqlx::query("SET LOCAL app.current_user_id = $1") .bind(user_uid) .execute(&mut *txn) .await .map_err(AppError::Database)?; let result = sqlx::query_as::<_, WorkspacePendingApproval>( "INSERT INTO workspace_pending_approval (id, workspace_id, requester_id, request_type, status, \ reason, expires_at, created_at, updated_at) VALUES ($1, $2, $3, $4, 'pending', $5, $6, $7, $7) \ RETURNING id, workspace_id, requester_id, request_type, status, reason, \ reviewed_by, reviewed_at, expires_at, created_at, updated_at", ) .bind(Uuid::now_v7()) .bind(workspace_id) .bind(user_uid) .bind(request_type) .bind(params.reason) .bind(now + chrono::Duration::days(30)) .bind(now) .fetch_one(&mut *txn) .await .map_err(AppError::Database)?; txn.commit().await.map_err(|_| AppError::TxnError)?; Ok(result) } pub async fn workspace_review_approval( &self, ctx: &Session, workspace_id: Uuid, approval_id: Uuid, approved: bool, ) -> Result<(), AppError> { let user_uid = ctx.user().ok_or(AppError::Unauthorized)?; let ws = self.find_workspace_by_id(workspace_id).await?; self.ensure_workspace_role_at_least(user_uid, &ws, Role::Owner) .await?; let status = if approved { Status::Accepted } else { Status::Rejected }; let now = chrono::Utc::now(); let mut txn = self .ctx .db .writer() .begin() .await .map_err(|_| AppError::TxnError)?; sqlx::query("SET LOCAL app.current_user_id = $1") .bind(user_uid) .execute(&mut *txn) .await .map_err(AppError::Database)?; let result = sqlx::query( "UPDATE workspace_pending_approval SET status = $1, reviewed_by = $2, reviewed_at = $3, updated_at = $3 \ WHERE id = $4 AND workspace_id = $5 AND status = 'pending'", ) .bind(status.to_string()) .bind(user_uid) .bind(now) .bind(approval_id) .bind(workspace_id) .execute(&mut *txn) .await .map_err(AppError::Database)?; ensure_affected( result.rows_affected(), "approval not found or already reviewed", )?; txn.commit().await.map_err(|_| AppError::TxnError)?; Ok(()) } }