tag/v1.0.1/chain_provider.go

package httpauth

import (
	"context"

	"code.nochebuena.dev/go/rbac"
)

type chainPermissionProvider struct {
	providers []rbac.PermissionProvider
}

// NewChainPermissionProvider returns an rbac.PermissionProvider that tries each
// provider in order and returns the first non-zero mask. If all providers return 0,
// the result is 0. On error from any provider, the error is propagated immediately
// and subsequent providers are not consulted.
//
// Primary use case: JWT claims fast-path with DB fallback.
//
//	chain := httpauth.NewChainPermissionProvider(
//	    httpauth.NewClaimsPermissionProvider("permisos"), // JWT claims — no DB call
//	    httpauth.NewCachedPermissionProvider(dbProvider, cache, 5*time.Minute), // fallback
//	)
func NewChainPermissionProvider(providers ...rbac.PermissionProvider) rbac.PermissionProvider {
	return &chainPermissionProvider{providers: providers}
}

func (c *chainPermissionProvider) ResolveMask(ctx context.Context, uid, resource string) (rbac.PermissionMask, error) {
	for _, p := range c.providers {
		mask, err := p.ResolveMask(ctx, uid, resource)
		if err != nil {
			return 0, err
		}
		if mask != 0 {
			return mask, nil
		}
	}
	return 0, nil
}
feat(httpauth)!: promote to v1.0.0 — add ChainPermissionProvider, bump rbac to v1.0.0 Add NewChainPermissionProvider: tries each rbac.PermissionProvider in order, returns the first non-zero mask, propagates errors immediately. Primary use case: ClaimsPermissionProvider (JWT fast-path, no DB call) chained with CachedPermissionProvider (DB fallback). Bump rbac dependency to v1.0.0. API committed as stable. 2026-05-07 23:08:38 -06:00			`package httpauth`

			`import (`
			`"context"`

			`"code.nochebuena.dev/go/rbac"`
			`)`

			`type chainPermissionProvider struct {`
			`providers []rbac.PermissionProvider`
			`}`

			`// NewChainPermissionProvider returns an rbac.PermissionProvider that tries each`
			`// provider in order and returns the first non-zero mask. If all providers return 0,`
			`// the result is 0. On error from any provider, the error is propagated immediately`
			`// and subsequent providers are not consulted.`
			`//`
			`// Primary use case: JWT claims fast-path with DB fallback.`
			`//`
			`// chain := httpauth.NewChainPermissionProvider(`
			`// httpauth.NewClaimsPermissionProvider("permisos"), // JWT claims — no DB call`
			`// httpauth.NewCachedPermissionProvider(dbProvider, cache, 5*time.Minute), // fallback`
			`// )`
			`func NewChainPermissionProvider(providers ...rbac.PermissionProvider) rbac.PermissionProvider {`
			`return &chainPermissionProvider{providers: providers}`
			`}`

			`func (c *chainPermissionProvider) ResolveMask(ctx context.Context, uid, resource string) (rbac.PermissionMask, error) {`
			`for _, p := range c.providers {`
			`mask, err := p.ResolveMask(ctx, uid, resource)`
			`if err != nil {`
			`return 0, err`
			`}`
			`if mask != 0 {`
			`return mask, nil`
			`}`
			`}`
			`return 0, nil`
			`}`