internal/service/user_service.go

package service

import (
	"context"

	"code.nochebuena.dev/go/rbac"
	"code.nochebuena.dev/go/todo-api/internal/domain"
	"code.nochebuena.dev/go/todo-api/internal/repository"
)

// CreateUserRequest is the input for creating a new user.
// CanRead / CanWrite seed the permission bits for the todos resource immediately.
type CreateUserRequest struct {
	Name     string `json:"name"     validate:"required,min=1,max=100"`
	Email    string `json:"email"    validate:"required,email"`
	CanRead  bool   `json:"can_read"`
	CanWrite bool   `json:"can_write"`
}

// UserService handles user business logic.
type UserService interface {
	FindAll(ctx context.Context) ([]domain.User, error)
	Create(ctx context.Context, req CreateUserRequest) (domain.User, error)
}

type userService struct {
	repo  repository.UserRepository
	idGen func() string
}

// NewUserService returns a UserService. idGen is called to mint new user IDs (e.g. uuid.NewString).
func NewUserService(repo repository.UserRepository, idGen func() string) UserService {
	return &userService{repo: repo, idGen: idGen}
}

func (s *userService) FindAll(ctx context.Context) ([]domain.User, error) {
	return s.repo.FindAll(ctx)
}

func (s *userService) Create(ctx context.Context, req CreateUserRequest) (domain.User, error) {
	user, err := s.repo.Create(ctx, domain.User{
		ID:    s.idGen(),
		Name:  req.Name,
		Email: req.Email,
	})
	if err != nil {
		return domain.User{}, err
	}

	// Build and persist permission mask from the request flags.
	var mask rbac.PermissionMask
	if req.CanRead {
		mask = mask.Grant(domain.PermReadTodo)
	}
	if req.CanWrite {
		mask = mask.Grant(domain.PermWriteTodo)
	}
	if mask != 0 {
		if err := s.repo.SetPermissions(ctx, user.ID, domain.ResourceTodos, mask); err != nil {
			return domain.User{}, err
		}
	}

	return user, nil
}
feat(todo-api): add full-stack POC demonstrating micro-lib v0.9.0 Runnable REST API exercising every micro-lib tier in a containerless setup: N-layer architecture, SQLite persistence, header-based auth simulating Firebase output, and bit-mask RBAC enforcement. What's included: - cmd/todo-api: minimal main delegating to application.Run - internal/application: full object graph wiring — launcher, sqlite, httpserver, httpmw stack, routes in BeforeStart - internal/domain: User entity, ResourceTodos constant, PermReadTodo/PermWriteTodo bit positions - internal/repository: TodoRepository, UserRepository, DBPermissionProvider (SQLite via modernc) - internal/service: TodoService, UserService with interface-based dependencies - internal/handler: TodoHandler, UserHandler using httputil adapters and valid for input validation - internal/middleware: Auth (X-User-ID → rbac.Identity) and Require (bit-mask permission gate) - logAdapter: bridges logz.Logger.With return type to httpmw.Logger interface - SQLite schema: users, user_role (bitmask), todos; migrations run in BeforeStart - Routes: POST /users (open), GET+POST /todos (RBAC), GET /users (RBAC) Tested-via: todo-api POC integration Reviewed-against: docs/adr/ 2026-03-19 13:55:08 +00:00			`package service`

			`import (`
			`"context"`

			`"code.nochebuena.dev/go/rbac"`
			`"code.nochebuena.dev/go/todo-api/internal/domain"`
			`"code.nochebuena.dev/go/todo-api/internal/repository"`
			`)`

			`// CreateUserRequest is the input for creating a new user.`
			`// CanRead / CanWrite seed the permission bits for the todos resource immediately.`
			`type CreateUserRequest struct {`
			Name string `json:"name" validate:"required,min=1,max=100"`
			Email string `json:"email" validate:"required,email"`
			CanRead bool `json:"can_read"`
			CanWrite bool `json:"can_write"`
			`}`

			`// UserService handles user business logic.`
			`type UserService interface {`
			`FindAll(ctx context.Context) ([]domain.User, error)`
			`Create(ctx context.Context, req CreateUserRequest) (domain.User, error)`
			`}`

			`type userService struct {`
			`repo repository.UserRepository`
			`idGen func() string`
			`}`

			`// NewUserService returns a UserService. idGen is called to mint new user IDs (e.g. uuid.NewString).`
			`func NewUserService(repo repository.UserRepository, idGen func() string) UserService {`
			`return &userService{repo: repo, idGen: idGen}`
			`}`

			`func (s *userService) FindAll(ctx context.Context) ([]domain.User, error) {`
			`return s.repo.FindAll(ctx)`
			`}`

			`func (s *userService) Create(ctx context.Context, req CreateUserRequest) (domain.User, error) {`
			`user, err := s.repo.Create(ctx, domain.User{`
			`ID: s.idGen(),`
			`Name: req.Name,`
			`Email: req.Email,`
			`})`
			`if err != nil {`
			`return domain.User{}, err`
			`}`

			`// Build and persist permission mask from the request flags.`
			`var mask rbac.PermissionMask`
			`if req.CanRead {`
			`mask = mask.Grant(domain.PermReadTodo)`
			`}`
			`if req.CanWrite {`
			`mask = mask.Grant(domain.PermWriteTodo)`
			`}`
			`if mask != 0 {`
			`if err := s.repo.SetPermissions(ctx, user.ID, domain.ResourceTodos, mask); err != nil {`
			`return domain.User{}, err`
			`}`
			`}`

			`return user, nil`
			`}`