Permission Service
It interacts with the GroupPermissionRepository to handle database operations while enforcing business rules for group management.
Key Responsibilities
- Group Management:
- Adds, removes, and retrieves user groups, ensuring consistency with organizational rules.
- Default and Specific Groups:
- Assigns default groups to new users and handles custom group assignments.
- Permission Enforcement:
- Ensures users belong to the appropriate groups and can manage their permissions effectively.
Key Methods
Group Assignment
add_group(custom_user_id, name):- Adds a user to a specified group.
remove_group(custom_user_id, name):- Removes a user from a specified group.
remove_all_groups(custom_user_id):- Removes all groups from a user.
set_default_groups(custom_user_id):- Assigns default groups to a user.
set_organization_holder_groups(custom_user_id):- Assigns all manageable groups to an organization holder.
Group Creation and Retrieval
get_or_create_group(name):- Retrieves or creates a group by name.
create_groups(names):- Creates multiple groups concurrently.
get_groups_manageable_by_users():- Retrieves all groups that users can manage.
Permission Checks
check_user_belongs_to_group(custom_user_id, group_name):- Verifies if a user belongs to a specific group.
Custom Group Management
set_groups(custom_user_id, groups_ids):- Assigns specific groups to a user by their group IDs.
Purpose
The PermissionService centralizes group and permission operations, providing a unified interface for managing user access and roles within the system. It ensures that group assignments are:
- Consistent: Aligning with organizational and business rules.
- Scalable: Supporting complex role hierarchies and multiple users.
- Aligned: Ensuring proper permissions and roles for all users.
By encapsulating group management logic, this service promotes maintainability and reduces redundancy across the application.