OneAuth/api/role/permissions.go

package role

import (
	"github.com/veypi/vbase/cfg"
	"github.com/veypi/vbase/models"
	"github.com/veypi/vigo"
	"gorm.io/gorm"
)

type GetPermissionsReq struct {
	RoleID string `src:"path@id" desc:"Role ID"`
}

func getPermissions(x *vigo.X, req *GetPermissionsReq) ([]models.Permission, error) {
	var permissions []models.Permission
	if err := cfg.DB().Where("role_id = ?", req.RoleID).Find(&permissions).Error; err != nil {
		return nil, vigo.ErrDatabase.WithError(err)
	}
	return permissions, nil
}

type UpdatePermissionsReq struct {
	RoleID        string   `src:"path@id" desc:"Role ID"`
	PermissionIDs []string `json:"permission_ids" src:"json" desc:"List of Permission IDs"`
}

func updatePermissions(x *vigo.X, req *UpdatePermissionsReq) error {
	var role models.Role
	if err := cfg.DB().First(&role, "id = ?", req.RoleID).Error; err != nil {
		return vigo.ErrNotFound
	}

	if role.IsSystem {
		return vigo.NewError("cannot modify permissions of system role").WithCode(40300)
	}

	return cfg.DB().Transaction(func(tx *gorm.DB) error {
		// Delete existing permissions
		if err := tx.Where("role_id = ?", req.RoleID).Delete(&models.Permission{}).Error; err != nil {
			return err
		}

		// Add new permissions
		if len(req.PermissionIDs) > 0 {
			permissions := make([]models.Permission, 0, len(req.PermissionIDs))
			for _, pid := range req.PermissionIDs {
				permissions = append(permissions, models.Permission{
					Scope:        role.Scope,
					RoleID:       &req.RoleID,
					PermissionID: pid,
					Level:        7, // Default to Admin level to ensure it passes checks
				})
			}
			if err := tx.Create(&permissions).Error; err != nil {
				return err
			}
		}
		return nil
	})
}
feat: 添加角色管理模块（API + UI） 1 week ago			`package role`

			`import (`
			`"github.com/veypi/vbase/cfg"`
			`"github.com/veypi/vbase/models"`
			`"github.com/veypi/vigo"`
			`"gorm.io/gorm"`
			`)`

			`type GetPermissionsReq struct {`
			RoleID string `src:"path@id" desc:"Role ID"`
			`}`

			`func getPermissions(x vigo.X, req GetPermissionsReq) ([]models.Permission, error) {`
refactor: Remove multi-tenant org system and simplify auth - Delete org API endpoints (add_member, create, del, get, list, member, patch, tree) - Delete models/org.go and remove Org/OrgMember models - Delete org-related test files (org_crud, org_load_middleware, org_permission, multi_tenant) - Delete org test scripts (03_org_permission.sh, 04_org_load_middleware.sh) - Simplify auth/auth.go by removing org context and role loading logic - Remove org claims from JWT tokens and login/register responses - Redesign Permission model with hierarchical level-based access control - Add auth/design.md with new permission system specification - Update user and role APIs to work without org context 5 days ago			`var permissions []models.Permission`
			`if err := cfg.DB().Where("role_id = ?", req.RoleID).Find(&permissions).Error; err != nil {`
feat: 添加角色管理模块（API + UI） 1 week ago			`return nil, vigo.ErrDatabase.WithError(err)`
			`}`
			`return permissions, nil`
			`}`

			`type UpdatePermissionsReq struct {`
			RoleID string `src:"path@id" desc:"Role ID"`
			PermissionIDs []string `json:"permission_ids" src:"json" desc:"List of Permission IDs"`
			`}`

			`func updatePermissions(x vigo.X, req UpdatePermissionsReq) error {`
			`var role models.Role`
			`if err := cfg.DB().First(&role, "id = ?", req.RoleID).Error; err != nil {`
			`return vigo.ErrNotFound`
			`}`

			`if role.IsSystem {`
			`return vigo.NewError("cannot modify permissions of system role").WithCode(40300)`
			`}`

			`return cfg.DB().Transaction(func(tx *gorm.DB) error {`
			`// Delete existing permissions`
refactor: Remove multi-tenant org system and simplify auth - Delete org API endpoints (add_member, create, del, get, list, member, patch, tree) - Delete models/org.go and remove Org/OrgMember models - Delete org-related test files (org_crud, org_load_middleware, org_permission, multi_tenant) - Delete org test scripts (03_org_permission.sh, 04_org_load_middleware.sh) - Simplify auth/auth.go by removing org context and role loading logic - Remove org claims from JWT tokens and login/register responses - Redesign Permission model with hierarchical level-based access control - Add auth/design.md with new permission system specification - Update user and role APIs to work without org context 5 days ago			`if err := tx.Where("role_id = ?", req.RoleID).Delete(&models.Permission{}).Error; err != nil {`
feat: 添加角色管理模块（API + UI） 1 week ago			`return err`
			`}`

			`// Add new permissions`
			`if len(req.PermissionIDs) > 0 {`
refactor: Remove multi-tenant org system and simplify auth - Delete org API endpoints (add_member, create, del, get, list, member, patch, tree) - Delete models/org.go and remove Org/OrgMember models - Delete org-related test files (org_crud, org_load_middleware, org_permission, multi_tenant) - Delete org test scripts (03_org_permission.sh, 04_org_load_middleware.sh) - Simplify auth/auth.go by removing org context and role loading logic - Remove org claims from JWT tokens and login/register responses - Redesign Permission model with hierarchical level-based access control - Add auth/design.md with new permission system specification - Update user and role APIs to work without org context 5 days ago			`permissions := make([]models.Permission, 0, len(req.PermissionIDs))`
feat: 添加角色管理模块（API + UI） 1 week ago			`for _, pid := range req.PermissionIDs {`
refactor: Remove multi-tenant org system and simplify auth - Delete org API endpoints (add_member, create, del, get, list, member, patch, tree) - Delete models/org.go and remove Org/OrgMember models - Delete org-related test files (org_crud, org_load_middleware, org_permission, multi_tenant) - Delete org test scripts (03_org_permission.sh, 04_org_load_middleware.sh) - Simplify auth/auth.go by removing org context and role loading logic - Remove org claims from JWT tokens and login/register responses - Redesign Permission model with hierarchical level-based access control - Add auth/design.md with new permission system specification - Update user and role APIs to work without org context 5 days ago			`permissions = append(permissions, models.Permission{`
			`Scope: role.Scope,`
			`RoleID: &req.RoleID,`
feat: 添加角色管理模块（API + UI） 1 week ago			`PermissionID: pid,`
refactor: Remove multi-tenant org system and simplify auth - Delete org API endpoints (add_member, create, del, get, list, member, patch, tree) - Delete models/org.go and remove Org/OrgMember models - Delete org-related test files (org_crud, org_load_middleware, org_permission, multi_tenant) - Delete org test scripts (03_org_permission.sh, 04_org_load_middleware.sh) - Simplify auth/auth.go by removing org context and role loading logic - Remove org claims from JWT tokens and login/register responses - Redesign Permission model with hierarchical level-based access control - Add auth/design.md with new permission system specification - Update user and role APIs to work without org context 5 days ago			`Level: 7, // Default to Admin level to ensure it passes checks`
feat: 添加角色管理模块（API + UI） 1 week ago			`})`
			`}`
refactor: Remove multi-tenant org system and simplify auth - Delete org API endpoints (add_member, create, del, get, list, member, patch, tree) - Delete models/org.go and remove Org/OrgMember models - Delete org-related test files (org_crud, org_load_middleware, org_permission, multi_tenant) - Delete org test scripts (03_org_permission.sh, 04_org_load_middleware.sh) - Simplify auth/auth.go by removing org context and role loading logic - Remove org claims from JWT tokens and login/register responses - Redesign Permission model with hierarchical level-based access control - Add auth/design.md with new permission system specification - Update user and role APIs to work without org context 5 days ago			`if err := tx.Create(&permissions).Error; err != nil {`
feat: 添加角色管理模块（API + UI） 1 week ago			`return err`
			`}`
			`}`
			`return nil`
			`})`
			`}`