OneAuth/api/org/add_member.go

// Copyright (C) 2024 veypi <i@veypi.com>
// 2025-03-04 16:08:06
// Distributed under terms of the MIT license.

package org

import (
	"time"

	"github.com/veypi/vbase/auth"
	"github.com/veypi/vbase/cfg"
	"github.com/veypi/vbase/models"
	"github.com/veypi/vigo"
)

type AddMemberRequest struct {
	OrgID  string `src:"path@org_id" desc:"组织ID"`
	UserID string `json:"user_id" src:"json" desc:"用户ID"`
	Role   string `json:"role,omitempty" src:"json" desc:"角色代码 (默认: member)"`
}

func addMember(x *vigo.X, req *AddMemberRequest) (*models.OrgMember, error) {
	// 检查组织是否存在
	var org models.Org
	if err := cfg.DB().First(&org, "id = ?", req.OrgID).Error; err != nil {
		return nil, vigo.ErrNotFound
	}

	// 检查用户是否存在
	var user models.User
	if err := cfg.DB().First(&user, "id = ?", req.UserID).Error; err != nil {
		return nil, vigo.ErrNotFound.WithString("user not found")
	}

	// 检查用户是否已经是成员
	var count int64
	cfg.DB().Model(&models.OrgMember{}).Where("org_id = ? AND user_id = ?", req.OrgID, req.UserID).Count(&count)
	if count > 0 {
		return nil, vigo.ErrInvalidArg.WithString("user is already a member of this organization")
	}

	// 确定角色
	roleCode := req.Role
	if roleCode == "" {
		roleCode = "member"
	}

	// 授予角色
	if err := auth.VBaseAuth.GrantRole(x.Context(), req.UserID, req.OrgID, roleCode); err != nil {
		return nil, vigo.ErrInternalServer.WithError(err)
	}

	// 创建成员记录
	member := &models.OrgMember{
		OrgID:    req.OrgID,
		UserID:   req.UserID,
		Status:   models.MemberStatusActive,
		JoinedAt: time.Now().Format("2006-01-02 15:04:05"),
	}

	if err := cfg.DB().Create(member).Error; err != nil {
		// 回滚角色授予
		auth.VBaseAuth.RevokeRole(x.Context(), req.UserID, req.OrgID, roleCode)
		return nil, vigo.ErrInternalServer.WithError(err)
	}

	return member, nil
}
fix(auth): Fix permission logic and add org member API - Add api/org/add_member.go for adding organization members - Register POST /api/orgs/{id}/members endpoint - Fix PermWithOwner to check owner before permission - Remove user:update from user role (should use owner check) - Add service enabled check in verification send 1 week ago			`// Copyright (C) 2024 veypi <i@veypi.com>`
			`// 2025-03-04 16:08:06`
			`// Distributed under terms of the MIT license.`

			`package org`

			`import (`
			`"time"`

			`"github.com/veypi/vbase/auth"`
			`"github.com/veypi/vbase/cfg"`
			`"github.com/veypi/vbase/models"`
			`"github.com/veypi/vigo"`
			`)`

			`type AddMemberRequest struct {`
			OrgID string `src:"path@org_id" desc:"组织ID"`
			UserID string `json:"user_id" src:"json" desc:"用户ID"`
			Role string `json:"role,omitempty" src:"json" desc:"角色代码 (默认: member)"`
			`}`

			`func addMember(x vigo.X, req AddMemberRequest) (*models.OrgMember, error) {`
			`// 检查组织是否存在`
			`var org models.Org`
			`if err := cfg.DB().First(&org, "id = ?", req.OrgID).Error; err != nil {`
			`return nil, vigo.ErrNotFound`
			`}`

			`// 检查用户是否存在`
			`var user models.User`
			`if err := cfg.DB().First(&user, "id = ?", req.UserID).Error; err != nil {`
			`return nil, vigo.ErrNotFound.WithString("user not found")`
			`}`

			`// 检查用户是否已经是成员`
			`var count int64`
			`cfg.DB().Model(&models.OrgMember{}).Where("org_id = ? AND user_id = ?", req.OrgID, req.UserID).Count(&count)`
			`if count > 0 {`
			`return nil, vigo.ErrInvalidArg.WithString("user is already a member of this organization")`
			`}`

			`// 确定角色`
			`roleCode := req.Role`
			`if roleCode == "" {`
			`roleCode = "member"`
			`}`

			`// 授予角色`
			`if err := auth.VBaseAuth.GrantRole(x.Context(), req.UserID, req.OrgID, roleCode); err != nil {`
			`return nil, vigo.ErrInternalServer.WithError(err)`
			`}`

			`// 创建成员记录`
			`member := &models.OrgMember{`
			`OrgID: req.OrgID,`
			`UserID: req.UserID,`
			`Status: models.MemberStatusActive,`
			`JoinedAt: time.Now().Format("2006-01-02 15:04:05"),`
			`}`

			`if err := cfg.DB().Create(member).Error; err != nil {`
			`// 回滚角色授予`
			`auth.VBaseAuth.RevokeRole(x.Context(), req.UserID, req.OrgID, roleCode)`
			`return nil, vigo.ErrInternalServer.WithError(err)`
			`}`

			`return member, nil`
			`}`