|
|
|
|
|
//
|
|
|
|
|
|
// Copyright (C) 2024 veypi <i@veypi.com>
|
|
|
|
|
|
// 2025-02-14 16:08:06
|
|
|
|
|
|
// Distributed under terms of the MIT license.
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
|
|
package models
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
|
|
"github.com/veypi/vigo"
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
// 角色代码常量
|
|
|
|
|
|
const (
|
|
|
|
|
|
RoleCodeAdmin = "admin"
|
|
|
|
|
|
RoleCodeUser = "user"
|
|
|
|
|
|
RoleCodeViewer = "viewer"
|
|
|
|
|
|
)
|
|
|
|
|
|
|
refactor: Remove multi-tenant org system and simplify auth
- Delete org API endpoints (add_member, create, del, get, list, member, patch, tree)
- Delete models/org.go and remove Org/OrgMember models
- Delete org-related test files (org_crud, org_load_middleware, org_permission, multi_tenant)
- Delete org test scripts (03_org_permission.sh, 04_org_load_middleware.sh)
- Simplify auth/auth.go by removing org context and role loading logic
- Remove org claims from JWT tokens and login/register responses
- Redesign Permission model with hierarchical level-based access control
- Add auth/design.md with new permission system specification
- Update user and role APIs to work without org context
5 days ago
|
|
|
|
// Permission 权限表
|
|
|
|
|
|
// 统一存储用户权限和角色权限
|
|
|
|
|
|
// UserID 和 RoleID 必须有一个且只能有一个有值
|
|
|
|
|
|
type Permission struct {
|
refactor: Remove multi-tenant org system and simplify auth
- Delete org API endpoints (add_member, create, del, get, list, member, patch, tree)
- Delete models/org.go and remove Org/OrgMember models
- Delete org-related test files (org_crud, org_load_middleware, org_permission, multi_tenant)
- Delete org test scripts (03_org_permission.sh, 04_org_load_middleware.sh)
- Simplify auth/auth.go by removing org context and role loading logic
- Remove org claims from JWT tokens and login/register responses
- Redesign Permission model with hierarchical level-based access control
- Add auth/design.md with new permission system specification
- Update user and role APIs to work without org context
5 days ago
|
|
|
|
vigo.Model
|
|
|
|
|
|
Scope string `json:"scope" gorm:"index;size:50;default:'default'" desc:"作用域"`
|
|
|
|
|
|
UserID *string `json:"user_id" gorm:"index;size:36" desc:"用户ID"`
|
|
|
|
|
|
RoleID *string `json:"role_id" gorm:"index;size:36" desc:"角色ID"`
|
|
|
|
|
|
PermissionID string `json:"permission_id" gorm:"index;size:255;not null" desc:"权限ID,层级结构"`
|
|
|
|
|
|
Level int `json:"level" gorm:"default:0" desc:"权限等级: 1=创建, 2=读, 4=写, 6=读写, 7=管理"`
|
|
|
|
|
|
ExpireAt *time.Time `json:"expire_at" desc:"过期时间(可选)"`
|
|
|
|
|
|
|
|
|
|
|
|
// 外键关联
|
|
|
|
|
|
User *User `json:"user,omitempty" gorm:"foreignKey:UserID;references:ID"`
|
|
|
|
|
|
Role *Role `json:"role,omitempty" gorm:"foreignKey:RoleID;references:ID"`
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func (Permission) TableName() string {
|
|
|
|
|
|
return "permissions"
|
|
|
|
|
|
}
|
|
|
|
|
|
|
refactor: Remove multi-tenant org system and simplify auth
- Delete org API endpoints (add_member, create, del, get, list, member, patch, tree)
- Delete models/org.go and remove Org/OrgMember models
- Delete org-related test files (org_crud, org_load_middleware, org_permission, multi_tenant)
- Delete org test scripts (03_org_permission.sh, 04_org_load_middleware.sh)
- Simplify auth/auth.go by removing org context and role loading logic
- Remove org claims from JWT tokens and login/register responses
- Redesign Permission model with hierarchical level-based access control
- Add auth/design.md with new permission system specification
- Update user and role APIs to work without org context
5 days ago
|
|
|
|
// Role 角色表
|
|
|
|
|
|
type Role struct {
|
|
|
|
|
|
vigo.Model
|
refactor: Remove multi-tenant org system and simplify auth
- Delete org API endpoints (add_member, create, del, get, list, member, patch, tree)
- Delete models/org.go and remove Org/OrgMember models
- Delete org-related test files (org_crud, org_load_middleware, org_permission, multi_tenant)
- Delete org test scripts (03_org_permission.sh, 04_org_load_middleware.sh)
- Simplify auth/auth.go by removing org context and role loading logic
- Remove org claims from JWT tokens and login/register responses
- Redesign Permission model with hierarchical level-based access control
- Add auth/design.md with new permission system specification
- Update user and role APIs to work without org context
5 days ago
|
|
|
|
Scope string `json:"scope" gorm:"uniqueIndex:idx_role_scope_code;size:50;default:'default'" desc:"作用域"`
|
|
|
|
|
|
Code string `json:"code" gorm:"uniqueIndex:idx_role_scope_code;size:50" desc:"角色代码"`
|
|
|
|
|
|
Name string `json:"name" desc:"角色名称"`
|
|
|
|
|
|
Description string `json:"description" desc:"角色描述"`
|
|
|
|
|
|
IsSystem bool `json:"is_system" desc:"是否系统预设角色"`
|
|
|
|
|
|
Status int `json:"status" gorm:"default:1" desc:"状态: 1=启用, 0=禁用"`
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func (Role) TableName() string {
|
|
|
|
|
|
return "roles"
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// UserRole 用户角色关联表
|
|
|
|
|
|
type UserRole struct {
|
|
|
|
|
|
vigo.Model
|
|
|
|
|
|
UserID string `json:"user_id" gorm:"index;size:36" desc:"用户ID"`
|
|
|
|
|
|
RoleID string `json:"role_id" gorm:"index;size:36" desc:"角色ID"`
|
|
|
|
|
|
ExpireAt *time.Time `json:"expire_at" desc:"过期时间(可选)"`
|
|
|
|
|
|
|
|
|
|
|
|
// 外键关联
|
|
|
|
|
|
User User `json:"user,omitempty" gorm:"foreignKey:UserID;references:ID"`
|
|
|
|
|
|
Role Role `json:"role,omitempty" gorm:"foreignKey:RoleID;references:ID"`
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func (UserRole) TableName() string {
|
|
|
|
|
|
return "user_roles"
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// GrantRoleRequest 授予角色请求
|
|
|
|
|
|
type GrantRoleRequest struct {
|
refactor: Remove multi-tenant org system and simplify auth
- Delete org API endpoints (add_member, create, del, get, list, member, patch, tree)
- Delete models/org.go and remove Org/OrgMember models
- Delete org-related test files (org_crud, org_load_middleware, org_permission, multi_tenant)
- Delete org test scripts (03_org_permission.sh, 04_org_load_middleware.sh)
- Simplify auth/auth.go by removing org context and role loading logic
- Remove org claims from JWT tokens and login/register responses
- Redesign Permission model with hierarchical level-based access control
- Add auth/design.md with new permission system specification
- Update user and role APIs to work without org context
5 days ago
|
|
|
|
Scope string `json:"scope" desc:"作用域"`
|
|
|
|
|
|
UserID string `json:"user_id" desc:"用户ID"`
|
|
|
|
|
|
RoleCode string `json:"role_code" desc:"角色代码"`
|
|
|
|
|
|
ExpireAt *time.Time `json:"expire_at" desc:"过期时间(可选)"`
|
|
|
|
|
|
}
|
|
|
|
|
|
|
refactor: Remove multi-tenant org system and simplify auth
- Delete org API endpoints (add_member, create, del, get, list, member, patch, tree)
- Delete models/org.go and remove Org/OrgMember models
- Delete org-related test files (org_crud, org_load_middleware, org_permission, multi_tenant)
- Delete org test scripts (03_org_permission.sh, 04_org_load_middleware.sh)
- Simplify auth/auth.go by removing org context and role loading logic
- Remove org claims from JWT tokens and login/register responses
- Redesign Permission model with hierarchical level-based access control
- Add auth/design.md with new permission system specification
- Update user and role APIs to work without org context
5 days ago
|
|
|
|
// GrantPermissionRequest 授予权限请求
|
|
|
|
|
|
type GrantPermissionRequest struct {
|
|
|
|
|
|
Scope string `json:"scope" desc:"作用域"`
|
|
|
|
|
|
UserID string `json:"user_id" desc:"用户ID(可选)"`
|
|
|
|
|
|
RoleID string `json:"role_id" desc:"角色ID(可选)"`
|
|
|
|
|
|
PermissionID string `json:"permission_id" desc:"权限ID"`
|
refactor: Remove multi-tenant org system and simplify auth
- Delete org API endpoints (add_member, create, del, get, list, member, patch, tree)
- Delete models/org.go and remove Org/OrgMember models
- Delete org-related test files (org_crud, org_load_middleware, org_permission, multi_tenant)
- Delete org test scripts (03_org_permission.sh, 04_org_load_middleware.sh)
- Simplify auth/auth.go by removing org context and role loading logic
- Remove org claims from JWT tokens and login/register responses
- Redesign Permission model with hierarchical level-based access control
- Add auth/design.md with new permission system specification
- Update user and role APIs to work without org context
5 days ago
|
|
|
|
Level int `json:"level" desc:"权限等级"`
|
|
|
|
|
|
ExpireAt *time.Time `json:"expire_at" desc:"过期时间(可选)"`
|
|
|
|
|
|
}
|