OneAuth/models/policy.go

//
// Copyright (C) 2024 veypi <i@veypi.com>
// 2025-03-04 16:08:06
// Distributed under terms of the MIT license.
//

package models

// Policy 策略定义
type Policy struct {
	Base
	Code        string `json:"code" gorm:"uniqueIndex;size:50;not null"`
	Name        string `json:"name" gorm:"size:50;not null"`
	Description string `json:"description" gorm:"size:200"`
	Resource    string `json:"resource" gorm:"size:100;not null"`  // 资源: user/org/resource/*
	Action      string `json:"action" gorm:"size:50;not null"`     // 操作: create/read/update/delete/*
	Effect      string `json:"effect" gorm:"size:10;not null"`     // 效果: allow/deny
	Condition   string `json:"condition" gorm:"size:500"`          // 条件: "owner", "org_member"
	Scope       string `json:"scope" gorm:"size:20;not null"`      // 作用域: platform/org/resource
}

func (Policy) TableName() string {
	return "policies"
}

// Role 角色定义
type Role struct {
	Base
	OrgID       string `json:"org_id" gorm:"index;not null"`
	Name        string `json:"name" gorm:"size:50;not null"`
	Code        string `json:"code" gorm:"size:50;not null"`
	Description string `json:"description" gorm:"size:200"`
	PolicyIDs   string `json:"policy_ids" gorm:"size:500"` // 逗号分隔的策略ID
	Scope       string `json:"scope" gorm:"size:20;default:'org'"` // platform/org
	IsSystem    bool   `json:"is_system" gorm:"default:false"`     // 是否系统预设角色
}

func (Role) TableName() string {
	return "roles"
}

// RolePolicy 角色策略关联表
type RolePolicy struct {
	Base
	RoleID    string `json:"role_id" gorm:"uniqueIndex:idx_role_policy;not null"`
	PolicyID  string `json:"policy_id" gorm:"uniqueIndex:idx_role_policy;not null"`
}

func (RolePolicy) TableName() string {
	return "role_policies"
}

// 预设策略常量
const (
	PolicyEffectAllow = "allow"
	PolicyEffectDeny  = "deny"
	PolicyScopePlatform = "platform"
	PolicyScopeOrg      = "org"
	PolicyScopeResource = "resource"
)

// 预设角色常量
const (
	RoleCodeOwner     = "owner"
	RoleCodeAdmin     = "admin"
	RoleCodeDeveloper = "developer"
	RoleCodeViewer    = "viewer"
)