You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
OneAuth/models/policy.go

69 lines
2.1 KiB
Go

//
// Copyright (C) 2024 veypi <i@veypi.com>
// 2025-03-04 16:08:06
// Distributed under terms of the MIT license.
//
package models
// Policy 策略定义
type Policy struct {
Base
Code string `json:"code" gorm:"uniqueIndex;size:50;not null"`
Name string `json:"name" gorm:"size:50;not null"`
Description string `json:"description" gorm:"size:200"`
Resource string `json:"resource" gorm:"size:100;not null"` // 资源: user/org/resource/*
Action string `json:"action" gorm:"size:50;not null"` // 操作: create/read/update/delete/*
Effect string `json:"effect" gorm:"size:10;not null"` // 效果: allow/deny
Condition string `json:"condition" gorm:"size:500"` // 条件: "owner", "org_member"
Scope string `json:"scope" gorm:"size:20;not null"` // 作用域: platform/org/resource
}
func (Policy) TableName() string {
return "policies"
}
// Role 角色定义
type Role struct {
Base
OrgID string `json:"org_id" gorm:"index;not null"`
Name string `json:"name" gorm:"size:50;not null"`
Code string `json:"code" gorm:"size:50;not null"`
Description string `json:"description" gorm:"size:200"`
PolicyIDs string `json:"policy_ids" gorm:"size:500"` // 逗号分隔的策略ID
Scope string `json:"scope" gorm:"size:20;default:'org'"` // platform/org
IsSystem bool `json:"is_system" gorm:"default:false"` // 是否系统预设角色
}
func (Role) TableName() string {
return "roles"
}
// RolePolicy 角色策略关联表
type RolePolicy struct {
Base
RoleID string `json:"role_id" gorm:"uniqueIndex:idx_role_policy;not null"`
PolicyID string `json:"policy_id" gorm:"uniqueIndex:idx_role_policy;not null"`
}
func (RolePolicy) TableName() string {
return "role_policies"
}
// 预设策略常量
const (
PolicyEffectAllow = "allow"
PolicyEffectDeny = "deny"
PolicyScopePlatform = "platform"
PolicyScopeOrg = "org"
PolicyScopeResource = "resource"
)
// 预设角色常量
const (
RoleCodeOwner = "owner"
RoleCodeAdmin = "admin"
RoleCodeDeveloper = "developer"
RoleCodeViewer = "viewer"
)