OneAuth/api/role/permissions.go

package role

import (
	"github.com/veypi/vbase/cfg"
	"github.com/veypi/vbase/models"
	"github.com/veypi/vigo"
	"gorm.io/gorm"
)

type GetPermissionsReq struct {
	RoleID string `src:"path@id" desc:"Role ID"`
}

func getPermissions(x *vigo.X, req *GetPermissionsReq) ([]models.Permission, error) {
	var rolePermissions []models.RolePermission
	if err := cfg.DB().Preload("Permission").Where("role_id = ?", req.RoleID).Find(&rolePermissions).Error; err != nil {
		return nil, vigo.ErrDatabase.WithError(err)
	}

	permissions := make([]models.Permission, 0, len(rolePermissions))
	for _, rp := range rolePermissions {
		permissions = append(permissions, rp.Permission)
	}
	return permissions, nil
}

type UpdatePermissionsReq struct {
	RoleID        string   `src:"path@id" desc:"Role ID"`
	PermissionIDs []string `json:"permission_ids" src:"json" desc:"List of Permission IDs"`
}

func updatePermissions(x *vigo.X, req *UpdatePermissionsReq) error {
	var role models.Role
	if err := cfg.DB().First(&role, "id = ?", req.RoleID).Error; err != nil {
		return vigo.ErrNotFound
	}

	if role.IsSystem {
		return vigo.NewError("cannot modify permissions of system role").WithCode(40300)
	}

	return cfg.DB().Transaction(func(tx *gorm.DB) error {
		// Delete existing permissions
		if err := tx.Where("role_id = ?", req.RoleID).Delete(&models.RolePermission{}).Error; err != nil {
			return err
		}

		// Add new permissions
		if len(req.PermissionIDs) > 0 {
			rolePermissions := make([]models.RolePermission, 0, len(req.PermissionIDs))
			for _, pid := range req.PermissionIDs {
				rolePermissions = append(rolePermissions, models.RolePermission{
					RoleID:       req.RoleID,
					PermissionID: pid,
					Condition:    "none", // Default condition
				})
			}
			if err := tx.Create(&rolePermissions).Error; err != nil {
				return err
			}
		}
		return nil
	})
}
feat: 添加角色管理模块（API + UI） 1 week ago			`package role`

			`import (`
			`"github.com/veypi/vbase/cfg"`
			`"github.com/veypi/vbase/models"`
			`"github.com/veypi/vigo"`
			`"gorm.io/gorm"`
			`)`

			`type GetPermissionsReq struct {`
			RoleID string `src:"path@id" desc:"Role ID"`
			`}`

			`func getPermissions(x vigo.X, req GetPermissionsReq) ([]models.Permission, error) {`
			`var rolePermissions []models.RolePermission`
			`if err := cfg.DB().Preload("Permission").Where("role_id = ?", req.RoleID).Find(&rolePermissions).Error; err != nil {`
			`return nil, vigo.ErrDatabase.WithError(err)`
			`}`

			`permissions := make([]models.Permission, 0, len(rolePermissions))`
			`for _, rp := range rolePermissions {`
			`permissions = append(permissions, rp.Permission)`
			`}`
			`return permissions, nil`
			`}`

			`type UpdatePermissionsReq struct {`
			RoleID string `src:"path@id" desc:"Role ID"`
			PermissionIDs []string `json:"permission_ids" src:"json" desc:"List of Permission IDs"`
			`}`

			`func updatePermissions(x vigo.X, req UpdatePermissionsReq) error {`
			`var role models.Role`
			`if err := cfg.DB().First(&role, "id = ?", req.RoleID).Error; err != nil {`
			`return vigo.ErrNotFound`
			`}`

			`if role.IsSystem {`
			`return vigo.NewError("cannot modify permissions of system role").WithCode(40300)`
			`}`

			`return cfg.DB().Transaction(func(tx *gorm.DB) error {`
			`// Delete existing permissions`
			`if err := tx.Where("role_id = ?", req.RoleID).Delete(&models.RolePermission{}).Error; err != nil {`
			`return err`
			`}`

			`// Add new permissions`
			`if len(req.PermissionIDs) > 0 {`
			`rolePermissions := make([]models.RolePermission, 0, len(req.PermissionIDs))`
			`for _, pid := range req.PermissionIDs {`
			`rolePermissions = append(rolePermissions, models.RolePermission{`
			`RoleID: req.RoleID,`
			`PermissionID: pid,`
			`Condition: "none", // Default condition`
			`})`
			`}`
			`if err := tx.Create(&rolePermissions).Error; err != nil {`
			`return err`
			`}`
			`}`
			`return nil`
			`})`
			`}`