OneAuth/api/org/create.go

// Copyright (C) 2024 veypi <i@veypi.com>
// 2025-03-04 16:08:06
// Distributed under terms of the MIT license.

package org

import (
	"github.com/veypi/vbase/auth"
	"github.com/veypi/vbase/cfg"
	"github.com/veypi/vbase/models"
	"github.com/veypi/vigo"
)

type CreateRequest struct {
	Name        string  `json:"name" src:"json" desc:"组织名称"`
	Code        string  `json:"code" src:"json" desc:"组织代码"`
	Description string  `json:"description,omitempty" src:"json" desc:"描述"`
	Logo        string  `json:"logo,omitempty" src:"json" desc:"Logo"`
	ParentID    *string `json:"parent_id,omitempty" src:"json" desc:"父组织ID"`
}

func create(x *vigo.X, req *CreateRequest) (*models.Org, error) {
	// 检查代码是否已存在
	var count int64
	cfg.DB().Model(&models.Org{}).Where("code = ?", req.Code).Count(&count)
	if count > 0 {
		return nil, vigo.ErrInvalidArg.WithString("organization code already exists")
	}

	// 获取当前用户ID作为所有者
	ownerID := auth.GetUserID(x)
	if ownerID == "" {
		return nil, vigo.ErrUnauthorized
	}

	org := &models.Org{
		Name:        req.Name,
		Code:        req.Code,
		Description: req.Description,
		Logo:        req.Logo,
		OwnerID:     ownerID,
		ParentID:    req.ParentID,
		Status:      models.OrgStatusActive,
	}

	if err := cfg.DB().Create(org).Error; err != nil {
		return nil, vigo.ErrInternalServer.WithError(err)
	}

	// 创建组织的默认角色
	adminRole := &models.Role{
		OrgID:    &org.ID,
		Code:     "admin",
		Name:     "管理员",
		Status:   1,
		IsSystem: true,
	}
	memberRole := &models.Role{
		OrgID:    &org.ID,
		Code:     "member",
		Name:     "成员",
		Status:   1,
		IsSystem: true,
	}
	if err := cfg.DB().Create(adminRole).Error; err != nil {
		cfg.DB().Delete(org)
		return nil, vigo.ErrInternalServer.WithError(err)
	}
	if err := cfg.DB().Create(memberRole).Error; err != nil {
		cfg.DB().Delete(org)
		cfg.DB().Delete(adminRole)
		return nil, vigo.ErrInternalServer.WithError(err)
	}

	// 为组织 admin 角色添加权限 (vb:*:* 表示该组织下的所有权限)
	adminPerms := []models.RolePermission{
		{RoleID: adminRole.ID, PermissionID: "vb:*:*", Condition: "none"},
		{RoleID: adminRole.ID, PermissionID: "vb:org:read", Condition: "none"},
		{RoleID: adminRole.ID, PermissionID: "vb:org:update", Condition: "none"},
		{RoleID: adminRole.ID, PermissionID: "vb:org:delete", Condition: "none"},
	}
	for _, perm := range adminPerms {
		if err := cfg.DB().Create(&perm).Error; err != nil {
			cfg.DB().Delete(&models.Role{}).Where("org_id = ?", org.ID)
			cfg.DB().Delete(org)
			return nil, vigo.ErrInternalServer.WithError(err)
		}
	}

	// 授予创建者 admin 角色
	if err := auth.VBaseAuth.GrantRole(x.Context(), ownerID, org.ID, "admin"); err != nil {
		// 回滚
		cfg.DB().Delete(&models.Role{}).Where("org_id = ?", org.ID)
		cfg.DB().Delete(org)
		return nil, vigo.ErrInternalServer.WithError(err)
	}

	member := &models.OrgMember{
		OrgID:    org.ID,
		UserID:   ownerID,
		Status:   models.MemberStatusActive,
		JoinedAt: org.CreatedAt.Format("2006-01-02 15:04:05"),
	}
	if err := cfg.DB().Create(member).Error; err != nil {
		// 回滚
		auth.VBaseAuth.RevokeRole(x.Context(), ownerID, org.ID, "admin")
		cfg.DB().Delete(org)
		return nil, vigo.ErrInternalServer.WithError(err)
	}

	return org, nil
}
upgrade new version 1 week ago			`// Copyright (C) 2024 veypi <i@veypi.com>`
			`// 2025-03-04 16:08:06`
			`// Distributed under terms of the MIT license.`

			`package org`

			`import (`
update 1 week ago			`"github.com/veypi/vbase/auth"`
upgrade new version 1 week ago			`"github.com/veypi/vbase/cfg"`
			`"github.com/veypi/vbase/models"`
			`"github.com/veypi/vigo"`
			`)`

			`type CreateRequest struct {`
			Name string `json:"name" src:"json" desc:"组织名称"`
			Code string `json:"code" src:"json" desc:"组织代码"`
			Description string `json:"description,omitempty" src:"json" desc:"描述"`
			Logo string `json:"logo,omitempty" src:"json" desc:"Logo"`
			ParentID *string `json:"parent_id,omitempty" src:"json" desc:"父组织ID"`
			`}`

			`func create(x vigo.X, req CreateRequest) (*models.Org, error) {`
			`// 检查代码是否已存在`
			`var count int64`
			`cfg.DB().Model(&models.Org{}).Where("code = ?", req.Code).Count(&count)`
			`if count > 0 {`
refactor: 统一API错误类型处理 1 week ago			`return nil, vigo.ErrInvalidArg.WithString("organization code already exists")`
upgrade new version 1 week ago			`}`

			`// 获取当前用户ID作为所有者`
test: improve test stability and documentation - Add 'clean_run.sh' script to reset database and restart server for clean test environment - Update 'README.md' with detailed troubleshooting guide and pitfalls - Add '04_org_load_middleware.sh' to test LoadOrg middleware functionality - Update 'run_all.sh' to include new middleware test - Fix BASE_URL handling in 'lib.sh' and test scripts to support custom environments - Update '02_resource_perm.sh' to fix admin permission checks - Remove debug logging from 'auth.go' 1 week ago			`ownerID := auth.GetUserID(x)`
upgrade new version 1 week ago			`if ownerID == "" {`
refactor: 统一API错误类型处理 1 week ago			`return nil, vigo.ErrUnauthorized`
upgrade new version 1 week ago			`}`

			`org := &models.Org{`
			`Name: req.Name,`
			`Code: req.Code,`
			`Description: req.Description,`
			`Logo: req.Logo,`
			`OwnerID: ownerID,`
			`ParentID: req.ParentID,`
			`Status: models.OrgStatusActive,`
			`}`

			`if err := cfg.DB().Create(org).Error; err != nil {`
			`return nil, vigo.ErrInternalServer.WithError(err)`
			`}`

feat: 实现组织成员角色管理功能 1 week ago			`// 创建组织的默认角色`
			`adminRole := &models.Role{`
			`OrgID: &org.ID,`
			`Code: "admin",`
			`Name: "管理员",`
			`Status: 1,`
			`IsSystem: true,`
			`}`
			`memberRole := &models.Role{`
			`OrgID: &org.ID,`
			`Code: "member",`
			`Name: "成员",`
			`Status: 1,`
			`IsSystem: true,`
			`}`
			`if err := cfg.DB().Create(adminRole).Error; err != nil {`
			`cfg.DB().Delete(org)`
			`return nil, vigo.ErrInternalServer.WithError(err)`
			`}`
			`if err := cfg.DB().Create(memberRole).Error; err != nil {`
			`cfg.DB().Delete(org)`
			`cfg.DB().Delete(adminRole)`
			`return nil, vigo.ErrInternalServer.WithError(err)`
			`}`

fix(org): 为组织创建者添加权限创建组织时，为组织特定的 admin 角色添加权限： - vb:: (通配符权限) - vb:org:read - vb:org:update - vb:org:delete 修复了组织创建者无法修改自己创建的组织的问题 1 week ago			`// 为组织 admin 角色添加权限 (vb:: 表示该组织下的所有权限)`
			`adminPerms := []models.RolePermission{`
			`{RoleID: adminRole.ID, PermissionID: "vb::", Condition: "none"},`
			`{RoleID: adminRole.ID, PermissionID: "vb:org:read", Condition: "none"},`
			`{RoleID: adminRole.ID, PermissionID: "vb:org:update", Condition: "none"},`
			`{RoleID: adminRole.ID, PermissionID: "vb:org:delete", Condition: "none"},`
			`}`
			`for _, perm := range adminPerms {`
			`if err := cfg.DB().Create(&perm).Error; err != nil {`
			`cfg.DB().Delete(&models.Role{}).Where("org_id = ?", org.ID)`
			`cfg.DB().Delete(org)`
			`return nil, vigo.ErrInternalServer.WithError(err)`
			`}`
			`}`

update 1 week ago			`// 授予创建者 admin 角色`
fix bug 1 week ago			`if err := auth.VBaseAuth.GrantRole(x.Context(), ownerID, org.ID, "admin"); err != nil {`
feat: 实现组织成员角色管理功能 1 week ago			`// 回滚`
			`cfg.DB().Delete(&models.Role{}).Where("org_id = ?", org.ID)`
			`cfg.DB().Delete(org)`
update 1 week ago			`return nil, vigo.ErrInternalServer.WithError(err)`
			`}`

fix bug 1 week ago			`member := &models.OrgMember{`
			`OrgID: org.ID,`
			`UserID: ownerID,`
			`Status: models.MemberStatusActive,`
			`JoinedAt: org.CreatedAt.Format("2006-01-02 15:04:05"),`
			`}`
			`if err := cfg.DB().Create(member).Error; err != nil {`
			`// 回滚`
			`auth.VBaseAuth.RevokeRole(x.Context(), ownerID, org.ID, "admin")`
			`cfg.DB().Delete(org)`
			`return nil, vigo.ErrInternalServer.WithError(err)`
			`}`

upgrade new version 1 week ago			`return org, nil`
			`}`