refactor(api): Update permission codes and remove org-related code

- Update API endpoints to use scoped permission codes (e.g., role:*) - Fix role list scope parameter to use pointer type - Add Options type alias in init.go for external use - Remove org-related cache functions from libs/cache
3 weeks ago · 12c55a2997
parent b00e36ca80
commit 12c55a2997
8 changed files with 34 additions and 120 deletions
--- a/api/oauth/init.go
+++ b/api/oauth/init.go
@ -22,11 +22,11 @@ func init() {

 	// === OAuth 客户端管理（需要认证）===
 	clientRouter := Router.SubRouter("/clients")
-	clientRouter.Get("/", "OAuth客户端列表", auth.VBaseAuth.PermRead("oauth-client"), listClients)
+	clientRouter.Get("/", "OAuth客户端列表", auth.VBaseAuth.PermRead("oauth-client:*"), listClients)
 	clientRouter.Post("/", "创建OAuth客户端", auth.VBaseAuth.PermCreate("oauth-client"), createClient)
-	clientRouter.Get("/{client_id}", "获取客户端详情", auth.VBaseAuth.PermRead("oauth-client"), getClient)
-	clientRouter.Patch("/{client_id}", "更新OAuth客户端", auth.VBaseAuth.PermWrite("oauth-client"), updateClient)
-	clientRouter.Delete("/{client_id}", "删除OAuth客户端", auth.VBaseAuth.PermWrite("oauth-client"), deleteClient)
+	clientRouter.Get("/{client_id}", "获取客户端详情", auth.VBaseAuth.PermRead("oauth-client:*"), getClient)
+	clientRouter.Patch("/{client_id}", "更新OAuth客户端", auth.VBaseAuth.PermWrite("oauth-client:*"), updateClient)
+	clientRouter.Delete("/{client_id}", "删除OAuth客户端", auth.VBaseAuth.PermWrite("oauth-client:*"), deleteClient)

 	// === OAuth 提供商管理 ===
 	Router.Extend("/providers", providers.Router)
--- a/api/oauth/providers/init.go
+++ b/api/oauth/providers/init.go
@ -7,6 +7,7 @@
 package providers

 import (
+	"github.com/veypi/vbase/auth"
 	"github.com/veypi/vigo"
 )

@ -14,15 +15,15 @@ var Router = vigo.NewRouter()

 func init() {
 	// 获取所有提供商（包括禁用的，管理员用）
-	Router.Get("/", "获取 OAuth 提供商列表", list)
+	Router.Get("/", "获取 OAuth 提供商列表", auth.VBaseAuth.PermRead("oauth-provider:*"), list)
 	// 获取单个提供商详情
-	Router.Get("/{code}", "获取 OAuth 提供商详情", get)
+	Router.Get("/{code}", "获取 OAuth 提供商详情", auth.VBaseAuth.PermRead("oauth-provider:*"), get)
 	// 创建新提供商
-	Router.Post("/", "创建 OAuth 提供商", create)
+	Router.Post("/", "创建 OAuth 提供商", auth.VBaseAuth.PermCreate("oauth-provider"), create)
 	// 更新提供商
-	Router.Patch("/{code}", "更新 OAuth 提供商", update)
+	Router.Patch("/{code}", "更新 OAuth 提供商", auth.VBaseAuth.PermWrite("oauth-provider:*"), update)
 	// 删除提供商（仅非内置）
-	Router.Delete("/{code}", "删除 OAuth 提供商", del)
+	Router.Delete("/{code}", "删除 OAuth 提供商", auth.VBaseAuth.PermWrite("oauth-provider:*"), del)
 	// 获取内置模板
-	Router.Get("/templates", "获取内置 OAuth 模板", templates)
+	Router.Get("/templates", "获取内置 OAuth 模板", auth.VBaseAuth.PermRead("oauth-provider:*"), templates)
 }
--- a/api/role/init.go
+++ b/api/role/init.go
@ -8,11 +8,11 @@ import (
 var Router = vigo.NewRouter()

 func init() {
-	Router.Get("/", "List Roles", auth.VBaseAuth.PermRead("role"), list)
-	Router.Get("/{id}", "Get Role Detail", auth.VBaseAuth.PermRead("role"), get)
+	Router.Get("/", "List Roles", auth.VBaseAuth.PermRead("role:*"), list)
+	Router.Get("/{id}", "Get Role Detail", auth.VBaseAuth.PermRead("role:*"), get)
 	Router.Post("/", "Create Role", auth.VBaseAuth.PermCreate("role"), create)
-	Router.Patch("/{id}", "Update Role", auth.VBaseAuth.PermWrite("role"), patch)
-	Router.Delete("/{id}", "Delete Role", auth.VBaseAuth.PermWrite("role"), del)
-	Router.Get("/{id}/permissions", "Get Role Permissions", auth.VBaseAuth.PermRead("role"), getPermissions)
-	Router.Put("/{id}/permissions", "Update Role Permissions", auth.VBaseAuth.PermWrite("role"), updatePermissions)
+	Router.Patch("/{id}", "Update Role", auth.VBaseAuth.PermWrite("role:*"), patch)
+	Router.Delete("/{id}", "Delete Role", auth.VBaseAuth.PermWrite("role:*"), del)
+	Router.Get("/{id}/permissions", "Get Role Permissions", auth.VBaseAuth.PermRead("role:*"), getPermissions)
+	Router.Put("/{id}/permissions", "Update Role Permissions", auth.VBaseAuth.PermWrite("role:*"), updatePermissions)
 }
--- a/api/role/list.go
+++ b/api/role/list.go
@ -9,7 +9,7 @@ import (
 type ListReq struct {
 	Page     int     `json:"page" src:"query" default:"1"`
 	PageSize int     `json:"page_size" src:"query" default:"20"`
-	Scope    string  `json:"scope" src:"query" desc:"Scope"`
+	Scope    *string `json:"scope" src:"query" desc:"Scope"`
 	Keyword  *string `json:"keyword" src:"query" desc:"Search Keyword"`
 }

@ -24,8 +24,8 @@ type ListResp struct {
 func list(x *vigo.X, req *ListReq) (*ListResp, error) {
 	db := cfg.DB().Model(&models.Role{})

-	if req.Scope != "" {
-		db = db.Where("scope = ?", req.Scope)
+	if req.Scope != nil && *req.Scope != "" {
+		db = db.Where("scope = ?", *req.Scope)
 	}

 	if req.Keyword != nil && *req.Keyword != "" {
--- a/api/settings/init.go
+++ b/api/settings/init.go
@ -16,7 +16,7 @@ var Router = vigo.NewRouter()
 func init() {
 	// 获取设置列表（支持按分类过滤）
 	// 只有拥有所有权限的可以修改配置表
-	Router.Get("/", "获取设置列表", auth.VBaseAuth.PermRead("setting"), list)
+	Router.Get("/", "获取设置列表", auth.VBaseAuth.PermRead("setting:*"), list)
 	// 批量更新设置
-	Router.Put("/", "批量更新设置", auth.VBaseAuth.PermWrite("setting"), update)
+	Router.Put("/", "批量更新设置", auth.VBaseAuth.PermWrite("setting:*"), update)
 }
--- a/api/user/init.go
+++ b/api/user/init.go
@ -15,15 +15,15 @@ var Router = vigo.NewRouter()

 func init() {
 	// 管理员 管理用户权限 (所有接口需要 user:admin 权限)
-	Router.Get("/", "用户列表", auth.VBaseAuth.PermRead("user"), list)
+	Router.Get("/", "用户列表", auth.VBaseAuth.PermRead("user:*"), list)
 	Router.Post("/", "创建用户", auth.VBaseAuth.PermCreate("user"), create)
-	Router.Get("/{user_id}", "获取用户详情", auth.VBaseAuth.PermRead("user"), get)
-	Router.Patch("/{user_id}", "更新用户", auth.VBaseAuth.PermWrite("user"), patch)
-	Router.Delete("/{user_id}", "删除用户", auth.VBaseAuth.PermWrite("user"), del)
-	Router.Patch("/{user_id}/status", "更新用户状态", auth.VBaseAuth.PermWrite("user"), updateStatus)
+	Router.Get("/{user_id}", "获取用户详情", auth.VBaseAuth.PermRead("user:*"), get)
+	Router.Patch("/{user_id}", "更新用户", auth.VBaseAuth.PermWrite("user:*"), patch)
+	Router.Delete("/{user_id}", "删除用户", auth.VBaseAuth.PermWrite("user:*"), del)
+	Router.Patch("/{user_id}/status", "更新用户状态", auth.VBaseAuth.PermWrite("user:*"), updateStatus)

-	Router.Get("/{user_id}/roles", "Get User Roles", auth.VBaseAuth.PermRead("user"), getRoles)
-	Router.Put("/{user_id}/roles", "Update User Roles", auth.VBaseAuth.PermWrite("user"), updateRoles)
-	Router.Get("/{user_id}/permissions", "Get User Permissions", auth.VBaseAuth.PermRead("user"), getPermissions)
-	Router.Put("/{user_id}/permissions", "Update User Permissions", auth.VBaseAuth.PermWrite("user"), updatePermissions)
+	Router.Get("/{user_id}/roles", "Get User Roles", auth.VBaseAuth.PermRead("user:*"), getRoles)
+	Router.Put("/{user_id}/roles", "Update User Roles", auth.VBaseAuth.PermWrite("user:*"), updateRoles)
+	Router.Get("/{user_id}/permissions", "Get User Permissions", auth.VBaseAuth.PermRead("user:*"), getPermissions)
+	Router.Put("/{user_id}/permissions", "Update User Permissions", auth.VBaseAuth.PermWrite("user:*"), updatePermissions)
 }
--- a/init.go
+++ b/init.go
@ -24,6 +24,8 @@ var (
 	Config  = cfg.Global
 )

+type Options = cfg.Options
+
 func Init() error {
 	return models.Migrate()
 }
--- a/libs/cache/cache.go
+++ b/libs/cache/cache.go
@ -181,102 +181,13 @@ func SetNX(key string, value interface{}, expiration time.Duration) (bool, error
 	return Client.SetNX(Ctx, key, value, expiration).Result()
 }

-// ==================== 权限缓存相关 ====================
-
-// PermKey 生成权限缓存key
-func PermKey(userID, orgID, resource, action string) string {
-	if orgID == "" {
-		return fmt.Sprintf("perm:%s:%s:%s", userID, resource, action)
-	}
-	return fmt.Sprintf("perm:%s:%s:%s:%s", userID, orgID, resource, action)
-}
-
-// SetPermission 缓存权限结果
-func SetPermission(userID, orgID, resource, action string, allowed bool, expiration time.Duration) error {
-	key := PermKey(userID, orgID, resource, action)
-	value := "deny"
-	if allowed {
-		value = "allow"
-	}
-	return Set(key, value, expiration)
-}
-
-// GetPermission 获取缓存的权限结果
-func GetPermission(userID, orgID, resource, action string) (allowed bool, cached bool, err error) {
-	key := PermKey(userID, orgID, resource, action)
-	value, err := Get(key)
-	if err != nil {
-		if err == redis.Nil {
-			return false, false, nil
-		}
-		return false, false, err
-	}
-	return value == "allow", true, nil
-}
-
-// DeletePermission 删除权限缓存
-func DeletePermission(userID, orgID, resource, action string) error {
-	key := PermKey(userID, orgID, resource, action)
-	return Delete(key)
-}
-
-// DeleteUserPermissions 删除用户的所有权限缓存
-func DeleteUserPermissions(userID string) error {
-	if !IsEnabled() {
-		return nil
-	}
-	pattern := fmt.Sprintf("perm:%s:*", userID)
-	return deleteByPattern(pattern)
-}
-
-// DeleteOrgPermissions 删除组织的所有权限缓存
-func DeleteOrgPermissions(orgID string) error {
-	if !IsEnabled() {
-		return nil
-	}
-	pattern := fmt.Sprintf("perm:*:%s:*", orgID)
-	return deleteByPattern(pattern)
-}
-
-// deleteByPattern 根据pattern删除key
-func deleteByPattern(pattern string) error {
-	iter := Client.Scan(Ctx, 0, pattern, 0).Iterator()
-	var keys []string
-	for iter.Next(Ctx) {
-		keys = append(keys, iter.Val())
-		if len(keys) >= 100 {
-			if err := Delete(keys...); err != nil {
-				return err
-			}
-			keys = keys[:0]
-		}
-	}
-	if err := iter.Err(); err != nil {
-		return err
-	}
-	if len(keys) > 0 {
-		return Delete(keys...)
-	}
-	return nil
-}
-
-// ==================== 用户/组织缓存 ====================
+// ==================== 用户缓存 ====================

 // UserKey 用户缓存key
 func UserKey(userID string) string {
 	return fmt.Sprintf("user:%s", userID)
 }

-// OrgKey 组织缓存key
-func OrgKey(orgID string) string {
-	return fmt.Sprintf("org:%s", orgID)
-}
-
-// OrgMemberKey 组织成员缓存key
-func OrgMemberKey(orgID, userID string) string {
-	return fmt.Sprintf("org:%s:member:%s", orgID, userID)
-}
-
 // ==================== Token黑名单 ====================

 // TokenBlacklistKey Token黑名单key