From ba39611f58bb9f973bc28c7a1baeca4fdad71616 Mon Sep 17 00:00:00 2001
From: veypi <i@veypi.com>
Date: Sun, 15 Feb 2026 20:17:38 +0800
Subject: [PATCH] =?UTF-8?q?fix(org):=20=E4=B8=BA=E7=BB=84=E7=BB=87?=
 =?UTF-8?q?=E5=88=9B=E5=BB=BA=E8=80=85=E6=B7=BB=E5=8A=A0=E6=9D=83=E9=99=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

创建组织时，为组织特定的 admin 角色添加权限：
- vb:*:* (通配符权限)
- vb:org:read
- vb:org:update
- vb:org:delete

修复了组织创建者无法修改自己创建的组织的问题
---
 api/org/create.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/api/org/create.go b/api/org/create.go
index 8b94830..0816970 100644
--- a/api/org/create.go
+++ b/api/org/create.go
@@ -72,6 +72,21 @@ func create(x *vigo.X, req *CreateRequest) (*models.Org, error) {
 		return nil, vigo.ErrInternalServer.WithError(err)
 	}
 
+	// 为组织 admin 角色添加权限 (vb:*:* 表示该组织下的所有权限)
+	adminPerms := []models.RolePermission{
+		{RoleID: adminRole.ID, PermissionID: "vb:*:*", Condition: "none"},
+		{RoleID: adminRole.ID, PermissionID: "vb:org:read", Condition: "none"},
+		{RoleID: adminRole.ID, PermissionID: "vb:org:update", Condition: "none"},
+		{RoleID: adminRole.ID, PermissionID: "vb:org:delete", Condition: "none"},
+	}
+	for _, perm := range adminPerms {
+		if err := cfg.DB().Create(&perm).Error; err != nil {
+			cfg.DB().Delete(&models.Role{}).Where("org_id = ?", org.ID)
+			cfg.DB().Delete(org)
+			return nil, vigo.ErrInternalServer.WithError(err)
+		}
+	}
+
 	// 授予创建者 admin 角色
 	if err := auth.VBaseAuth.GrantRole(x.Context(), ownerID, org.ID, "admin"); err != nil {
 		// 回滚