OptimusX
/
OneAuth
mirror of https://github.com/veypi/OneAuth.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(org): 为组织创建者添加权限

Browse Source 
创建组织时,为组织特定的 admin 角色添加权限:
- vb:*:* (通配符权限)
- vb:org:read
- vb:org:update
- vb:org:delete

修复了组织创建者无法修改自己创建的组织的问题
v3
veypi 1 week ago
parent d7ee1a1f4e
commit ba39611f58
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File

15
api/org/create.go
Unescape Escape View File

@ -72,6 +72,21 @@ func create(x *vigo.X, req *CreateRequest) (*models.Org, error) {
return nil, vigo.ErrInternalServer.WithError(err) return nil, vigo.ErrInternalServer.WithError(err)
} }
// 为组织 admin 角色添加权限 (vb:*:* 表示该组织下的所有权限)
adminPerms := []models.RolePermission{
{RoleID: adminRole.ID, PermissionID: "vb:*:*", Condition: "none"},
{RoleID: adminRole.ID, PermissionID: "vb:org:read", Condition: "none"},
{RoleID: adminRole.ID, PermissionID: "vb:org:update", Condition: "none"},
{RoleID: adminRole.ID, PermissionID: "vb:org:delete", Condition: "none"},
}
for _, perm := range adminPerms {
if err := cfg.DB().Create(&perm).Error; err != nil {
cfg.DB().Delete(&models.Role{}).Where("org_id = ?", org.ID)
cfg.DB().Delete(org)
return nil, vigo.ErrInternalServer.WithError(err)
}
}
// 授予创建者 admin 角色 // 授予创建者 admin 角色
if err := auth.VBaseAuth.GrantRole(x.Context(), ownerID, org.ID, "admin"); err != nil { if err := auth.VBaseAuth.GrantRole(x.Context(), ownerID, org.ID, "admin"); err != nil {
// 回滚 // 回滚

Write Preview
Loading…
Cancel
Save