fix(org): 为组织创建者添加权限

创建组织时，为组织特定的 admin 角色添加权限： - vb:*:* (通配符权限) - vb:org:read - vb:org:update - vb:org:delete 修复了组织创建者无法修改自己创建的组织的问题
1 week ago · ba39611f58
parent d7ee1a1f4e
commit ba39611f58
1 changed files with 15 additions and 0 deletions
--- a/api/org/create.go
+++ b/api/org/create.go
@ -72,6 +72,21 @@ func create(x *vigo.X, req *CreateRequest) (*models.Org, error) {
 		return nil, vigo.ErrInternalServer.WithError(err)
 	}

+	// 为组织 admin 角色添加权限 (vb:*:* 表示该组织下的所有权限)
+	adminPerms := []models.RolePermission{
+		{RoleID: adminRole.ID, PermissionID: "vb:*:*", Condition: "none"},
+		{RoleID: adminRole.ID, PermissionID: "vb:org:read", Condition: "none"},
+		{RoleID: adminRole.ID, PermissionID: "vb:org:update", Condition: "none"},
+		{RoleID: adminRole.ID, PermissionID: "vb:org:delete", Condition: "none"},
+	}
+	for _, perm := range adminPerms {
+		if err := cfg.DB().Create(&perm).Error; err != nil {
+			cfg.DB().Delete(&models.Role{}).Where("org_id = ?", org.ID)
+			cfg.DB().Delete(org)
+			return nil, vigo.ErrInternalServer.WithError(err)
+		}
+	}
+
 	// 授予创建者 admin 角色
 	if err := auth.VBaseAuth.GrantRole(x.Context(), ownerID, org.ID, "admin"); err != nil {
 		// 回滚