package auth import ( "errors" "github.com/veypi/OneAuth/models" "github.com/veypi/OneAuth/oalib" "gorm.io/gorm" ) // 定义oa系统权限 type Resource = string const ( // ruid 皆为app uuid User Resource = "user" APP Resource = "app" Res Resource = "resource" Role Resource = "role" Auth Resource = "auth" ) func BindUserRole(tx *gorm.DB, userID uint, roleID uint) error { ur := &models.UserRole{} ur.RoleID = roleID ur.UserID = userID err := tx.Where(ur).First(ur).Error if errors.Is(err, gorm.ErrRecordNotFound) { err = tx.Create(ur).Error if err == nil { tx.Model(&models.Role{}).Where("ID = ?", roleID). Update("UserCount", gorm.Expr("UserCount + ?", 1)) } } return err } func UnBindUserRole(tx *gorm.DB, userID uint, roleID uint) error { ur := &models.UserRole{} ur.RoleID = roleID ur.UserID = userID err := tx.Unscoped().Where(ur).Delete(ur).Error if err == nil { tx.Model(&models.Role{}).Where("ID = ?", roleID). Update("UserCount", gorm.Expr("UserCount - ?", 1)) } return err } func BindUserAuth(tx *gorm.DB, userID uint, resID uint, level oalib.AuthLevel, ruid string) error { return bind(tx, userID, resID, level, ruid, false) } func BindRoleAuth(tx *gorm.DB, roleID uint, resID uint, level oalib.AuthLevel, ruid string) error { return bind(tx, roleID, resID, level, ruid, true) } func bind(tx *gorm.DB, id uint, resID uint, level oalib.AuthLevel, ruid string, isRole bool) error { r := &models.Resource{} r.ID = resID err := tx.Where(r).First(r).Error if err != nil { return err } au := &models.Auth{ AppUUID: r.AppUUID, ResourceID: resID, RID: r.Name, RUID: ruid, Level: level, } if isRole { au.RoleID = &id } else { au.UserID = &id } return tx.Where(au).FirstOrCreate(au).Error }