package model // Policy 策略定义 type Policy struct { Base OrgID string `json:"org_id" gorm:"index"` // 空表示全局策略 Code string `json:"code" gorm:"uniqueIndex;size:50;not null"` Name string `json:"name" gorm:"size:50;not null"` Description string `json:"description" gorm:"size:200"` Resource string `json:"resource" gorm:"size:50;not null"` // 资源类型 Action string `json:"action" gorm:"size:20;not null"` // read/create/update/delete/* Condition string `json:"condition" gorm:"type:text"` // CEL表达式 Effect string `json:"effect" gorm:"size:10;default:allow"` Priority int `json:"priority" gorm:"default:0"` IsSystem bool `json:"is_system" gorm:"default:false"` } func (Policy) TableName() string { return "policies" } // Role 角色 type Role struct { Base OrgID string `json:"org_id" gorm:"index;not null"` Code string `json:"code" gorm:"size:50;not null"` Name string `json:"name" gorm:"size:50;not null"` Description string `json:"description" gorm:"size:200"` PolicyIDs string `json:"policy_ids" gorm:"type:text"` // 逗号分隔 IsDefault bool `json:"is_default" gorm:"default:false"` IsSystem bool `json:"is_system" gorm:"default:false"` SortOrder int `json:"sort_order" gorm:"default:0"` } func (Role) TableName() string { return "roles" } // Effect 常量 const ( EffectAllow = "allow" EffectDeny = "deny" ) // System Policies 系统内置策略编码 const ( SysPolicyUserReadOwn = "sys:user:read:own" SysPolicyUserUpdateOwn = "sys:user:update:own" SysPolicyUserDeleteOwn = "sys:user:delete:own" SysPolicyOrgAdmin = "sys:org:admin" SysPolicyOrgRead = "sys:org:read" SysPolicyMemberRead = "sys:member:read" SysPolicyMemberManage = "sys:member:manage" SysPolicyRoleRead = "sys:role:read" SysPolicyRoleManage = "sys:role:manage" SysPolicyPolicyRead = "sys:policy:read" SysPolicyPolicyManage = "sys:policy:manage" ) // System Roles 系统内置角色编码 const ( SysRoleOrgOwner = "owner" SysRoleOrgAdmin = "admin" SysRoleOrgMember = "member" )