mirror of https://github.com/veypi/OneAuth.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
88 lines
2.3 KiB
Go
88 lines
2.3 KiB
Go
package role
|
|
|
|
import (
|
|
"github.com/veypi/vbase/cfg"
|
|
"github.com/veypi/vbase/models"
|
|
"github.com/veypi/vigo"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
type GetPermissionsReq struct {
|
|
RoleID string `src:"path@id" desc:"Role ID"`
|
|
}
|
|
|
|
func getPermissions(x *vigo.X, req *GetPermissionsReq) ([]models.Permission, error) {
|
|
var permissions []models.Permission
|
|
if err := cfg.DB().Where("role_id = ?", req.RoleID).Find(&permissions).Error; err != nil {
|
|
return nil, vigo.ErrDatabase.WithError(err)
|
|
}
|
|
return permissions, nil
|
|
}
|
|
|
|
type UpdatePermissionsReq struct {
|
|
RoleID string `src:"path@id" desc:"Role ID"`
|
|
Permissions []PermissionInput `json:"permissions" src:"json" desc:"Permissions to add"`
|
|
Remove []string `json:"remove" src:"json" desc:"Permission IDs to remove"`
|
|
Replace []string `json:"permission_ids" src:"json" desc:"Full replace (legacy)"`
|
|
}
|
|
|
|
type PermissionInput struct {
|
|
Scope string `json:"scope"`
|
|
PermissionID string `json:"permission_id"`
|
|
Level int `json:"level"`
|
|
}
|
|
|
|
func updatePermissions(x *vigo.X, req *UpdatePermissionsReq) error {
|
|
var role models.Role
|
|
if err := cfg.DB().First(&role, "id = ?", req.RoleID).Error; err != nil {
|
|
return vigo.ErrNotFound
|
|
}
|
|
|
|
return cfg.DB().Transaction(func(tx *gorm.DB) error {
|
|
// Full replace (legacy mode)
|
|
if len(req.Replace) > 0 {
|
|
if role.IsSystem {
|
|
return vigo.NewError("cannot modify permissions of system role").WithCode(40300)
|
|
}
|
|
if err := tx.Where("role_id = ?", req.RoleID).Delete(&models.Permission{}).Error; err != nil {
|
|
return err
|
|
}
|
|
for _, pid := range req.Replace {
|
|
if err := tx.Create(&models.Permission{
|
|
Scope: "vb", RoleID: &req.RoleID, PermissionID: pid, Level: 7,
|
|
}).Error; err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Remove specific permissions
|
|
if len(req.Remove) > 0 {
|
|
if err := tx.Where("role_id = ? AND id IN ?", req.RoleID, req.Remove).
|
|
Delete(&models.Permission{}).Error; err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
// Add new permissions
|
|
if len(req.Permissions) > 0 {
|
|
for _, p := range req.Permissions {
|
|
if p.Level == 0 {
|
|
p.Level = 7
|
|
}
|
|
if p.Scope == "" {
|
|
p.Scope = "vb"
|
|
}
|
|
if err := tx.Create(&models.Permission{
|
|
Scope: p.Scope, RoleID: &req.RoleID, PermissionID: p.PermissionID, Level: p.Level,
|
|
}).Error; err != nil {
|
|
return err
|
|
}
|
|
}
|
|
}
|
|
|
|
return nil
|
|
})
|
|
}
|