OneAuth/api/org/add_member.go

// Copyright (C) 2024 veypi <i@veypi.com>
// 2025-03-04 16:08:06
// Distributed under terms of the MIT license.

package org

import (
	"time"

	"github.com/veypi/vbase/auth"
	"github.com/veypi/vbase/cfg"
	"github.com/veypi/vbase/models"
	"github.com/veypi/vigo"
)

type AddMemberRequest struct {
	OrgID  string `src:"path@org_id" desc:"组织ID"`
	UserID string `json:"user_id" src:"json" desc:"用户ID"`
	Role   string `json:"role,omitempty" src:"json" desc:"角色代码 (默认: member)"`
}

func addMember(x *vigo.X, req *AddMemberRequest) (*models.OrgMember, error) {
	// 检查组织是否存在
	var org models.Org
	if err := cfg.DB().First(&org, "id = ?", req.OrgID).Error; err != nil {
		return nil, vigo.ErrNotFound
	}

	// 检查用户是否存在
	var user models.User
	if err := cfg.DB().First(&user, "id = ?", req.UserID).Error; err != nil {
		return nil, vigo.ErrNotFound.WithString("user not found")
	}

	// 检查用户是否已经是成员
	var count int64
	cfg.DB().Model(&models.OrgMember{}).Where("org_id = ? AND user_id = ?", req.OrgID, req.UserID).Count(&count)
	if count > 0 {
		return nil, vigo.ErrInvalidArg.WithString("user is already a member of this organization")
	}

	// 确定角色
	roleCode := req.Role
	if roleCode == "" {
		roleCode = "member"
	}

	// 授予角色
	if err := auth.VBaseAuth.GrantRole(x.Context(), req.UserID, req.OrgID, roleCode); err != nil {
		return nil, vigo.ErrInternalServer.WithError(err)
	}

	// 创建成员记录
	member := &models.OrgMember{
		OrgID:    req.OrgID,
		UserID:   req.UserID,
		Status:   models.MemberStatusActive,
		JoinedAt: time.Now().Format("2006-01-02 15:04:05"),
	}

	if err := cfg.DB().Create(member).Error; err != nil {
		// 回滚角色授予
		auth.VBaseAuth.RevokeRole(x.Context(), req.UserID, req.OrgID, roleCode)
		return nil, vigo.ErrInternalServer.WithError(err)
	}

	return member, nil
}