OptimusX
/
OneAuth
mirror of https://github.com/veypi/OneAuth.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
v3
v2
v1.0.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8fa01c4c52'
${ noResults }
OneAuth/models/auth.go

147 lines
5.2 KiB
Go
Raw Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

//
// Copyright (C) 2024 veypi <i@veypi.com>
// 2025-02-14 16:08:06
// Distributed under terms of the MIT license.
//
package models
import (
"time"
"gorm.io/gorm"
)
// 角色代码常量
const (
RoleCodeAdmin = "admin"
RoleCodeUser = "user"
RoleCodeViewer = "viewer"
)
// Permission 权限定义表(权限字典)
// ID 格式: app:resource:action (例如: crm:customer:read)
type Permission struct {
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
DeletedAt gorm.DeletedAt `json:"-" gorm:"index"`
ID string `json:"id" gorm:"primaryKey;size:100" desc:"权限ID格式: app:resource:action"`
AppKey string `json:"app_key" gorm:"index;size:50" desc:"应用标识"`
Resource string `json:"resource" gorm:"index;size:50" desc:"资源类型"`
Action string `json:"action" gorm:"index;size:50" desc:"操作类型"`
Description string `json:"description" desc:"权限描述"`
}
func (Permission) TableName() string {
return "permissions"
}
// Role 角色表(不关联 app可跨应用
type Role struct {
Base
OrgID string `json:"org_id" gorm:"index;size:36" desc:"组织ID空=系统预设"`
Code string `json:"code" gorm:"index;size:50" desc:"角色代码"`
Name string `json:"name" desc:"角色名称"`
Description string `json:"description" desc:"角色描述"`
IsSystem bool `json:"is_system" desc:"是否系统预设角色"`
Status int `json:"status" gorm:"default:1" desc:"状态: 1=启用, 0=禁用"`
}
func (Role) TableName() string {
return "roles"
}
// RolePermission 角色权限关联表
type RolePermission struct {
Base
RoleID string `json:"role_id" gorm:"index;size:36" desc:"角色ID"`
PermissionID string `json:"permission_id" gorm:"index;size:100" desc:"权限ID"`
Condition string `json:"condition" gorm:"size:20;default:'none'" desc:"权限条件: none/owner/admin"`
}
func (RolePermission) TableName() string {
return "role_permissions"
}
// UserRole 用户角色关联表
type UserRole struct {
Base
UserID string `json:"user_id" gorm:"index;size:36" desc:"用户ID"`
OrgID string `json:"org_id" gorm:"index;size:36" desc:"组织ID"`
RoleID string `json:"role_id" gorm:"index;size:36" desc:"角色ID"`
ExpireAt time.Time `json:"expire_at" desc:"过期时间(可选)"`
}
func (UserRole) TableName() string {
return "user_roles"
}
// UserPermission 用户特定资源权限表(数据级权限)
type UserPermission struct {
Base
UserID string `json:"user_id" gorm:"index;size:36" desc:"用户ID"`
OrgID string `json:"org_id" gorm:"index;size:36" desc:"组织ID"`
PermissionID string `json:"permission_id" gorm:"index;size:100" desc:"权限ID"`
ResourceID string `json:"resource_id" gorm:"index;size:100" desc:"具体资源ID* 表示所有"`
ExpireAt time.Time `json:"expire_at" desc:"过期时间(可选)"`
GrantedBy string `json:"granted_by" gorm:"size:36" desc:"授权人ID"`
}
func (UserPermission) TableName() string {
return "user_permissions"
}
// AppConfig 应用配置(用于权限初始化)
type AppConfig struct {
Name string `json:"name" desc:"应用名称"`
Description string `json:"description" desc:"应用描述"`
DefaultRoles []RoleDefinition `json:"default_roles" desc:"预设角色"`
}
// RoleDefinition 角色定义(配置用)
type RoleDefinition struct {
Code string `json:"code" desc:"角色代码"`
Name string `json:"name" desc:"角色名称"`
Description string `json:"description" desc:"角色描述"`
Policies []string `json:"policies" desc:"权限列表: ["customer:read", "*:*"]"`
}
// GrantRoleRequest 授予角色请求
type GrantRoleRequest struct {
UserID string `json:"user_id" desc:"用户ID"`
OrgID string `json:"org_id" desc:"组织ID"`
RoleCode string `json:"role_code" desc:"角色代码"`
ExpireAt time.Time `json:"expire_at" desc:"过期时间(可选)"`
}
// GrantResourcePermRequest 授予资源权限请求
type GrantResourcePermRequest struct {
UserID string `json:"user_id" desc:"用户ID"`
OrgID string `json:"org_id" desc:"组织ID"`
PermissionID string `json:"permission_id" desc:"权限ID"`
ResourceID string `json:"resource_id" desc:"资源实例ID* 表示所有"`
ExpireAt time.Time `json:"expire_at" desc:"过期时间(可选)"`
GrantedBy string `json:"granted_by" desc:"授权人ID"`
}
// CheckPermRequest 检查权限请求
type CheckPermRequest struct {
UserID string `json:"user_id" desc:"用户ID"`
OrgID string `json:"org_id" desc:"组织ID"`
PermissionID string `json:"permission_id" desc:"权限ID"`
ResourceID string `json:"resource_id" desc:"资源实例ID可选"`
}
// UserPermissionResult 用户权限结果
type UserPermissionResult struct {
PermissionID string `json:"permission_id" desc:"权限ID"`
ResourceID string `json:"resource_id" desc:"资源ID* 表示所有"`
Actions []string `json:"actions" desc:"允许的操作"`
}
// ResourceUser 资源授权用户
type ResourceUser struct {
UserID string `json:"user_id" desc:"用户ID"`
Actions []string `json:"actions" desc:"允许的操作"`
}
Reference in New Issue View Git Blame Copy Permalink