OneAuth/api/role/permissions.go

package role

import (
	"github.com/veypi/vbase/cfg"
	"github.com/veypi/vbase/models"
	"github.com/veypi/vigo"
	"gorm.io/gorm"
)

type GetPermissionsReq struct {
	RoleID string `src:"path@id" desc:"Role ID"`
}

func getPermissions(x *vigo.X, req *GetPermissionsReq) ([]models.Permission, error) {
	var rolePermissions []models.RolePermission
	if err := cfg.DB().Preload("Permission").Where("role_id = ?", req.RoleID).Find(&rolePermissions).Error; err != nil {
		return nil, vigo.ErrDatabase.WithError(err)
	}

	permissions := make([]models.Permission, 0, len(rolePermissions))
	for _, rp := range rolePermissions {
		permissions = append(permissions, rp.Permission)
	}
	return permissions, nil
}

type UpdatePermissionsReq struct {
	RoleID        string   `src:"path@id" desc:"Role ID"`
	PermissionIDs []string `json:"permission_ids" src:"json" desc:"List of Permission IDs"`
}

func updatePermissions(x *vigo.X, req *UpdatePermissionsReq) error {
	var role models.Role
	if err := cfg.DB().First(&role, "id = ?", req.RoleID).Error; err != nil {
		return vigo.ErrNotFound
	}

	if role.IsSystem {
		return vigo.NewError("cannot modify permissions of system role").WithCode(40300)
	}

	return cfg.DB().Transaction(func(tx *gorm.DB) error {
		// Delete existing permissions
		if err := tx.Where("role_id = ?", req.RoleID).Delete(&models.RolePermission{}).Error; err != nil {
			return err
		}

		// Add new permissions
		if len(req.PermissionIDs) > 0 {
			rolePermissions := make([]models.RolePermission, 0, len(req.PermissionIDs))
			for _, pid := range req.PermissionIDs {
				rolePermissions = append(rolePermissions, models.RolePermission{
					RoleID:       req.RoleID,
					PermissionID: pid,
					Condition:    "none", // Default condition
				})
			}
			if err := tx.Create(&rolePermissions).Error; err != nil {
				return err
			}
		}
		return nil
	})
}