You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
OneAuth/libs/auth/auth.go

78 lines
1.8 KiB
Go

package auth
import (
"errors"
"github.com/veypi/OneAuth/models"
"github.com/veypi/OneAuth/oalib"
"gorm.io/gorm"
)
// 定义oa系统权限
type Resource = string
const (
// ruid 皆为app uuid
User Resource = "user"
APP Resource = "app"
Res Resource = "resource"
Role Resource = "role"
Auth Resource = "auth"
)
func BindUserRole(tx *gorm.DB, userID uint, roleID uint) error {
ur := &models.UserRole{}
ur.RoleID = roleID
ur.UserID = userID
err := tx.Where(ur).First(ur).Error
if errors.Is(err, gorm.ErrRecordNotFound) {
err = tx.Create(ur).Error
if err == nil {
tx.Model(&models.Role{}).Where("ID = ?", roleID).
Update("UserCount", gorm.Expr("UserCount + ?", 1))
}
}
return err
}
func UnBindUserRole(tx *gorm.DB, userID uint, roleID uint) error {
ur := &models.UserRole{}
ur.RoleID = roleID
ur.UserID = userID
err := tx.Unscoped().Where(ur).Delete(ur).Error
if err == nil {
tx.Model(&models.Role{}).Where("ID = ?", roleID).
Update("UserCount", gorm.Expr("UserCount - ?", 1))
}
return err
}
func BindUserAuth(tx *gorm.DB, userID uint, resID uint, level oalib.AuthLevel, ruid string) error {
return bind(tx, userID, resID, level, ruid, false)
}
func BindRoleAuth(tx *gorm.DB, roleID uint, resID uint, level oalib.AuthLevel, ruid string) error {
return bind(tx, roleID, resID, level, ruid, true)
}
func bind(tx *gorm.DB, id uint, resID uint, level oalib.AuthLevel, ruid string, isRole bool) error {
r := &models.Resource{}
r.ID = resID
err := tx.Where(r).First(r).Error
if err != nil {
return err
}
au := &models.Auth{
AppUUID: r.AppUUID,
ResourceID: resID,
RID: r.Name,
RUID: ruid,
Level: level,
}
if isRole {
au.RoleID = &id
} else {
au.UserID = &id
}
return tx.Where(au).FirstOrCreate(au).Error
}