package services import ( "errors" "go.uber.org/zap" "goalfymax-admin/internal/models" "goalfymax-admin/internal/storage" "goalfymax-admin/pkg/utils" ) // RBACService 简化的RBAC服务接口 type RBACService interface { // 角色页面权限管理 AssignRolePagePermissions(req *models.RolePagePermissionAssignRequest) error RemoveRolePagePermissions(roleID uint, pageIDs []uint) error GetRolePagePermissions(roleID uint) ([]models.Page, error) GetRolePagePermissionIDs(roleID uint) ([]uint, error) // 页面权限检查 CheckUserPagePermission(userID uint, pagePath string) (bool, error) GetUserAccessiblePages(userID uint) ([]string, error) GetUserPermissionsResponse(userID uint) (*models.UserPermissionsResponse, error) GetRolePagePermissionsResponse(roleID uint) (*models.RolePagePermissionsResponse, error) // 角色管理 GetRoleByID(roleID uint) (*models.Role, error) } type rbacService struct { rbacStorage storage.RBACStorage userStorage storage.UserStorage logger *utils.Logger } // NewRBACService 创建RBAC服务实例 func NewRBACService(rbacStorage storage.RBACStorage, userStorage storage.UserStorage, logger *utils.Logger) RBACService { return &rbacService{ rbacStorage: rbacStorage, userStorage: userStorage, logger: logger, } } // AssignRolePagePermissions 分配角色页面权限 func (s *rbacService) AssignRolePagePermissions(req *models.RolePagePermissionAssignRequest) error { err := s.rbacStorage.AssignRolePagePermissions(req.RoleID, req.PageIDs) if err != nil { s.logger.Error("分配角色页面权限失败", zap.Uint("roleID", req.RoleID), zap.Uints("pageIDs", req.PageIDs), zap.Error(err)) return errors.New("分配角色页面权限失败") } s.logger.Info("分配角色页面权限成功", zap.Uint("roleID", req.RoleID), zap.Uints("pageIDs", req.PageIDs)) return nil } // RemoveRolePagePermissions 移除角色页面权限 func (s *rbacService) RemoveRolePagePermissions(roleID uint, pageIDs []uint) error { err := s.rbacStorage.RemoveRolePagePermissions(roleID, pageIDs) if err != nil { s.logger.Error("移除角色页面权限失败", zap.Uint("roleID", roleID), zap.Uints("pageIDs", pageIDs), zap.Error(err)) return errors.New("移除角色页面权限失败") } s.logger.Info("移除角色页面权限成功", zap.Uint("roleID", roleID), zap.Uints("pageIDs", pageIDs)) return nil } // GetRolePagePermissions 获取角色页面权限 func (s *rbacService) GetRolePagePermissions(roleID uint) ([]models.Page, error) { pages, err := s.rbacStorage.GetRolePagePermissions(roleID) if err != nil { s.logger.Error("获取角色页面权限失败", zap.Uint("roleID", roleID), zap.Error(err)) return nil, errors.New("获取角色页面权限失败") } return pages, nil } // GetRolePagePermissionIDs 获取角色页面权限ID列表 func (s *rbacService) GetRolePagePermissionIDs(roleID uint) ([]uint, error) { pageIDs, err := s.rbacStorage.GetRolePagePermissionIDs(roleID) if err != nil { s.logger.Error("获取角色页面权限ID失败", zap.Uint("roleID", roleID), zap.Error(err)) return nil, errors.New("获取角色页面权限ID失败") } return pageIDs, nil } // CheckUserPagePermission 检查用户页面权限 func (s *rbacService) CheckUserPagePermission(userID uint, pagePath string) (bool, error) { hasPermission, err := s.rbacStorage.CheckUserRolePagePermission(userID, pagePath) if err != nil { s.logger.Error("检查用户页面权限失败", zap.Uint("userID", userID), zap.String("pagePath", pagePath), zap.Error(err)) return false, errors.New("检查用户页面权限失败") } return hasPermission, nil } // GetUserAccessiblePages 获取用户可访问页面 func (s *rbacService) GetUserAccessiblePages(userID uint) ([]string, error) { pages, err := s.rbacStorage.GetUserRoleAccessiblePages(userID) if err != nil { s.logger.Error("获取用户可访问页面失败", zap.Uint("userID", userID), zap.Error(err)) return nil, errors.New("获取用户可访问页面失败") } return pages, nil } // GetUserPermissionsResponse 获取用户权限响应 func (s *rbacService) GetUserPermissionsResponse(userID uint) (*models.UserPermissionsResponse, error) { // 获取用户信息 user, err := s.userStorage.GetByID(userID) if err != nil { s.logger.Error("获取用户信息失败", zap.Uint("userID", userID), zap.Error(err)) return nil, errors.New("获取用户信息失败") } // 查询角色信息 role, err := s.rbacStorage.GetRoleByID(user.RoleID) if err != nil { s.logger.Error("获取角色信息失败", zap.Uint("roleID", user.RoleID), zap.Error(err)) return nil, errors.New("获取角色信息失败") } // 获取用户可访问页面 pagePaths, err := s.GetUserAccessiblePages(userID) if err != nil { s.logger.Error("获取用户可访问页面失败", zap.Uint("userID", userID), zap.Error(err)) return nil, errors.New("获取用户可访问页面失败") } // 转换页面路径为页面对象 var pages []models.Page for _, path := range pagePaths { pages = append(pages, models.Page{Path: path}) } return &models.UserPermissionsResponse{ User: *user, Roles: []models.Role{*role}, Pages: pages, }, nil } // GetRolePagePermissionsResponse 获取角色页面权限响应 func (s *rbacService) GetRolePagePermissionsResponse(roleID uint) (*models.RolePagePermissionsResponse, error) { // 获取角色信息(这里需要从角色存储中获取,暂时简化) role := models.Role{BaseModel: models.BaseModel{ID: roleID}} // 获取角色页面权限 pages, err := s.GetRolePagePermissions(roleID) if err != nil { s.logger.Error("获取角色页面权限失败", zap.Uint("roleID", roleID), zap.Error(err)) return nil, errors.New("获取角色页面权限失败") } return &models.RolePagePermissionsResponse{ Role: role, Pages: pages, }, nil } // GetRoleByID 根据ID获取角色 func (s *rbacService) GetRoleByID(roleID uint) (*models.Role, error) { return s.rbacStorage.GetRoleByID(roleID) }