package storage import ( "fmt" "goalfymax-admin/internal/models" "gorm.io/gorm" ) // RBACStorage 简化的RBAC存储接口 type RBACStorage interface { // 角色页面权限管理 AssignRolePagePermissions(roleID uint, pageIDs []uint) error RemoveRolePagePermissions(roleID uint, pageIDs []uint) error GetRolePagePermissions(roleID uint) ([]models.Page, error) GetRolePagePermissionIDs(roleID uint) ([]uint, error) // 页面权限检查 CheckUserRolePagePermission(userID uint, pagePath string) (bool, error) GetUserRoleAccessiblePages(userID uint) ([]string, error) // 角色管理 GetDefaultRoleID(roleID *uint) error GetRoleByID(roleID uint) (*models.Role, error) } type rbacStorage struct { db *gorm.DB } // NewRBACStorage 创建RBAC存储实例 func NewRBACStorage() RBACStorage { return &rbacStorage{db: DB} } // AssignRolePagePermissions 分配角色页面权限 func (s *rbacStorage) AssignRolePagePermissions(roleID uint, pageIDs []uint) error { var rolePagePermissions []models.RolePagePermission for _, pageID := range pageIDs { rolePagePermissions = append(rolePagePermissions, models.RolePagePermission{ RoleID: roleID, PageID: pageID, }) } return s.db.Create(&rolePagePermissions).Error } // RemoveRolePagePermissions 移除角色页面权限 func (s *rbacStorage) RemoveRolePagePermissions(roleID uint, pageIDs []uint) error { return s.db.Where("role_id = ? AND page_id IN ?", roleID, pageIDs).Delete(&models.RolePagePermission{}).Error } // GetRolePagePermissions 获取角色页面权限 func (s *rbacStorage) GetRolePagePermissions(roleID uint) ([]models.Page, error) { var pages []models.Page err := s.db.Table("admin_pages"). Joins("JOIN admin_role_page_permissions ON admin_pages.id = admin_role_page_permissions.page_id"). Where("admin_role_page_permissions.role_id = ? AND admin_role_page_permissions.deleted_at IS NULL", roleID). Find(&pages).Error return pages, err } // GetRolePagePermissionIDs 获取角色页面权限ID列表 func (s *rbacStorage) GetRolePagePermissionIDs(roleID uint) ([]uint, error) { var pageIDs []uint err := s.db.Model(&models.RolePagePermission{}). Where("role_id = ?", roleID). Pluck("page_id", &pageIDs).Error return pageIDs, err } // CheckUserRolePagePermission 检查用户基于角色的页面权限 func (s *rbacStorage) CheckUserRolePagePermission(userID uint, pagePath string) (bool, error) { var count int64 err := s.db.Table("admin_users"). Joins("JOIN admin_role_page_permissions ON admin_users.role_id = admin_role_page_permissions.role_id"). Joins("JOIN admin_pages ON admin_role_page_permissions.page_id = admin_pages.id"). Where("admin_users.id = ? AND admin_pages.path = ? AND admin_pages.is_active = TRUE AND admin_users.deleted_at IS NULL AND admin_role_page_permissions.deleted_at IS NULL", userID, pagePath). Count(&count).Error return count > 0, err } // GetUserRoleAccessiblePages 获取用户基于角色的可访问页面 func (s *rbacStorage) GetUserRoleAccessiblePages(userID uint) ([]string, error) { var pages []string // 添加调试日志 fmt.Printf("🔍 [RBACStorage] 查询用户 %d 的可访问页面\n", userID) err := s.db.Table("admin_users"). Joins("JOIN admin_role_page_permissions ON admin_users.role_id = admin_role_page_permissions.role_id"). Joins("JOIN admin_pages ON admin_role_page_permissions.page_id = admin_pages.id"). Where("admin_users.id = ? AND admin_pages.is_active = TRUE AND admin_users.deleted_at IS NULL AND admin_role_page_permissions.deleted_at IS NULL", userID). Select("DISTINCT admin_pages.path"). Pluck("admin_pages.path", &pages).Error fmt.Printf("🔍 [RBACStorage] 用户 %d 可访问页面: %v\n", userID, pages) return pages, err } // GetDefaultRoleID 获取默认角色ID func (s *rbacStorage) GetDefaultRoleID(roleID *uint) error { return s.db.Table("admin_roles"). Where("is_default = TRUE AND deleted_at IS NULL"). Select("id"). First(roleID).Error } // GetRoleByID 根据ID获取角色 func (s *rbacStorage) GetRoleByID(roleID uint) (*models.Role, error) { var role models.Role err := s.db.Where("id = ? AND deleted_at IS NULL", roleID).First(&role).Error if err != nil { return nil, err } return &role, nil }