goalfylearning-admin/internal/storage/rbac_storage.go

package storage

import (
	"fmt"
	"goalfymax-admin/internal/models"
	"gorm.io/gorm"
)

// RBACStorage 简化的RBAC存储接口
type RBACStorage interface {
	// 角色页面权限管理
	AssignRolePagePermissions(roleID uint, pageIDs []uint) error
	RemoveRolePagePermissions(roleID uint, pageIDs []uint) error
	GetRolePagePermissions(roleID uint) ([]models.Page, error)
	GetRolePagePermissionIDs(roleID uint) ([]uint, error)

	// 页面权限检查
	CheckUserRolePagePermission(userID uint, pagePath string) (bool, error)
	GetUserRoleAccessiblePages(userID uint) ([]string, error)

	// 角色管理
	GetDefaultRoleID(roleID *uint) error
	GetRoleByID(roleID uint) (*models.Role, error)
}

type rbacStorage struct {
	db *gorm.DB
}

// NewRBACStorage 创建RBAC存储实例
func NewRBACStorage() RBACStorage {
	return &rbacStorage{db: DB}
}

// AssignRolePagePermissions 分配角色页面权限
func (s *rbacStorage) AssignRolePagePermissions(roleID uint, pageIDs []uint) error {
	var rolePagePermissions []models.RolePagePermission
	for _, pageID := range pageIDs {
		rolePagePermissions = append(rolePagePermissions, models.RolePagePermission{
			RoleID: roleID,
			PageID: pageID,
		})
	}
	return s.db.Create(&rolePagePermissions).Error
}

// RemoveRolePagePermissions 移除角色页面权限
func (s *rbacStorage) RemoveRolePagePermissions(roleID uint, pageIDs []uint) error {
	return s.db.Where("role_id = ? AND page_id IN ?", roleID, pageIDs).Delete(&models.RolePagePermission{}).Error
}

// GetRolePagePermissions 获取角色页面权限
func (s *rbacStorage) GetRolePagePermissions(roleID uint) ([]models.Page, error) {
	var pages []models.Page
	err := s.db.Table("admin_pages").
		Joins("JOIN admin_role_page_permissions ON admin_pages.id = admin_role_page_permissions.page_id").
		Where("admin_role_page_permissions.role_id = ? AND admin_role_page_permissions.deleted_at IS NULL", roleID).
		Find(&pages).Error
	return pages, err
}

// GetRolePagePermissionIDs 获取角色页面权限ID列表
func (s *rbacStorage) GetRolePagePermissionIDs(roleID uint) ([]uint, error) {
	var pageIDs []uint
	err := s.db.Model(&models.RolePagePermission{}).
		Where("role_id = ?", roleID).
		Pluck("page_id", &pageIDs).Error
	return pageIDs, err
}

// CheckUserRolePagePermission 检查用户基于角色的页面权限
func (s *rbacStorage) CheckUserRolePagePermission(userID uint, pagePath string) (bool, error) {
	var count int64
	err := s.db.Table("admin_users").
		Joins("JOIN admin_role_page_permissions ON admin_users.role_id = admin_role_page_permissions.role_id").
		Joins("JOIN admin_pages ON admin_role_page_permissions.page_id = admin_pages.id").
		Where("admin_users.id = ? AND admin_pages.path = ? AND admin_pages.is_active = TRUE AND admin_users.deleted_at IS NULL AND admin_role_page_permissions.deleted_at IS NULL", userID, pagePath).
		Count(&count).Error
	return count > 0, err
}

// GetUserRoleAccessiblePages 获取用户基于角色的可访问页面
func (s *rbacStorage) GetUserRoleAccessiblePages(userID uint) ([]string, error) {
	var pages []string

	// 添加调试日志
	fmt.Printf("🔍 [RBACStorage] 查询用户 %d 的可访问页面\n", userID)

	err := s.db.Table("admin_users").
		Joins("JOIN admin_role_page_permissions ON admin_users.role_id = admin_role_page_permissions.role_id").
		Joins("JOIN admin_pages ON admin_role_page_permissions.page_id = admin_pages.id").
		Where("admin_users.id = ? AND admin_pages.is_active = TRUE AND admin_users.deleted_at IS NULL AND admin_role_page_permissions.deleted_at IS NULL", userID).
		Select("DISTINCT admin_pages.path").
		Pluck("admin_pages.path", &pages).Error

	fmt.Printf("🔍 [RBACStorage] 用户 %d 可访问页面: %v\n", userID, pages)

	return pages, err
}

// GetDefaultRoleID 获取默认角色ID
func (s *rbacStorage) GetDefaultRoleID(roleID *uint) error {
	return s.db.Table("admin_roles").
		Where("is_default = TRUE AND deleted_at IS NULL").
		Select("id").
		First(roleID).Error
}

// GetRoleByID 根据ID获取角色
func (s *rbacStorage) GetRoleByID(roleID uint) (*models.Role, error) {
	var role models.Role
	err := s.db.Where("id = ? AND deleted_at IS NULL", roleID).First(&role).Error
	if err != nil {
		return nil, err
	}
	return &role, nil
}