166 lines
5.9 KiB
Go
166 lines
5.9 KiB
Go
package services
|
|
|
|
import (
|
|
"errors"
|
|
"go.uber.org/zap"
|
|
"goalfymax-admin/internal/models"
|
|
"goalfymax-admin/internal/storage"
|
|
"goalfymax-admin/pkg/utils"
|
|
)
|
|
|
|
// RBACService 简化的RBAC服务接口
|
|
type RBACService interface {
|
|
// 角色页面权限管理
|
|
AssignRolePagePermissions(req *models.RolePagePermissionAssignRequest) error
|
|
RemoveRolePagePermissions(roleID uint, pageIDs []uint) error
|
|
GetRolePagePermissions(roleID uint) ([]models.Page, error)
|
|
GetRolePagePermissionIDs(roleID uint) ([]uint, error)
|
|
|
|
// 页面权限检查
|
|
CheckUserPagePermission(userID uint, pagePath string) (bool, error)
|
|
GetUserAccessiblePages(userID uint) ([]string, error)
|
|
GetUserPermissionsResponse(userID uint) (*models.UserPermissionsResponse, error)
|
|
GetRolePagePermissionsResponse(roleID uint) (*models.RolePagePermissionsResponse, error)
|
|
|
|
// 角色管理
|
|
GetRoleByID(roleID uint) (*models.Role, error)
|
|
}
|
|
|
|
type rbacService struct {
|
|
rbacStorage storage.RBACStorage
|
|
userStorage storage.UserStorage
|
|
logger *utils.Logger
|
|
}
|
|
|
|
// NewRBACService 创建RBAC服务实例
|
|
func NewRBACService(rbacStorage storage.RBACStorage, userStorage storage.UserStorage, logger *utils.Logger) RBACService {
|
|
return &rbacService{
|
|
rbacStorage: rbacStorage,
|
|
userStorage: userStorage,
|
|
logger: logger,
|
|
}
|
|
}
|
|
|
|
// AssignRolePagePermissions 分配角色页面权限
|
|
func (s *rbacService) AssignRolePagePermissions(req *models.RolePagePermissionAssignRequest) error {
|
|
err := s.rbacStorage.AssignRolePagePermissions(req.RoleID, req.PageIDs)
|
|
if err != nil {
|
|
s.logger.Error("分配角色页面权限失败", zap.Uint("roleID", req.RoleID), zap.Uints("pageIDs", req.PageIDs), zap.Error(err))
|
|
return errors.New("分配角色页面权限失败")
|
|
}
|
|
|
|
s.logger.Info("分配角色页面权限成功", zap.Uint("roleID", req.RoleID), zap.Uints("pageIDs", req.PageIDs))
|
|
return nil
|
|
}
|
|
|
|
// RemoveRolePagePermissions 移除角色页面权限
|
|
func (s *rbacService) RemoveRolePagePermissions(roleID uint, pageIDs []uint) error {
|
|
err := s.rbacStorage.RemoveRolePagePermissions(roleID, pageIDs)
|
|
if err != nil {
|
|
s.logger.Error("移除角色页面权限失败", zap.Uint("roleID", roleID), zap.Uints("pageIDs", pageIDs), zap.Error(err))
|
|
return errors.New("移除角色页面权限失败")
|
|
}
|
|
|
|
s.logger.Info("移除角色页面权限成功", zap.Uint("roleID", roleID), zap.Uints("pageIDs", pageIDs))
|
|
return nil
|
|
}
|
|
|
|
// GetRolePagePermissions 获取角色页面权限
|
|
func (s *rbacService) GetRolePagePermissions(roleID uint) ([]models.Page, error) {
|
|
pages, err := s.rbacStorage.GetRolePagePermissions(roleID)
|
|
if err != nil {
|
|
s.logger.Error("获取角色页面权限失败", zap.Uint("roleID", roleID), zap.Error(err))
|
|
return nil, errors.New("获取角色页面权限失败")
|
|
}
|
|
return pages, nil
|
|
}
|
|
|
|
// GetRolePagePermissionIDs 获取角色页面权限ID列表
|
|
func (s *rbacService) GetRolePagePermissionIDs(roleID uint) ([]uint, error) {
|
|
pageIDs, err := s.rbacStorage.GetRolePagePermissionIDs(roleID)
|
|
if err != nil {
|
|
s.logger.Error("获取角色页面权限ID失败", zap.Uint("roleID", roleID), zap.Error(err))
|
|
return nil, errors.New("获取角色页面权限ID失败")
|
|
}
|
|
return pageIDs, nil
|
|
}
|
|
|
|
// CheckUserPagePermission 检查用户页面权限
|
|
func (s *rbacService) CheckUserPagePermission(userID uint, pagePath string) (bool, error) {
|
|
hasPermission, err := s.rbacStorage.CheckUserRolePagePermission(userID, pagePath)
|
|
if err != nil {
|
|
s.logger.Error("检查用户页面权限失败", zap.Uint("userID", userID), zap.String("pagePath", pagePath), zap.Error(err))
|
|
return false, errors.New("检查用户页面权限失败")
|
|
}
|
|
return hasPermission, nil
|
|
}
|
|
|
|
// GetUserAccessiblePages 获取用户可访问页面
|
|
func (s *rbacService) GetUserAccessiblePages(userID uint) ([]string, error) {
|
|
pages, err := s.rbacStorage.GetUserRoleAccessiblePages(userID)
|
|
if err != nil {
|
|
s.logger.Error("获取用户可访问页面失败", zap.Uint("userID", userID), zap.Error(err))
|
|
return nil, errors.New("获取用户可访问页面失败")
|
|
}
|
|
return pages, nil
|
|
}
|
|
|
|
// GetUserPermissionsResponse 获取用户权限响应
|
|
func (s *rbacService) GetUserPermissionsResponse(userID uint) (*models.UserPermissionsResponse, error) {
|
|
// 获取用户信息
|
|
user, err := s.userStorage.GetByID(userID)
|
|
if err != nil {
|
|
s.logger.Error("获取用户信息失败", zap.Uint("userID", userID), zap.Error(err))
|
|
return nil, errors.New("获取用户信息失败")
|
|
}
|
|
|
|
// 查询角色信息
|
|
role, err := s.rbacStorage.GetRoleByID(user.RoleID)
|
|
if err != nil {
|
|
s.logger.Error("获取角色信息失败", zap.Uint("roleID", user.RoleID), zap.Error(err))
|
|
return nil, errors.New("获取角色信息失败")
|
|
}
|
|
|
|
// 获取用户可访问页面
|
|
pagePaths, err := s.GetUserAccessiblePages(userID)
|
|
if err != nil {
|
|
s.logger.Error("获取用户可访问页面失败", zap.Uint("userID", userID), zap.Error(err))
|
|
return nil, errors.New("获取用户可访问页面失败")
|
|
}
|
|
|
|
// 转换页面路径为页面对象
|
|
var pages []models.Page
|
|
for _, path := range pagePaths {
|
|
pages = append(pages, models.Page{Path: path})
|
|
}
|
|
|
|
return &models.UserPermissionsResponse{
|
|
User: *user,
|
|
Roles: []models.Role{*role},
|
|
Pages: pages,
|
|
}, nil
|
|
}
|
|
|
|
// GetRolePagePermissionsResponse 获取角色页面权限响应
|
|
func (s *rbacService) GetRolePagePermissionsResponse(roleID uint) (*models.RolePagePermissionsResponse, error) {
|
|
// 获取角色信息(这里需要从角色存储中获取,暂时简化)
|
|
role := models.Role{BaseModel: models.BaseModel{ID: roleID}}
|
|
|
|
// 获取角色页面权限
|
|
pages, err := s.GetRolePagePermissions(roleID)
|
|
if err != nil {
|
|
s.logger.Error("获取角色页面权限失败", zap.Uint("roleID", roleID), zap.Error(err))
|
|
return nil, errors.New("获取角色页面权限失败")
|
|
}
|
|
|
|
return &models.RolePagePermissionsResponse{
|
|
Role: role,
|
|
Pages: pages,
|
|
}, nil
|
|
}
|
|
|
|
// GetRoleByID 根据ID获取角色
|
|
func (s *rbacService) GetRoleByID(roleID uint) (*models.Role, error) {
|
|
return s.rbacStorage.GetRoleByID(roleID)
|
|
}
|