package services import ( "errors" "gitea.zjmud.xyz/phyer/rbac/models" "gitea.zjmud.xyz/phyer/rbac/repositories" "strconv" ) // AssignRoleToUser 为用户分配角色 func AssignRoleToUser(userID uint, roleID uint) error { // 检查用户是否存在 user, err := repositories.GetUserByID(strconv.FormatUint(uint64(userID), 10)) if err != nil { return errors.New("user not found") } // 检查角色是否存在 role, err := repositories.GetRoleByID(roleID) if err != nil { return errors.New("role not found") } // 分配角色 return repositories.AssignRoleToUser(user.ID, role.ID) } // RemoveRoleFromUser 移除用户的角色 func RemoveRoleFromUser(userID uint, roleID uint) error { // 检查用户是否存在 user, err := repositories.GetUserByID(strconv.FormatUint(uint64(userID), 10)) if err != nil { return errors.New("user not found") } // 检查角色是否存在 role, err := repositories.GetRoleByID(roleID) if err != nil { return errors.New("role not found") } // 移除角色 return repositories.RemoveRoleFromUser(user.ID, role.ID) } // CreateRoleWithPermissions 创建角色并分配权限 func CreateRoleWithPermissions(roleName string, permissionIDs []uint) (*models.Role, error) { // 检查角色是否已存在 exists, err := repositories.CheckRoleExists(roleName) if err != nil { return nil, err } if exists { return nil, errors.New("role already exists") } // 创建角色 role := &models.Role{Name: roleName} role, err = repositories.CreateRole(role) if err != nil { return nil, err } // 为角色分配权限 for _, permissionID := range permissionIDs { err = repositories.AddPermissionToRole(role.ID, permissionID) if err != nil { return nil, err } } return role, nil } // CreateRole 创建新角色 func CreateRole(name, description string) (*models.Role, error) { // 检查角色是否已存在 exists, err := repositories.CheckRoleExists(name) if err != nil { return nil, err } if exists { return nil, errors.New("role already exists") } // 创建角色 role := &models.Role{ Name: name, } return repositories.CreateRole(role) } // GetAllRoles 获取所有角色 func GetAllRoles() ([]models.Role, error) { return repositories.GetAllRoles() } // CreatePermission 创建新权限 func CreatePermission(name, description, resource, action string) (*models.Permission, error) { // 检查权限是否已存在 exists, err := repositories.CheckPermissionExists(name) if err != nil { return nil, err } if exists { return nil, errors.New("permission already exists") } // 创建权限 permission := &models.Permission{ Name: name, Resource: resource, Action: action, } return repositories.CreatePermission(permission) } // AssignPermissionToRole 为角色分配权限 func AssignPermissionToRole(roleID, permissionID uint) error { // 检查角色是否存在 _, err := repositories.GetRoleByID(roleID) if err != nil { return errors.New("role not found") } // 检查权限是否存在 _, err = repositories.GetPermissionByID(permissionID) if err != nil { return errors.New("permission not found") } // 分配权限 return repositories.AddPermissionToRole(roleID, permissionID) } // GetAllPermissions 获取所有权限 func GetAllPermissions() ([]models.Permission, error) { return repositories.GetPermissions() } // GetRoleByID 根据ID获取角色 func GetRoleByID(roleID uint) (*models.Role, error) { return repositories.GetRoleByID(roleID) } // UpdateRole 更新角色 func UpdateRole(roleID uint, updateData map[string]interface{}) (*models.Role, error) { // 检查角色是否存在 _, err := repositories.GetRoleByID(roleID) if err != nil { return nil, errors.New("role not found") } // 更新角色 return repositories.UpdateRole(roleID, updateData) } // DeleteRole 删除角色 func DeleteRole(roleID uint) error { // 检查角色是否存在 _, err := repositories.GetRoleByID(roleID) if err != nil { return errors.New("role not found") } // 删除角色 return repositories.DeleteRole(roleID) } // GetPermissionByID 根据ID获取权限 func GetPermissionByID(permissionID uint) (*models.Permission, error) { return repositories.GetPermissionByID(permissionID) } // UpdatePermission 更新权限 func UpdatePermission(permissionID uint, updateData map[string]interface{}) (*models.Permission, error) { // 检查权限是否存在 _, err := repositories.GetPermissionByID(permissionID) if err != nil { return nil, errors.New("permission not found") } // 更新权限 return repositories.UpdatePermission(permissionID, updateData) } // DeletePermission 删除权限 func DeletePermission(permissionID uint) error { // 检查权限是否存在 _, err := repositories.GetPermissionByID(permissionID) if err != nil { return errors.New("permission not found") } // 删除权限 return repositories.DeletePermission(permissionID) } // CheckUserPermission 检查用户是否具有特定权限 // CheckUserPermission 检查用户是否具有特定权限 func CheckUserPermission(userID string, permission string) (bool, error) { // 获取用户的所有角色 user, err := repositories.GetUserByID(userID) if err != nil { return false, err } // 检查每个角色的权限 for _, role := range user.Roles { for _, perm := range role.Permissions { if perm.Name == permission { return true, nil } } } return false, nil } // GetUserPermissions 获取用户的所有权限 func GetUserPermissions(userID string) ([]string, error) { var permissions []string user, err := repositories.GetUserByID(userID) if err != nil { return nil, err } // 收集所有角色的权限 for _, role := range user.Roles { for _, perm := range role.Permissions { permissions = append(permissions, perm.Name) } } return permissions, nil }