package services
import (
"errors"
"strconv"
"gitea.zjmud.xyz/phyer/rbac/models"
"gitea.zjmud.xyz/phyer/rbac/repositories"
)
// AssignRoleToUser 为用户分配角色
func AssignRoleToUser(userID uint, roleID uint) error {
// 检查用户是否存在
user, err := repositories.GetUserByID(strconv.FormatUint(uint64(userID), 10))
if err != nil {
return errors.New("user not found")
}
// 检查角色是否存在
role, err := repositories.GetRoleByID(roleID)
if err != nil {
return errors.New("role not found")
}
// 分配角色
return repositories.AssignRoleToUser(user.ID, role.ID)
}
// RemoveRoleFromUser 移除用户的角色
func RemoveRoleFromUser(userID uint, roleID uint) error {
// 检查用户是否存在
user, err := repositories.GetUserByID(strconv.FormatUint(uint64(userID), 10))
if err != nil {
return errors.New("user not found")
}
// 检查角色是否存在
role, err := repositories.GetRoleByID(roleID)
if err != nil {
return errors.New("role not found")
}
// 移除角色
return repositories.RemoveRoleFromUser(user.ID, role.ID)
}
// CreateRoleWithPermissions 创建角色并分配权限
func CreateRoleWithPermissions(roleName string, permissionIDs []uint) (*models.Role, error) {
// 检查角色是否已存在
exists, err := repositories.CheckRoleExists(roleName)
if err != nil {
return nil, err
}
if exists {
return nil, errors.New("role already exists")
}
// 创建角色
role := &models.Role{Name: roleName}
role, err = repositories.CreateRole(role)
if err != nil {
return nil, err
}
// 为角色分配权限
for _, permissionID := range permissionIDs {
err = repositories.AddPermissionToRole(role.ID, permissionID)
if err != nil {
return nil, err
}
}
return role, nil
}
// CreateRole 创建新角色
func CreateRole(name, description string) (*models.Role, error) {
// 检查角色是否已存在
exists, err := repositories.CheckRoleExists(name)
if err != nil {
return nil, err
}
if exists {
return nil, errors.New("role already exists")
}
// 创建角色
role := &models.Role{
Name: name,
}
return repositories.CreateRole(role)
}
// GetAllRoles 获取所有角色
func GetAllRoles() ([]models.Role, error) {
return repositories.GetAllRoles()
}
// CreatePermission 创建新权限
func CreatePermission(name, description, resource, action string) (*models.Permission, error) {
// 检查权限是否已存在
exists, err := repositories.CheckPermissionExists(name)
if err != nil {
return nil, err
}
if exists {
return nil, errors.New("permission already exists")
}
// 创建权限
permission := &models.Permission{
Name: name,
Resource: resource,
Action: action,
}
return repositories.CreatePermission(permission)
}
// AssignPermissionToRole 为角色分配权限
func AssignPermissionToRole(roleID, permissionID uint) error {
// 检查角色是否存在
_, err := repositories.GetRoleByID(roleID)
if err != nil {
return errors.New("role not found")
}
// 检查权限是否存在
_, err = repositories.GetPermissionByID(permissionID)
if err != nil {
return errors.New("permission not found")
}
// 分配权限
return repositories.AddPermissionToRole(roleID, permissionID)
}
// GetAllPermissions 获取所有权限
func GetAllPermissions() ([]models.Permission, error) {
return repositories.GetPermissions()
}
// GetRoleByID 根据ID获取角色
func GetRoleByID(roleID uint) (*models.Role, error) {
return repositories.GetRoleByID(roleID)
}
// UpdateRole 更新角色
func UpdateRole(roleID uint, updateData map[string]interface{}) (*models.Role, error) {
// 检查角色是否存在
_, err := repositories.GetRoleByID(roleID)
if err != nil {
return nil, errors.New("role not found")
}
// 更新角色
return repositories.UpdateRole(roleID, updateData)
}
// DeleteRole 删除角色
func DeleteRole(roleID uint) error {
// 检查角色是否存在
_, err := repositories.GetRoleByID(roleID)
if err != nil {
return errors.New("role not found")
}
// 删除角色
return repositories.DeleteRole(roleID)
}
// GetPermissionByID 根据ID获取权限
func GetPermissionByID(permissionID uint) (*models.Permission, error) {
return repositories.GetPermissionByID(permissionID)
}
// UpdatePermission 更新权限
func UpdatePermission(permissionID uint, updateData map[string]interface{}) (*models.Permission, error) {
// 检查权限是否存在
_, err := repositories.GetPermissionByID(permissionID)
if err != nil {
return nil, errors.New("permission not found")
}
// 更新权限
return repositories.UpdatePermission(permissionID, updateData)
}
// DeletePermission 删除权限
func DeletePermission(permissionID uint) error {
// 检查权限是否存在
_, err := repositories.GetPermissionByID(permissionID)
if err != nil {
return errors.New("permission not found")
}
// 删除权限
return repositories.DeletePermission(permissionID)
}
// CheckUserPermission 检查用户是否具有特定权限
// CheckUserPermission 检查用户是否具有特定权限
func CheckUserPermission(userID string, permission string) (bool, error) {
// 获取用户的所有角色
user, err := repositories.GetUserByID(userID)
if err != nil {
return false, err
}
// 检查每个角色的权限
for _, role := range user.Roles {
for _, perm := range role.Permissions {
if perm.Name == permission {
return true, nil
}
}
}
return false, nil
}
// GetUserPermissions 获取用户的所有权限
func GetUserPermissions(userID string) ([]string, error) {
var permissions []string
user, err := repositories.GetUserByID(userID)
if err != nil {
return nil, err
}
// 收集所有角色的权限
for _, role := range user.Roles {
for _, perm := range role.Permissions {
permissions = append(permissions, perm.Name)
}
}
return permissions, nil
}