237 lines
5.7 KiB
Go
237 lines
5.7 KiB
Go
package services
|
|
|
|
import (
|
|
"errors"
|
|
"gitea.zjmud.xyz/phyer/rbac/models"
|
|
"gitea.zjmud.xyz/phyer/rbac/repositories"
|
|
"strconv"
|
|
)
|
|
|
|
// AssignRoleToUser 为用户分配角色
|
|
func AssignRoleToUser(userID uint, roleID uint) error {
|
|
// 检查用户是否存在
|
|
user, err := repositories.GetUserByID(strconv.FormatUint(uint64(userID), 10))
|
|
if err != nil {
|
|
return errors.New("user not found")
|
|
}
|
|
|
|
// 检查角色是否存在
|
|
role, err := repositories.GetRoleByID(roleID)
|
|
if err != nil {
|
|
return errors.New("role not found")
|
|
}
|
|
|
|
// 分配角色
|
|
return repositories.AssignRoleToUser(user.ID, role.ID)
|
|
}
|
|
|
|
// RemoveRoleFromUser 移除用户的角色
|
|
func RemoveRoleFromUser(userID uint, roleID uint) error {
|
|
// 检查用户是否存在
|
|
user, err := repositories.GetUserByID(strconv.FormatUint(uint64(userID), 10))
|
|
if err != nil {
|
|
return errors.New("user not found")
|
|
}
|
|
|
|
// 检查角色是否存在
|
|
role, err := repositories.GetRoleByID(roleID)
|
|
if err != nil {
|
|
return errors.New("role not found")
|
|
}
|
|
|
|
// 移除角色
|
|
return repositories.RemoveRoleFromUser(user.ID, role.ID)
|
|
}
|
|
|
|
// CreateRoleWithPermissions 创建角色并分配权限
|
|
func CreateRoleWithPermissions(roleName string, permissionIDs []uint) (*models.Role, error) {
|
|
// 检查角色是否已存在
|
|
exists, err := repositories.CheckRoleExists(roleName)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if exists {
|
|
return nil, errors.New("role already exists")
|
|
}
|
|
|
|
// 创建角色
|
|
role := &models.Role{Name: roleName}
|
|
role, err = repositories.CreateRole(role)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// 为角色分配权限
|
|
for _, permissionID := range permissionIDs {
|
|
err = repositories.AddPermissionToRole(role.ID, permissionID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
return role, nil
|
|
}
|
|
|
|
// CreateRole 创建新角色
|
|
func CreateRole(name, description string) (*models.Role, error) {
|
|
// 检查角色是否已存在
|
|
exists, err := repositories.CheckRoleExists(name)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if exists {
|
|
return nil, errors.New("role already exists")
|
|
}
|
|
|
|
// 创建角色
|
|
role := &models.Role{
|
|
Name: name,
|
|
}
|
|
return repositories.CreateRole(role)
|
|
}
|
|
|
|
// GetAllRoles 获取所有角色
|
|
func GetAllRoles() ([]models.Role, error) {
|
|
return repositories.GetAllRoles()
|
|
}
|
|
|
|
// CreatePermission 创建新权限
|
|
func CreatePermission(name, description, resource, action string) (*models.Permission, error) {
|
|
// 检查权限是否已存在
|
|
exists, err := repositories.CheckPermissionExists(name)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if exists {
|
|
return nil, errors.New("permission already exists")
|
|
}
|
|
|
|
// 创建权限
|
|
permission := &models.Permission{
|
|
Name: name,
|
|
Resource: resource,
|
|
Action: action,
|
|
}
|
|
return repositories.CreatePermission(permission)
|
|
}
|
|
|
|
// AssignPermissionToRole 为角色分配权限
|
|
func AssignPermissionToRole(roleID, permissionID uint) error {
|
|
// 检查角色是否存在
|
|
_, err := repositories.GetRoleByID(roleID)
|
|
if err != nil {
|
|
return errors.New("role not found")
|
|
}
|
|
|
|
// 检查权限是否存在
|
|
_, err = repositories.GetPermissionByID(permissionID)
|
|
if err != nil {
|
|
return errors.New("permission not found")
|
|
}
|
|
|
|
// 分配权限
|
|
return repositories.AddPermissionToRole(roleID, permissionID)
|
|
}
|
|
|
|
// GetAllPermissions 获取所有权限
|
|
func GetAllPermissions() ([]models.Permission, error) {
|
|
return repositories.GetPermissions()
|
|
}
|
|
|
|
// GetRoleByID 根据ID获取角色
|
|
func GetRoleByID(roleID uint) (*models.Role, error) {
|
|
return repositories.GetRoleByID(roleID)
|
|
}
|
|
|
|
// UpdateRole 更新角色
|
|
func UpdateRole(roleID uint, updateData map[string]interface{}) (*models.Role, error) {
|
|
// 检查角色是否存在
|
|
_, err := repositories.GetRoleByID(roleID)
|
|
if err != nil {
|
|
return nil, errors.New("role not found")
|
|
}
|
|
|
|
// 更新角色
|
|
return repositories.UpdateRole(roleID, updateData)
|
|
}
|
|
|
|
// DeleteRole 删除角色
|
|
func DeleteRole(roleID uint) error {
|
|
// 检查角色是否存在
|
|
_, err := repositories.GetRoleByID(roleID)
|
|
if err != nil {
|
|
return errors.New("role not found")
|
|
}
|
|
|
|
// 删除角色
|
|
return repositories.DeleteRole(roleID)
|
|
}
|
|
|
|
// GetPermissionByID 根据ID获取权限
|
|
func GetPermissionByID(permissionID uint) (*models.Permission, error) {
|
|
return repositories.GetPermissionByID(permissionID)
|
|
}
|
|
|
|
// UpdatePermission 更新权限
|
|
func UpdatePermission(permissionID uint, updateData map[string]interface{}) (*models.Permission, error) {
|
|
// 检查权限是否存在
|
|
_, err := repositories.GetPermissionByID(permissionID)
|
|
if err != nil {
|
|
return nil, errors.New("permission not found")
|
|
}
|
|
|
|
// 更新权限
|
|
return repositories.UpdatePermission(permissionID, updateData)
|
|
}
|
|
|
|
// DeletePermission 删除权限
|
|
func DeletePermission(permissionID uint) error {
|
|
// 检查权限是否存在
|
|
_, err := repositories.GetPermissionByID(permissionID)
|
|
if err != nil {
|
|
return errors.New("permission not found")
|
|
}
|
|
|
|
// 删除权限
|
|
return repositories.DeletePermission(permissionID)
|
|
}
|
|
|
|
// CheckUserPermission 检查用户是否具有特定权限
|
|
// CheckUserPermission 检查用户是否具有特定权限
|
|
func CheckUserPermission(userID string, permission string) (bool, error) {
|
|
// 获取用户的所有角色
|
|
user, err := repositories.GetUserByID(userID)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
|
|
// 检查每个角色的权限
|
|
for _, role := range user.Roles {
|
|
for _, perm := range role.Permissions {
|
|
if perm.Name == permission {
|
|
return true, nil
|
|
}
|
|
}
|
|
}
|
|
|
|
return false, nil
|
|
}
|
|
|
|
// GetUserPermissions 获取用户的所有权限
|
|
func GetUserPermissions(userID string) ([]string, error) {
|
|
var permissions []string
|
|
user, err := repositories.GetUserByID(userID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// 收集所有角色的权限
|
|
for _, role := range user.Roles {
|
|
for _, perm := range role.Permissions {
|
|
permissions = append(permissions, perm.Name)
|
|
}
|
|
}
|
|
|
|
return permissions, nil
|
|
}
|