hejl
/
manta
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
212 Commits
1 Branch
0 Tags
552 MiB
 
 
 
 
 
 
Tree: cceb30aaba
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cceb30aaba'
${ noResults }
manta/gofaster/backend/internal/auth/service/permission_service.go

196 lines
6.0 KiB
Raw Blame History

package service
import (
"context"
"fmt"
"gofaster/internal/auth/model"
"gofaster/internal/auth/repository"
"gorm.io/gorm"
)
type PermissionService struct {
permissionRepo repository.PermissionRepository
roleRepo repository.RoleRepository
}
func NewPermissionService(permissionRepo repository.PermissionRepository, roleRepo repository.RoleRepository) *PermissionService {
return &PermissionService{
permissionRepo: permissionRepo,
roleRepo: roleRepo,
}
}
// CreatePermission 创建权限
func (s *PermissionService) CreatePermission(ctx context.Context, permission *model.Permission) error {
// 检查权限名称是否已存在
existing, err := s.permissionRepo.GetByName(ctx, permission.Name)
if err != nil && err != gorm.ErrRecordNotFound {
return fmt.Errorf("检查权限名称失败: %v", err)
}
if existing != nil {
return fmt.Errorf("权限名称 %s 已存在", permission.Name)
}
return s.permissionRepo.Create(ctx, permission)
}
// UpdatePermission 更新权限
func (s *PermissionService) UpdatePermission(ctx context.Context, permission *model.Permission) error {
// 检查权限是否存在
existing, err := s.permissionRepo.GetByID(ctx, permission.ID)
if err != nil {
if err == gorm.ErrRecordNotFound {
return fmt.Errorf("权限不存在")
}
return fmt.Errorf("查询权限失败: %v", err)
}
// 如果修改了名称,需要检查名称唯一性
if existing.Name != permission.Name {
nameExists, err := s.permissionRepo.GetByName(ctx, permission.Name)
if err != nil && err != gorm.ErrRecordNotFound {
return fmt.Errorf("检查权限名称失败: %v", err)
}
if nameExists != nil {
return fmt.Errorf("权限名称 %s 已存在", permission.Name)
}
}
return s.permissionRepo.Update(ctx, permission)
}
// DeletePermission 删除权限
func (s *PermissionService) DeletePermission(ctx context.Context, id uint) error {
// 检查权限是否存在
_, err := s.permissionRepo.GetByID(ctx, id)
if err != nil {
if err == gorm.ErrRecordNotFound {
return fmt.Errorf("权限不存在")
}
return fmt.Errorf("查询权限失败: %v", err)
}
// 检查是否有角色在使用此权限
roles, err := s.roleRepo.GetRolesByPermission(ctx, id)
if err != nil {
return fmt.Errorf("查询角色失败: %v", err)
}
if len(roles) > 0 {
return fmt.Errorf("无法删除正在使用的权限,有 %d 个角色在使用此权限", len(roles))
}
return s.permissionRepo.Delete(ctx, id)
}
// GetPermission 获取权限详情
func (s *PermissionService) GetPermission(ctx context.Context, id uint) (*model.Permission, error) {
return s.permissionRepo.GetByID(ctx, id)
}
// ListPermissions 获取权限列表
func (s *PermissionService) ListPermissions(ctx context.Context, page, pageSize int) ([]*model.Permission, int64, error) {
offset := (page - 1) * pageSize
return s.permissionRepo.List(ctx, offset, pageSize)
}
// GetPermissionsByResource 根据资源获取权限列表
func (s *PermissionService) GetPermissionsByResource(ctx context.Context, resource string) ([]*model.Permission, error) {
return s.permissionRepo.GetByResource(ctx, resource)
}
// AssignPermissionsToRole 为角色分配权限
func (s *PermissionService) AssignPermissionsToRole(ctx context.Context, roleID uint, permissionIDs []uint) error {
// 检查角色是否存在
_, err := s.roleRepo.GetByID(ctx, roleID)
if err != nil {
if err == gorm.ErrRecordNotFound {
return fmt.Errorf("角色不存在")
}
return fmt.Errorf("查询角色失败: %v", err)
}
// 检查权限是否都存在
for _, permissionID := range permissionIDs {
permission, err := s.permissionRepo.GetByID(ctx, permissionID)
if err != nil {
if err == gorm.ErrRecordNotFound {
return fmt.Errorf("权限ID %d 不存在", permissionID)
}
return fmt.Errorf("查询权限失败: %v", err)
}
if permission == nil {
return fmt.Errorf("权限ID %d 不存在", permissionID)
}
}
// 分配权限
return s.roleRepo.AssignPermissions(ctx, roleID, permissionIDs)
}
// GetRolePermissions 获取角色的权限列表
func (s *PermissionService) GetRolePermissions(ctx context.Context, roleID uint) ([]*model.Permission, error) {
// 检查角色是否存在
_, err := s.roleRepo.GetByID(ctx, roleID)
if err != nil {
if err == gorm.ErrRecordNotFound {
return nil, fmt.Errorf("角色不存在")
}
return nil, fmt.Errorf("查询角色失败: %v", err)
}
return s.roleRepo.GetPermissions(ctx, roleID)
}
// RemovePermissionsFromRole 从角色移除权限
func (s *PermissionService) RemovePermissionsFromRole(ctx context.Context, roleID uint, permissionIDs []uint) error {
// 检查角色是否存在
_, err := s.roleRepo.GetByID(ctx, roleID)
if err != nil {
if err == gorm.ErrRecordNotFound {
return fmt.Errorf("角色不存在")
}
return fmt.Errorf("查询角色失败: %v", err)
}
// 移除权限
return s.roleRepo.RemovePermissions(ctx, roleID, permissionIDs)
}
// GetUserPermissions 获取用户的权限列表
func (s *PermissionService) GetUserPermissions(ctx context.Context, userID uint) ([]*model.Permission, error) {
return s.permissionRepo.GetByUserID(ctx, userID)
}
// CheckUserPermission 检查用户是否有指定权限
func (s *PermissionService) CheckUserPermission(ctx context.Context, userID uint, permissionName string) (bool, error) {
permissions, err := s.GetUserPermissions(ctx, userID)
if err != nil {
return false, fmt.Errorf("获取用户权限失败: %v", err)
}
for _, permission := range permissions {
if permission.Name == permissionName {
return true, nil
}
}
return false, nil
}
// CheckUserResourcePermission 检查用户是否有指定资源的指定操作权限
func (s *PermissionService) CheckUserResourcePermission(ctx context.Context, userID uint, resource, action string) (bool, error) {
permissions, err := s.GetUserPermissions(ctx, userID)
if err != nil {
return false, fmt.Errorf("获取用户权限失败: %v", err)
}
for _, permission := range permissions {
if permission.Resource == resource && permission.Action == action {
return true, nil
}
}
return false, nil
}