loser/st-react
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5e3380f5ef9eb34aa8a8520b519f4dd545235eb9
st-react/server/service/system/sys_casbin.go
Echo 5e3380f5ef 🎉 更新系统版本
2026-03-13 21:12:17 +08:00

216 lines
6.2 KiB
Go
Raw Blame History

package system
import (
"errors"
"strconv"
"gorm.io/gorm"
"git.echol.cn/loser/st/server/global"
"git.echol.cn/loser/st/server/model/system/request"
"git.echol.cn/loser/st/server/utils"
gormadapter "github.com/casbin/gorm-adapter/v3"
_ "github.com/go-sql-driver/mysql"
)
//@author: [piexlmax](https://github.com/piexlmax)
//@function: UpdateCasbin
//@description: 更新casbin权限
//@param: authorityId string, casbinInfos []request.CasbinInfo
//@return: error
type CasbinService struct{}
var CasbinServiceApp = new(CasbinService)
func (casbinService *CasbinService) UpdateCasbin(adminAuthorityID, AuthorityID uint, casbinInfos []request.CasbinInfo) error {
err := AuthorityServiceApp.CheckAuthorityIDAuth(adminAuthorityID, AuthorityID)
if err != nil {
return err
}
if global.GVA_CONFIG.System.UseStrictAuth {
apis, e := ApiServiceApp.GetAllApis(adminAuthorityID)
if e != nil {
return e
}
for i := range casbinInfos {
hasApi := false
for j := range apis {
if apis[j].Path == casbinInfos[i].Path && apis[j].Method == casbinInfos[i].Method {
hasApi = true
break
}
}
if !hasApi {
return errors.New("存在api不在权限列表中")
}
}
}
authorityId := strconv.Itoa(int(AuthorityID))
casbinService.ClearCasbin(0, authorityId)
rules := [][]string{}
//做权限去重处理
deduplicateMap := make(map[string]bool)
for _, v := range casbinInfos {
key := authorityId + v.Path + v.Method
if _, ok := deduplicateMap[key]; !ok {
deduplicateMap[key] = true
rules = append(rules, []string{authorityId, v.Path, v.Method})
}
}
if len(rules) == 0 {
return nil
} // 设置空权限无需调用 AddPolicies 方法
e := utils.GetCasbin()
success, _ := e.AddPolicies(rules)
if !success {
return errors.New("存在相同api,添加失败,请联系管理员")
}
return nil
}
//@author: [piexlmax](https://github.com/piexlmax)
//@function: UpdateCasbinApi
//@description: API更新随动
//@param: oldPath string, newPath string, oldMethod string, newMethod string
//@return: error
func (casbinService *CasbinService) UpdateCasbinApi(oldPath string, newPath string, oldMethod string, newMethod string) error {
err := global.GVA_DB.Model(&gormadapter.CasbinRule{}).Where("v1 = ? AND v2 = ?", oldPath, oldMethod).Updates(map[string]interface{}{
"v1": newPath,
"v2": newMethod,
}).Error
if err != nil {
return err
}
e := utils.GetCasbin()
return e.LoadPolicy()
}
//@author: [piexlmax](https://github.com/piexlmax)
//@function: GetPolicyPathByAuthorityId
//@description: 获取权限列表
//@param: authorityId string
//@return: pathMaps []request.CasbinInfo
func (casbinService *CasbinService) GetPolicyPathByAuthorityId(AuthorityID uint) (pathMaps []request.CasbinInfo) {
e := utils.GetCasbin()
authorityId := strconv.Itoa(int(AuthorityID))
list, _ := e.GetFilteredPolicy(0, authorityId)
for _, v := range list {
pathMaps = append(pathMaps, request.CasbinInfo{
Path: v[1],
Method: v[2],
})
}
return pathMaps
}
//@author: [piexlmax](https://github.com/piexlmax)
//@function: ClearCasbin
//@description: 清除匹配的权限
//@param: v int, p ...string
//@return: bool
func (casbinService *CasbinService) ClearCasbin(v int, p ...string) bool {
e := utils.GetCasbin()
success, _ := e.RemoveFilteredPolicy(v, p...)
return success
}
//@author: [piexlmax](https://github.com/piexlmax)
//@function: RemoveFilteredPolicy
//@description: 使用数据库方法清理筛选的politicy 此方法需要调用FreshCasbin方法才可以在系统中即刻生效
//@param: db *gorm.DB, authorityId string
//@return: error
func (casbinService *CasbinService) RemoveFilteredPolicy(db *gorm.DB, authorityId string) error {
return db.Delete(&gormadapter.CasbinRule{}, "v0 = ?", authorityId).Error
}
//@author: [piexlmax](https://github.com/piexlmax)
//@function: SyncPolicy
//@description: 同步目前数据库的policy 此方法需要调用FreshCasbin方法才可以在系统中即刻生效
//@param: db *gorm.DB, authorityId string, rules [][]string
//@return: error
func (casbinService *CasbinService) SyncPolicy(db *gorm.DB, authorityId string, rules [][]string) error {
err := casbinService.RemoveFilteredPolicy(db, authorityId)
if err != nil {
return err
}
return casbinService.AddPolicies(db, rules)
}
//@author: [piexlmax](https://github.com/piexlmax)
//@function: AddPolicies
//@description: 添加匹配的权限
//@param: v int, p ...string
//@return: bool
func (casbinService *CasbinService) AddPolicies(db *gorm.DB, rules [][]string) error {
var casbinRules []gormadapter.CasbinRule
for i := range rules {
casbinRules = append(casbinRules, gormadapter.CasbinRule{
Ptype: "p",
V0: rules[i][0],
V1: rules[i][1],
V2: rules[i][2],
})
}
return db.Create(&casbinRules).Error
}
func (casbinService *CasbinService) FreshCasbin() (err error) {
e := utils.GetCasbin()
err = e.LoadPolicy()
return err
}
// GetAuthoritiesByApi 获取拥有指定API权限的所有角色ID
func (casbinService *CasbinService) GetAuthoritiesByApi(path, method string) (authorityIds []uint, err error) {
var rules []gormadapter.CasbinRule
err = global.GVA_DB.Where("ptype = 'p' AND v1 = ? AND v2 = ?", path, method).Find(&rules).Error
if err != nil {
return nil, err
}
for _, r := range rules {
id, e := strconv.Atoi(r.V0)
if e == nil {
authorityIds = append(authorityIds, uint(id))
}
}
return authorityIds, nil
}
// SetApiAuthorities 全量覆盖某API关联的角色列表
func (casbinService *CasbinService) SetApiAuthorities(path, method string, authorityIds []uint) error {
return global.GVA_DB.Transaction(func(tx *gorm.DB) error {
// 1. 删除该API所有已有的角色关联
if err := tx.Where("ptype = 'p' AND v1 = ? AND v2 = ?", path, method).Delete(&gormadapter.CasbinRule{}).Error; err != nil {
return err
}
// 2. 批量插入新的关联记录
if len(authorityIds) > 0 {
newRules := make([]gormadapter.CasbinRule, 0, len(authorityIds))
for _, authorityId := range authorityIds {
newRules = append(newRules, gormadapter.CasbinRule{
Ptype: "p",
V0: strconv.Itoa(int(authorityId)),
V1: path,
V2: method,
})
}
if err := tx.Create(&newRules).Error; err != nil {
return err
}
}
return nil
})
}
Reference in New Issue View Git Blame Copy Permalink