go-course/go18
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
go18/devcloud/mcenter/apps/policy/impl/permission.go
yumaojun03 298cadf2e2 补充鉴权逻辑
2025-06-08 16:14:19 +08:00

108 lines
3.1 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package impl
import (
"context"
"122.51.31.227/go-course/go18/devcloud/mcenter/apps/endpoint"
"122.51.31.227/go-course/go18/devcloud/mcenter/apps/namespace"
"122.51.31.227/go-course/go18/devcloud/mcenter/apps/policy"
"122.51.31.227/go-course/go18/devcloud/mcenter/apps/role"
"122.51.31.227/go-course/go18/devcloud/mcenter/apps/view"
"github.com/infraboard/mcube/v2/types"
)
// 查询用户可以访问的空间
func (i *PolicyServiceImpl) QueryNamespace(ctx context.Context, in *policy.QueryNamespaceRequest) (*types.Set[*namespace.Namespace], error) {
nsReq := namespace.NewQueryNamespaceRequest()
policies, err := i.QueryPolicy(ctx,
policy.NewQueryPolicyRequest().
SetSkipPage(true).
SetUserId(in.UserId).
SetExpired(false).
SetEnabled(true))
if err != nil {
return nil, err
}
policies.ForEach(func(t *policy.Policy) {
if t.NamespaceId != nil {
nsReq.AddNamespaceIds(*t.NamespaceId)
}
})
return i.namespace.QueryNamespace(ctx, nsReq)
}
// 查询用户可以访问的Api接口
// 找到用户可以访问的角色列表然后在找出角色对应的Api访问权限
func (i *PolicyServiceImpl) QueryEndpoint(ctx context.Context, in *policy.QueryEndpointRequest) (*types.Set[*endpoint.Endpoint], error) {
set := types.New[*endpoint.Endpoint]()
policies, err := i.QueryPolicy(ctx,
policy.NewQueryPolicyRequest().
SetSkipPage(true).
SetNamespaceId(in.NamespaceId).
SetUserId(in.UserId).
SetExpired(false).
SetEnabled(true))
if err != nil {
return nil, err
}
roleReq := role.NewQueryMatchedEndpointRequest()
policies.ForEach(func(t *policy.Policy) {
roleReq.Add(t.RoleId)
})
if policies.Len() > 0 {
set, err = role.GetService().QueryMatchedEndpoint(ctx, roleReq)
if err != nil {
return nil, err
}
}
return set, nil
}
// 校验Api接口权限
func (i *PolicyServiceImpl) ValidateEndpointPermission(ctx context.Context, in *policy.ValidateEndpointPermissionRequest) (*policy.ValidateEndpointPermissionResponse, error) {
resp := policy.NewValidateEndpointPermissionResponse(*in)
// 空间Owner有所有权限
ns, err := namespace.GetService().DescribeNamespace(ctx, namespace.NewDescribeNamespaceRequest().SetNamespaceId(in.NamespaceId))
if err != nil {
return nil, err
}
if ns.IsOwner(in.UserId) {
resp.HasPermission = true
return resp, nil
}
// 非空间管理员需要独立鉴权, 查询用户可以访问的API列表
endpointReq := policy.NewQueryEndpointRequest()
endpointReq.UserId = in.UserId
endpointReq.NamespaceId = in.NamespaceId
endpointSet, err := i.QueryEndpoint(ctx, endpointReq)
if err != nil {
return nil, err
}
for _, item := range endpointSet.Items {
if item.IsMatched(in.Service, in.Method, in.Path) {
resp.HasPermission = true
resp.Endpoint = item
break
}
}
return resp, nil
}
// 查询用户可以访问的菜单
func (i *PolicyServiceImpl) QueryMenu(ctx context.Context, in *policy.QueryMenuRequest) (*types.Set[*view.Menu], error) {
return nil, nil
}
// 校验Menu视图权限
func (i *PolicyServiceImpl) ValidatePagePermission(ctx context.Context, in *policy.ValidatePagePermissionRequest) (*policy.ValidatePagePermissionResponse, error) {
return nil, nil
}
Reference in New Issue View Git Blame Copy Permalink