未完成

forked-project · Jan 12, 2024 · 0f549a2 · 0f549a2
1 parent 48582aa
commit 0f549a2
Show file tree

Hide file tree

Showing 2 changed files with 136 additions and 1 deletion.
diff --git a/model/init.go b/model/init.go
@@ -345,12 +345,96 @@ func (m *DBModel) initDatabase() (err error) {
 		return
 	}
 
+	// 从group中迁移权限(需要先检测数据库表permission中是否已存在相应权限id)
+	if err = m.migratePermissionAccesses(); err != nil {
+		m.logger.Error("migratePermissionAccesses", zap.Error(err))
+	}
+
 	// 初始化静态页面SEO
 	m.InitSEO()
 
 	return
 }
 
+func (m *DBModel) migratePermissionAccesses() (err error) {
+	// 1. 查询所有 access permission
+	var (
+		permissions           []Permission
+		permissionId          []int64
+		existGroupPermissions []GroupPermission
+		accessMap             = make(map[string]Permission)
+	)
+
+	err = m.db.Where("method = ?", PermissionMethodAccess).Find(&permissions).Error
+	if err != nil && err != gorm.ErrRecordNotFound {
+		m.logger.Error("migratePermissionAccesses", zap.Error(err))
+		return
+	}
+
+	for _, permission := range permissions {
+		permissionId = append(permissionId, permission.Id)
+		accessMap[strings.ToLower(permission.Path)] = permission
+	}
+
+	// 在 group_permission
+	m.db.Where("permission_id in (?)", permissionId).Find(&existGroupPermissions)
+	if len(existGroupPermissions) > 0 { // 已存在，不用迁移
+		return
+	}
+
+	// 2. 查询所有用户组
+	var groups []Group
+	err = m.db.Find(&groups).Error
+	if err != nil && err != gorm.ErrRecordNotFound {
+		m.logger.Error("migratePermissionAccesses", zap.Error(err))
+		return
+	}
+
+	// 3. 给所有用户组授权
+	var groupPermissions []GroupPermission
+	for _, group := range groups {
+
+		// 默认允许评论
+		if p, ok := accessMap[strings.ToLower(PermissionAccessComment)]; ok {
+			groupPermissions = append(groupPermissions, GroupPermission{
+				GroupId:      group.Id,
+				PermissionId: p.Id,
+			})
+		}
+
+		// 评论是否需要审核
+		if group.EnableCommentApproval {
+			if p, ok := accessMap[strings.ToLower(PermissionAccessCommentNeedReview)]; ok {
+				groupPermissions = append(groupPermissions, GroupPermission{
+					GroupId:      group.Id,
+					PermissionId: p.Id,
+				})
+			}
+		}
+
+		// 上传文档。如果用户组允许上传文档，则给用户组授权，同时默认文档免审
+		if group.EnableUpload {
+			if p, ok := accessMap[strings.ToLower(PermissionAccessUploadDocument)]; ok {
+				groupPermissions = append(groupPermissions, GroupPermission{
+					GroupId:      group.Id,
+					PermissionId: p.Id,
+				})
+			}
+		}
+
+	}
+
+	if len(groupPermissions) == 0 {
+		return
+	}
+
+	err = m.db.Create(&groupPermissions).Error
+	if err != nil {
+		m.logger.Error("migratePermissionAccesses", zap.Error(err))
+	}
+	return
+}
+
 // 初始化用户组
 func (m *DBModel) initGroupAndPermission() (err error) {
 	groups := []Group{
@@ -389,6 +473,21 @@ func (m *DBModel) initGroupAndPermission() (err error) {
 		}
 	}
 
+	// 功能权限
+	for _, permission := range m.getPermissionAccesses() {
+		err = sess.Where("method = ? and path = ?", permission.Method, permission.Path).FirstOrCreate(&permission).Error
+		if err != nil {
+			m.logger.Error("initPermission", zap.Error(err))
+			return
+		}
+		// 给用户组ID为1的用户组授权
+		err = sess.Where("group_id = ? and permission_id = ?", 1, permission.Id).FirstOrCreate(&GroupPermission{}).Error
+		if err != nil {
+			m.logger.Error("initGroupPermission", zap.Error(err))
+			return
+		}
+	}
+
 	return
 }
 

diff --git a/model/permission.go b/model/permission.go
@@ -7,9 +7,34 @@ import (
 	"gorm.io/gorm"
 )
 
+const (
+	// GRPC 请求
+	PermissionMethodGRPC = "GRPC"
+
+	// 前台功能权限
+	PermissionMethodAccess = "ACCESS"
+
+	// 普通的HTTP请求
+	PermissionMethodPost = "POST"
+	PermissionMethodGet  = "GET"
+	PermissionMethodPut  = "PUT"
+	PermissionMethodDel  = "DELETE"
+)
+
+const (
+	// 是否允许发表评论
+	PermissionAccessComment = "Comment"
+	// 评论是否免审
+	PermissionAccessCommentNeedReview = "CommentNeedReview"
+	// 是否允许上传文档
+	PermissionAccessUploadDocument = "UploadDocument"
+	// 上传的文档是否需要审核
+	PermissionAccessDocumentNeedReview = "DocumentNeedReview"
+)
+
 type Permission struct {
 	Id          int64      `form:"id" json:"id,omitempty" gorm:"primaryKey;autoIncrement;column:id;comment:;"`
-	Method      string     `form:"method" json:"method,omitempty" gorm:"column:method;type:varchar(16);size:16;index:method_path,unique;comment:请求方法，grpc为空;"`
+	Method      string     `form:"method" json:"method,omitempty" gorm:"column:method;type:varchar(16);size:16;index:method_path,unique;index:idx_method;comment:请求方法，如GRPC、GET、POST、PUT、DELETE、ACCESS等，其中ACCESS表示前台功能;"`
 	Path        string     `form:"path" json:"path,omitempty" gorm:"column:path;type:varchar(128);size:128;index:method_path,unique;comment:API路径;"`
 	Title       string     `form:"title" json:"title,omitempty" gorm:"column:title;type:varchar(255);size:255;comment:中文名称;"`
 	Description string     `form:"description" json:"description,omitempty" gorm:"column:description;type:varchar(255);size:255;comment:权限描述;"`
@@ -180,6 +205,7 @@ func (m *DBModel) GetPermissionList(opt *OptionGetPermissionList) (permissionLis
 
 	db = m.generateQueryIn(db, tableName, opt.QueryIn)
 	db = m.generateQueryLike(db, tableName, opt.QueryLike)
+	db = db.Where("method != ?", PermissionMethodAccess)
 
 	if opt.WithCount {
 		err = db.Count(&total).Error
@@ -202,3 +228,13 @@ func (m *DBModel) GetPermissionList(opt *OptionGetPermissionList) (permissionLis
 	}
 	return
 }
+
+func (m *DBModel) getPermissionAccesses() (accesses []Permission) {
+	accesses = []Permission{
+		{Method: PermissionMethodAccess, Path: PermissionAccessComment, Title: "允许评论", Description: "是否允许用户进行评论。"},
+		{Method: PermissionMethodAccess, Path: PermissionAccessCommentNeedReview, Title: "评论审核", Description: "用户发表的评论是否需要审核才能显示。"},
+		{Method: PermissionMethodAccess, Path: PermissionAccessUploadDocument, Title: "上传文档", Description: "是否允许用户上传文档。"},
+		{Method: PermissionMethodAccess, Path: PermissionAccessDocumentNeedReview, Title: "文档审核", Description: "用户上传的文档是否需要审核才能显示。"},
+	}
+	return
+}