guard/internal/logic/permissionservice/check_permission_by_role_lo...

60 lines
1.6 KiB
Go

package permissionservicelogic
import (
"ark-permission/gen_result/pb/permission"
"ark-permission/internal/domain/usecase"
"ark-permission/internal/svc"
ers "code.30cm.net/wanderland/library-go/errors"
"context"
"github.com/zeromicro/go-zero/core/logx"
)
type CheckPermissionByRoleLogic struct {
ctx context.Context
svcCtx *svc.ServiceContext
logx.Logger
}
func NewCheckPermissionByRoleLogic(ctx context.Context, svcCtx *svc.ServiceContext) *CheckPermissionByRoleLogic {
return &CheckPermissionByRoleLogic{
ctx: ctx,
svcCtx: svcCtx,
Logger: logx.WithContext(ctx),
}
}
type checkPermissionReq struct {
Role string `json:"role" validate:"required"`
Method string `json:"method" validate:"required"`
Path string `json:"path" validate:"required"`
}
// CheckPermissionByRole 透過角色 ID 來檢視權限
func (l *CheckPermissionByRoleLogic) CheckPermissionByRole(in *permission.CheckPermissionByRoleReq) (*permission.PermissionResp, error) {
// 驗證所需
if err := l.svcCtx.Validate.ValidateAll(&checkPermissionReq{
Role: in.GetRole(),
Method: in.GetMethod(),
Path: in.GetPath(),
}); err != nil {
return nil, ers.InvalidFormat(err.Error())
}
rbacPermission, err := l.svcCtx.PolicyAgent.CheckRBACPermission(l.ctx, usecase.CheckReq{
Roles: []string{in.GetRole()},
Method: in.GetMethod(),
Path: in.GetPath(),
})
if err != nil {
return nil, ers.Forbidden(err.Error())
}
return &permission.PermissionResp{
Allow: rbacPermission.Allow,
PermissionName: rbacPermission.PolicyName,
PlainCode: rbacPermission.PlainCode,
}, nil
}