60 lines
1.6 KiB
Go
60 lines
1.6 KiB
Go
package permissionservicelogic
|
|
|
|
import (
|
|
"ark-permission/gen_result/pb/permission"
|
|
"ark-permission/internal/domain/usecase"
|
|
"ark-permission/internal/svc"
|
|
ers "code.30cm.net/wanderland/library-go/errors"
|
|
"context"
|
|
|
|
"github.com/zeromicro/go-zero/core/logx"
|
|
)
|
|
|
|
type CheckPermissionByRoleLogic struct {
|
|
ctx context.Context
|
|
svcCtx *svc.ServiceContext
|
|
logx.Logger
|
|
}
|
|
|
|
func NewCheckPermissionByRoleLogic(ctx context.Context, svcCtx *svc.ServiceContext) *CheckPermissionByRoleLogic {
|
|
return &CheckPermissionByRoleLogic{
|
|
ctx: ctx,
|
|
svcCtx: svcCtx,
|
|
Logger: logx.WithContext(ctx),
|
|
}
|
|
}
|
|
|
|
type checkPermissionReq struct {
|
|
Role string `json:"role" validate:"required"`
|
|
Method string `json:"method" validate:"required"`
|
|
Path string `json:"path" validate:"required"`
|
|
}
|
|
|
|
// CheckPermissionByRole 透過角色 ID 來檢視權限
|
|
func (l *CheckPermissionByRoleLogic) CheckPermissionByRole(in *permission.CheckPermissionByRoleReq) (*permission.PermissionResp, error) {
|
|
// 驗證所需
|
|
if err := l.svcCtx.Validate.ValidateAll(&checkPermissionReq{
|
|
Role: in.GetRole(),
|
|
Method: in.GetMethod(),
|
|
Path: in.GetPath(),
|
|
}); err != nil {
|
|
return nil, ers.InvalidFormat(err.Error())
|
|
}
|
|
|
|
rbacPermission, err := l.svcCtx.PolicyAgent.CheckRBACPermission(l.ctx, usecase.CheckReq{
|
|
Roles: []string{in.GetRole()},
|
|
Method: in.GetMethod(),
|
|
Path: in.GetPath(),
|
|
})
|
|
|
|
if err != nil {
|
|
return nil, ers.Forbidden(err.Error())
|
|
}
|
|
|
|
return &permission.PermissionResp{
|
|
Allow: rbacPermission.Allow,
|
|
PermissionName: rbacPermission.PolicyName,
|
|
PlainCode: rbacPermission.PlainCode,
|
|
}, nil
|
|
}
|