haixunMaster/haixun-backend/internal/logic/authz/admin.go

package authz

import (
	"context"

	"haixun-backend/internal/library/authctx"
	app "haixun-backend/internal/library/errors"
	"haixun-backend/internal/library/errors/code"
	"haixun-backend/internal/svc"
)

func RequireAdmin(ctx context.Context, svcCtx *svc.ServiceContext) error {
	actor, ok := authctx.ActorFromContext(ctx)
	if !ok {
		return app.For(code.Auth).AuthUnauthorized("missing actor")
	}
	member, err := svcCtx.Member.GetByUID(ctx, actor.TenantID, actor.UID)
	if err != nil {
		return err
	}
	for _, role := range member.Roles {
		if role == "admin" {
			return nil
		}
	}
	return app.For(code.Auth).AuthForbidden("admin role required")
}
fix find post 2026-06-25 09:34:28 +00:00			`package authz`

			`import (`
			`"context"`

			`"haixun-backend/internal/library/authctx"`
			`app "haixun-backend/internal/library/errors"`
			`"haixun-backend/internal/library/errors/code"`
			`"haixun-backend/internal/svc"`
			`)`

			`func RequireAdmin(ctx context.Context, svcCtx *svc.ServiceContext) error {`
			`actor, ok := authctx.ActorFromContext(ctx)`
			`if !ok {`
			`return app.For(code.Auth).AuthUnauthorized("missing actor")`
			`}`
			`member, err := svcCtx.Member.GetByUID(ctx, actor.TenantID, actor.UID)`
			`if err != nil {`
			`return err`
			`}`
			`for _, role := range member.Roles {`
			`if role == "admin" {`
			`return nil`
			`}`
			`}`
			`return app.For(code.Auth).AuthForbidden("admin role required")`
			`}`