template-monorepo/internal/model/permission/domain/usecase/authorization_query.go

package usecase

import (
	"context"

	"gateway/internal/model/permission/domain/enum"
)

// MePermissionsResponse is the shape consumed by frontend client code to
// render menu/feature switches. Status enables the legacy permission-server
// "open/close" pattern so keys can be hidden without removing rules.
type MePermissionsResponse struct {
	UID         string                `json:"uid"`
	TenantID    string                `json:"tenant_id"`
	Roles       []string              `json:"roles"`
	Permissions enum.Permissions      `json:"permissions"`
	Tree        []*PermissionTreeNode `json:"tree,omitempty"`
}

// AuthorizationQueryUseCase composes Role + RolePermission + Permission +
// PermissionTree to materialise the "what can the current user see" map
// returned by GET /permissions/me.
type AuthorizationQueryUseCase interface {
	Me(ctx context.Context, tenantID, uid string, includeTree bool) (*MePermissionsResponse, error)
}
feat(permission): add RBAC module with Casbin enforcement and policy reload - Multi-tenant RBAC: permission catalog, roles, role-permission mapping, user-role assignment, and external IdP role mapping (zitadel/ldap/scim). - Casbin enforcer with Redis-backed adapter and Pub/Sub reload for multi-instance policy sync; HTTP middleware enforces (tenant, role, path, method) with platform admin bypass. - /api/v1/permissions routes: catalog, me, policy/reload, roles CRUD, role permissions, user roles, role mappings. - New error scope (31) for Permission and biz code descriptions. - Wire Permission module into ServiceContext, config, mongo-index, and add cmd/permission-seed CLI plus etc/rbac.conf model. - Redis client gains lazy PubSubClient helper (go-zero wrapper lacks Subscribe). - Rewrite internal/model/member/README to cover Tenant/Member/Identity. Co-authored-by: Cursor <cursoragent@cursor.com> 2026-05-21 08:47:35 +00:00			`package usecase`

			`import (`
			`"context"`

			`"gateway/internal/model/permission/domain/enum"`
			`)`

			`// MePermissionsResponse is the shape consumed by frontend client code to`
			`// render menu/feature switches. Status enables the legacy permission-server`
			`// "open/close" pattern so keys can be hidden without removing rules.`
			`type MePermissionsResponse struct {`
			UID string `json:"uid"`
			TenantID string `json:"tenant_id"`
			Roles []string `json:"roles"`
			Permissions enum.Permissions `json:"permissions"`
			Tree []*PermissionTreeNode `json:"tree,omitempty"`
			`}`

			`// AuthorizationQueryUseCase composes Role + RolePermission + Permission +`
			`// PermissionTree to materialise the "what can the current user see" map`
			`// returned by GET /permissions/me.`
			`type AuthorizationQueryUseCase interface {`
			`Me(ctx context.Context, tenantID, uid string, includeTree bool) (*MePermissionsResponse, error)`
			`}`