template-monorepo/internal/model/permission/domain/usecase/role.go

package usecase

import (
	"context"

	"gateway/internal/model/permission/domain/entity"
	"gateway/internal/model/permission/domain/enum"
)

// CreateRoleParam carries the fields a tenant submits when creating a role.
type CreateRoleParam struct {
	TenantID    string
	Key         string
	DisplayName string
	CreatorUID  string
	Status      enum.Status // optional; defaults to open
}

// UpdateRoleParam patches an existing role. CRITICAL: Key is intentionally
// omitted — keys are immutable so external mappings stay valid.
type UpdateRoleParam struct {
	DisplayName *string
	Status      *enum.Status
}

// RoleUseCase manages tenant-scoped role definitions. System roles
// (is_system=true) are immutable except for DisplayName and refuse delete.
type RoleUseCase interface {
	Create(ctx context.Context, param *CreateRoleParam) (*entity.Role, error)
	Get(ctx context.Context, tenantID, id string) (*entity.Role, error)
	GetByKey(ctx context.Context, tenantID, key string) (*entity.Role, error)
	List(ctx context.Context, tenantID string) ([]*entity.Role, error)
	Update(ctx context.Context, tenantID, id string, param *UpdateRoleParam) (*entity.Role, error)
	Delete(ctx context.Context, tenantID, id string) error
}
feat(permission): add RBAC module with Casbin enforcement and policy reload - Multi-tenant RBAC: permission catalog, roles, role-permission mapping, user-role assignment, and external IdP role mapping (zitadel/ldap/scim). - Casbin enforcer with Redis-backed adapter and Pub/Sub reload for multi-instance policy sync; HTTP middleware enforces (tenant, role, path, method) with platform admin bypass. - /api/v1/permissions routes: catalog, me, policy/reload, roles CRUD, role permissions, user roles, role mappings. - New error scope (31) for Permission and biz code descriptions. - Wire Permission module into ServiceContext, config, mongo-index, and add cmd/permission-seed CLI plus etc/rbac.conf model. - Redis client gains lazy PubSubClient helper (go-zero wrapper lacks Subscribe). - Rewrite internal/model/member/README to cover Tenant/Member/Identity. Co-authored-by: Cursor <cursoragent@cursor.com> 2026-05-21 08:47:35 +00:00			`package usecase`

			`import (`
			`"context"`

			`"gateway/internal/model/permission/domain/entity"`
			`"gateway/internal/model/permission/domain/enum"`
			`)`

			`// CreateRoleParam carries the fields a tenant submits when creating a role.`
			`type CreateRoleParam struct {`
			`TenantID string`
			`Key string`
			`DisplayName string`
			`CreatorUID string`
			`Status enum.Status // optional; defaults to open`
			`}`

			`// UpdateRoleParam patches an existing role. CRITICAL: Key is intentionally`
			`// omitted — keys are immutable so external mappings stay valid.`
			`type UpdateRoleParam struct {`
			`DisplayName *string`
			`Status *enum.Status`
			`}`

			`// RoleUseCase manages tenant-scoped role definitions. System roles`
			`// (is_system=true) are immutable except for DisplayName and refuse delete.`
			`type RoleUseCase interface {`
			`Create(ctx context.Context, param CreateRoleParam) (entity.Role, error)`
			`Get(ctx context.Context, tenantID, id string) (*entity.Role, error)`
			`GetByKey(ctx context.Context, tenantID, key string) (*entity.Role, error)`
			`List(ctx context.Context, tenantID string) ([]*entity.Role, error)`
			`Update(ctx context.Context, tenantID, id string, param UpdateRoleParam) (entity.Role, error)`
			`Delete(ctx context.Context, tenantID, id string) error`
			`}`