digimon
/
template-monorepo
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
template-monorepo/internal/model/permission/seed/catalog.json

214 lines
5.7 KiB
JSON
Raw Permalink Normal View History

feat(permission): add RBAC module with Casbin enforcement and policy reload - Multi-tenant RBAC: permission catalog, roles, role-permission mapping, user-role assignment, and external IdP role mapping (zitadel/ldap/scim). - Casbin enforcer with Redis-backed adapter and Pub/Sub reload for multi-instance policy sync; HTTP middleware enforces (tenant, role, path, method) with platform admin bypass. - /api/v1/permissions routes: catalog, me, policy/reload, roles CRUD, role permissions, user roles, role mappings. - New error scope (31) for Permission and biz code descriptions. - Wire Permission module into ServiceContext, config, mongo-index, and add cmd/permission-seed CLI plus etc/rbac.conf model. - Redis client gains lazy PubSubClient helper (go-zero wrapper lacks Subscribe). - Rewrite internal/model/member/README to cover Tenant/Member/Identity. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-21 08:47:35 +00:00
[
{
"name": "member.info.management",
"type": "backend_user",
"description": "會員資訊管理(分類)"
},
{
"name": "member.basic.info",
"parent": "member.info.management",
"type": "backend_user",
"description": "基礎資訊(分類)"
},
{
"name": "member.info.select",
"parent": "member.basic.info",
"http_methods": "GET",
"http_path": "/api/v1/members/me",
"type": "backend_user",
"description": "讀取自身會員資料"
},
{
"name": "member.info.update",
"parent": "member.basic.info",
"http_methods": "PATCH",
"http_path": "/api/v1/members/me",
"type": "backend_user",
"description": "更新自身會員資料"
},
{
"name": "member.info.select.plain_code",
"parent": "member.info.select",
"http_methods": "GET",
"http_path": "/api/v1/members/me",
"type": "backend_user",
"description": "讀取明碼欄位(敏感)"
},
{
"name": "member.admin.list",
"parent": "member.info.management",
"http_methods": "GET",
"http_path": "/api/v1/members",
"type": "backend_user",
"description": "列出全部會員"
},
{
"name": "member.admin.read",
"parent": "member.info.management",
"http_methods": "GET",
"http_path": "/api/v1/members/:uid",
"type": "backend_user",
"description": "讀取指定會員"
},
{
"name": "member.admin.update",
"parent": "member.info.management",
"http_methods": "PATCH",
"http_path": "/api/v1/members/:uid",
"type": "backend_user",
"description": "更新指定會員"
},
{
"name": "member.admin.status",
"parent": "member.info.management",
"http_methods": "PATCH",
"http_path": "/api/v1/members/:uid/status",
"type": "backend_user",
"description": "啟停指定會員"
},
{
"name": "permission.role.management",
"type": "backend_user",
"description": "角色權限管理(分類)"
},
{
"name": "permission.role.read",
"parent": "permission.role.management",
"http_methods": "GET",
"http_path": "/api/v1/permissions/roles",
"type": "backend_user",
"description": "讀取角色清單"
},
{
"name": "permission.role.write",
"parent": "permission.role.management",
add fix eage case
2026-05-26 06:05:33 +00:00
"http_methods": "POST",
"http_path": "/api/v1/permissions/roles",
"type": "backend_user",
"description": "建立角色"
},
{
"name": "permission.role.modify",
"parent": "permission.role.management",
"http_methods": "GET|PUT|PATCH|DELETE",
"http_path": "/api/v1/permissions/roles/*",
feat(permission): add RBAC module with Casbin enforcement and policy reload - Multi-tenant RBAC: permission catalog, roles, role-permission mapping, user-role assignment, and external IdP role mapping (zitadel/ldap/scim). - Casbin enforcer with Redis-backed adapter and Pub/Sub reload for multi-instance policy sync; HTTP middleware enforces (tenant, role, path, method) with platform admin bypass. - /api/v1/permissions routes: catalog, me, policy/reload, roles CRUD, role permissions, user roles, role mappings. - New error scope (31) for Permission and biz code descriptions. - Wire Permission module into ServiceContext, config, mongo-index, and add cmd/permission-seed CLI plus etc/rbac.conf model. - Redis client gains lazy PubSubClient helper (go-zero wrapper lacks Subscribe). - Rewrite internal/model/member/README to cover Tenant/Member/Identity. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-21 08:47:35 +00:00
"type": "backend_user",
add fix eage case
2026-05-26 06:05:33 +00:00
"description": "修改 / 刪除 / 讀取角色 permission 細節"
feat(permission): add RBAC module with Casbin enforcement and policy reload - Multi-tenant RBAC: permission catalog, roles, role-permission mapping, user-role assignment, and external IdP role mapping (zitadel/ldap/scim). - Casbin enforcer with Redis-backed adapter and Pub/Sub reload for multi-instance policy sync; HTTP middleware enforces (tenant, role, path, method) with platform admin bypass. - /api/v1/permissions routes: catalog, me, policy/reload, roles CRUD, role permissions, user roles, role mappings. - New error scope (31) for Permission and biz code descriptions. - Wire Permission module into ServiceContext, config, mongo-index, and add cmd/permission-seed CLI plus etc/rbac.conf model. - Redis client gains lazy PubSubClient helper (go-zero wrapper lacks Subscribe). - Rewrite internal/model/member/README to cover Tenant/Member/Identity. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-21 08:47:35 +00:00
},
{
"name": "permission.assign.write",
"parent": "permission.role.management",
add fix eage case
2026-05-26 06:05:33 +00:00
"http_methods": "GET|POST",
"http_path": "/api/v1/permissions/users/*/roles",
"type": "backend_user",
"description": "查詢 / 指派使用者角色"
},
{
"name": "permission.assign.revoke",
"parent": "permission.role.management",
"http_methods": "DELETE",
"http_path": "/api/v1/permissions/users/*/roles/*",
feat(permission): add RBAC module with Casbin enforcement and policy reload - Multi-tenant RBAC: permission catalog, roles, role-permission mapping, user-role assignment, and external IdP role mapping (zitadel/ldap/scim). - Casbin enforcer with Redis-backed adapter and Pub/Sub reload for multi-instance policy sync; HTTP middleware enforces (tenant, role, path, method) with platform admin bypass. - /api/v1/permissions routes: catalog, me, policy/reload, roles CRUD, role permissions, user roles, role mappings. - New error scope (31) for Permission and biz code descriptions. - Wire Permission module into ServiceContext, config, mongo-index, and add cmd/permission-seed CLI plus etc/rbac.conf model. - Redis client gains lazy PubSubClient helper (go-zero wrapper lacks Subscribe). - Rewrite internal/model/member/README to cover Tenant/Member/Identity. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-21 08:47:35 +00:00
"type": "backend_user",
add fix eage case
2026-05-26 06:05:33 +00:00
"description": "撤銷使用者單一角色"
feat(permission): add RBAC module with Casbin enforcement and policy reload - Multi-tenant RBAC: permission catalog, roles, role-permission mapping, user-role assignment, and external IdP role mapping (zitadel/ldap/scim). - Casbin enforcer with Redis-backed adapter and Pub/Sub reload for multi-instance policy sync; HTTP middleware enforces (tenant, role, path, method) with platform admin bypass. - /api/v1/permissions routes: catalog, me, policy/reload, roles CRUD, role permissions, user roles, role mappings. - New error scope (31) for Permission and biz code descriptions. - Wire Permission module into ServiceContext, config, mongo-index, and add cmd/permission-seed CLI plus etc/rbac.conf model. - Redis client gains lazy PubSubClient helper (go-zero wrapper lacks Subscribe). - Rewrite internal/model/member/README to cover Tenant/Member/Identity. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-21 08:47:35 +00:00
},
{
"name": "permission.mapping.write",
"parent": "permission.role.management",
add fix eage case
2026-05-26 06:05:33 +00:00
"http_methods": "GET|PUT|DELETE",
"http_path": "/api/v1/permissions/role-mappings",
feat(permission): add RBAC module with Casbin enforcement and policy reload - Multi-tenant RBAC: permission catalog, roles, role-permission mapping, user-role assignment, and external IdP role mapping (zitadel/ldap/scim). - Casbin enforcer with Redis-backed adapter and Pub/Sub reload for multi-instance policy sync; HTTP middleware enforces (tenant, role, path, method) with platform admin bypass. - /api/v1/permissions routes: catalog, me, policy/reload, roles CRUD, role permissions, user roles, role mappings. - New error scope (31) for Permission and biz code descriptions. - Wire Permission module into ServiceContext, config, mongo-index, and add cmd/permission-seed CLI plus etc/rbac.conf model. - Redis client gains lazy PubSubClient helper (go-zero wrapper lacks Subscribe). - Rewrite internal/model/member/README to cover Tenant/Member/Identity. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-21 08:47:35 +00:00
"type": "backend_user",
add fix eage case
2026-05-26 06:05:33 +00:00
"description": "讀取 / 管理外部角色映射"
feat(permission): add RBAC module with Casbin enforcement and policy reload - Multi-tenant RBAC: permission catalog, roles, role-permission mapping, user-role assignment, and external IdP role mapping (zitadel/ldap/scim). - Casbin enforcer with Redis-backed adapter and Pub/Sub reload for multi-instance policy sync; HTTP middleware enforces (tenant, role, path, method) with platform admin bypass. - /api/v1/permissions routes: catalog, me, policy/reload, roles CRUD, role permissions, user roles, role mappings. - New error scope (31) for Permission and biz code descriptions. - Wire Permission module into ServiceContext, config, mongo-index, and add cmd/permission-seed CLI plus etc/rbac.conf model. - Redis client gains lazy PubSubClient helper (go-zero wrapper lacks Subscribe). - Rewrite internal/model/member/README to cover Tenant/Member/Identity. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-21 08:47:35 +00:00
},
{
"name": "permission.policy.reload",
"parent": "permission.role.management",
"http_methods": "POST",
"http_path": "/api/v1/permissions/policy/reload",
"type": "backend_user",
"description": "強制重載 Casbin policy"
},
{
"name": "tenant.management",
"type": "backend_user",
"description": "租戶管理(平台級)"
},
{
"name": "tenant.read",
"parent": "tenant.management",
"http_methods": "GET",
"http_path": "/api/v1/tenants*",
"type": "backend_user",
"description": "讀取租戶資訊"
},
{
"name": "tenant.write",
"parent": "tenant.management",
"http_methods": "POST|PATCH|DELETE",
"http_path": "/api/v1/tenants*",
"type": "backend_user",
"description": "管理租戶"
},
{
"name": "scim.management",
"type": "backend_user",
"description": "SCIM 同步(分類)"
},
{
"name": "scim.users.read",
"parent": "scim.management",
"http_methods": "GET",
"http_path": "/scim/v2/Users*",
"type": "backend_user",
"description": "SCIM Users 讀取"
},
{
"name": "scim.users.write",
"parent": "scim.management",
"http_methods": "POST|PATCH|PUT|DELETE",
"http_path": "/scim/v2/Users*",
"type": "backend_user",
"description": "SCIM Users 寫入"
},
{
"name": "scim.groups.read",
"parent": "scim.management",
"http_methods": "GET",
"http_path": "/scim/v2/Groups*",
"type": "backend_user",
"description": "SCIM Groups 讀取"
},
{
"name": "scim.groups.write",
"parent": "scim.management",
"http_methods": "POST|PATCH|PUT|DELETE",
"http_path": "/scim/v2/Groups*",
"type": "backend_user",
"description": "SCIM Groups 寫入"
},
{
"name": "system.management",
"type": "backend_user",
"description": "系統管理(平台級)"
},
{
"name": "system.audit.read",
"parent": "system.management",
"http_methods": "GET",
"http_path": "/api/v1/admin/audit-logs*",
"type": "backend_user",
"description": "讀取 audit log"
},
{
"name": "system.health.read",
"parent": "system.management",
"http_methods": "GET",
"http_path": "/api/v1/health",
"type": "backend_user",
"description": "健康檢查"
}
]