王性驊
|
55446b9060
|
docs: 統整模組 README ↔ SDD 分工,砍重複內容
讓「找規格」跟「日常速查」兩種需求各有歸宿,避免同樣資訊散落多處:
- 改寫 docs/identity-member-design.md:從 Big5 亂碼的 2673 行設計草稿
→ ~200 行 UTF-8 跨模組總覽(架構決策、模組依賴、UID、JWT、Casbin、
Pub/Sub、Notification 全部一頁看完),不再跟模組 README 重疊
- 新增 internal/model/auth/README.md:合併原 auth-unified-registration
+ auth/SDD 的高層概念,留 SDD 給規格細節
- 精簡 member / permission / notification README:保留 sequence diagram、
curl、ServiceContext wiring 等日常開發要的東西;逐欄位 schema / Redis
key TTL / API endpoint list 等規格細節改指向各模組 SDD.md
- 每個 README 頂部加「規格 vs 速查」一行指路,找欄位 → SDD,找流程 → README
- root README 同步補上各模組 README + SDD 並列連結
- code comment 裡的 internal/model/{member,permission}/SDD.md §X.Y 引用
全部對齊新章節編號
Co-authored-by: Cursor <cursoragent@cursor.com>
|
2026-05-22 17:18:08 +08:00 |
|
王性驊
|
fa50c64ee4
|
feat(permission): add RBAC module with Casbin enforcement and policy reload
- Multi-tenant RBAC: permission catalog, roles, role-permission mapping,
user-role assignment, and external IdP role mapping (zitadel/ldap/scim).
- Casbin enforcer with Redis-backed adapter and Pub/Sub reload for
multi-instance policy sync; HTTP middleware enforces (tenant, role,
path, method) with platform admin bypass.
- /api/v1/permissions routes: catalog, me, policy/reload, roles CRUD,
role permissions, user roles, role mappings.
- New error scope (31) for Permission and biz code descriptions.
- Wire Permission module into ServiceContext, config, mongo-index, and
add cmd/permission-seed CLI plus etc/rbac.conf model.
- Redis client gains lazy PubSubClient helper (go-zero wrapper lacks Subscribe).
- Rewrite internal/model/member/README to cover Tenant/Member/Identity.
Co-authored-by: Cursor <cursoragent@cursor.com>
|
2026-05-21 16:47:35 +08:00 |
王性驊