add db cache and permission checker

README.md

@@ -1 +1,2 @@
-# third_party
+# 权限配置
+

cache.go

@@ -1,93 +0,0 @@
-package aeusadmin
-
-import (
-	"context"
-	"time"
-
-	"git.nobla.cn/golang/aeus/pkg/cache"
-	"gorm.io/gorm"
-)
-
-type (
-	CachingFunc func(tx *gorm.DB) (any, error)
-
-	CacheOptions struct {
-		db            *gorm.DB
-		cache         cache.Cache
-		dependSQL     string
-		dependArgs    []any
-		cacheDuration time.Duration
-	}
-
-	CacheOption func(o *CacheOptions)
-
-	cacheEntry struct {
-		storeValue   any
-		compareValue string
-		createdAt    time.Time
-		lastChecked  time.Time
-	}
-)
-
-func WithDepend(s string, args ...any) CacheOption {
-	return func(o *CacheOptions) {
-		o.dependSQL = s
-		o.dependArgs = args
-	}
-}
-func TryCache(ctx context.Context, key string, f CachingFunc, cbs ...CacheOption) (value any, err error) {
-	var (
-		hasDependValue bool
-		dependValue    string
-	)
-	opts := &CacheOptions{
-		cacheDuration: time.Minute * 10,
-	}
-	for _, cb := range cbs {
-		cb(opts)
-	}
-	//从缓存加载数据
-	if value, _, err = opts.cache.Get(ctx, key); err == nil {
-		entry := value.(*cacheEntry)
-		if opts.dependSQL == "" {
-			return entry.storeValue, nil
-		}
-		//如果频繁访问，不检查依赖
-		if time.Since(entry.lastChecked) < time.Millisecond*500 {
-			return entry.storeValue, nil
-		}
-		//对比依赖值
-		if err = opts.db.Raw(opts.dependSQL, opts.dependArgs...).Scan(&dependValue).Error; err == nil {
-			hasDependValue = true
-			if entry.compareValue == dependValue {
-				entry.lastChecked = time.Now()
-				return entry.storeValue, nil
-			} else {
-				opts.cache.Delete(ctx, key)
-			}
-		}
-	}
-	//从数据库加载数据
-	if value, err = f(opts.db.WithContext(ctx)); err == nil {
-		if !hasDependValue {
-			if err = opts.db.WithContext(ctx).Raw(opts.dependSQL, opts.dependArgs...).Scan(&dependValue).Error; err == nil {
-				opts.cache.Put(ctx, key, &cacheEntry{
-					compareValue: dependValue,
-					storeValue:   value,
-					createdAt:    time.Now(),
-					lastChecked:  time.Now(),
-				}, opts.cacheDuration)
-			}
-		} else {
-			opts.cache.Put(ctx, key, &cacheEntry{
-				compareValue: dependValue,
-				storeValue:   value,
-				createdAt:    time.Now(),
-				lastChecked:  time.Now(),
-			}, opts.cacheDuration)
-		}
-		return value, nil
-	} else {
-		return nil, err
-	}
-}

defaults/default.go

@@ -38,11 +38,12 @@ func init() {
 	defaultUsers = append(defaultUsers, adminUser, guestUser)
 
 	dashboardMenu := &models.Menu{}
-	dashboardMenu.Icon = "org"
+	dashboardMenu.Icon = "dashboard"
-	dashboardMenu.Label = "控制面板"
+	dashboardMenu.Label = "系统首页"
 	dashboardMenu.Name = "Dashboard"
 	dashboardMenu.Public = true
 	dashboardMenu.Uri = "/dashboard"
+	dashboardMenu.ViewPath = "../views/dashboard/Index.vue"
 
 	orgMenu := &models.Menu{}
 	orgMenu.Icon = "org"
@@ -51,13 +52,32 @@ func init() {
 	orgMenu.Public = true
 	orgMenu.Uri = "/organize"
 
+	profileMenu := &models.Menu{}
+	profileMenu.Label = "个人信息"
+	profileMenu.Name = "OrganizeUserProfile"
+	profileMenu.Public = true
+	profileMenu.Hidden = true
+	profileMenu.Parent = "Organize"
+	profileMenu.Uri = "/organize/user/profile"
+	profileMenu.ViewPath = "../views/organize/user/Profile.vue"
+
 	settingMenu := &models.Menu{}
 	settingMenu.Icon = "connect"
 	settingMenu.Label = "系统设置"
 	settingMenu.Name = "System"
 	settingMenu.Public = true
 	settingMenu.Uri = "/system"
-	defaultMenus = append(defaultMenus, dashboardMenu, orgMenu, settingMenu)
+
+	schemaMenu := &models.Menu{}
+	schemaMenu.Label = "字段设置"
+	schemaMenu.Parent = "System"
+	schemaMenu.Name = "SystemSchema"
+	schemaMenu.Uri = "/system/schemas"
+	schemaMenu.Public = true
+	schemaMenu.Hidden = true
+	schemaMenu.ViewPath = "../views/system/schema/Index.vue"
+
+	defaultMenus = append(defaultMenus, dashboardMenu, orgMenu, settingMenu, profileMenu, schemaMenu)
 
 	systemDepartment := &models.Department{}
 	systemDepartment.Name = "系统部门"
@@ -74,19 +94,15 @@ func MergeMenu(db *gorm.DB, model *models.Menu) (err error) {
 	return
 }
 
-func Menu(db *gorm.DB) (err error) {
+func Generate(db *gorm.DB) (err error) {
+	var (
+		n int64
+	)
 	for _, row := range defaultMenus {
 		if err = MergeMenu(db, row); err != nil {
 			return
 		}
 	}
-	return
-}
-
-func Data(db *gorm.DB) (err error) {
-	var (
-		n int64
-	)
 	if db.Model(&models.Role{}).Count(&n); n == 0 {
 		db.Create(defaultRoles)
 		permissions := make([]*models.Permission, 0)
@@ -96,7 +112,7 @@ func Data(db *gorm.DB) (err error) {
 			for _, perm := range permissions {
 				item := &models.RolePermission{}
 				item.Role = row.Name
-				item.PermissionId = perm.Id
+				item.Permission = perm.Permission
 				items = append(items, item)
 			}
 			db.Save(items)

go.mod

@@ -16,11 +16,15 @@ require (
 
 require (
 	github.com/golang-jwt/jwt/v5 v5.2.2
+	github.com/mssola/useragent v1.0.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb
 	google.golang.org/grpc v1.72.2
 )
 
-replace git.nobla.cn/golang/aeus v0.0.7 => /Users/yavolte/Workspace/golang/aeus
+replace (
+	git.nobla.cn/golang/aeus v0.0.7 => /Users/yavolte/Workspace/golang/aeus
+	git.nobla.cn/golang/rest v0.1.1 => /Users/yavolte/Workspace/golang/rest
+)
 
 require (
 	filippo.io/edwards25519 v1.1.0 // indirect

go.sum

@@ -2,8 +2,6 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 git.nobla.cn/golang/kos v0.1.32 h1:sFVCA7vKc8dPUd0cxzwExOSPX2mmMh2IuwL6cYS1pBc=
 git.nobla.cn/golang/kos v0.1.32/go.mod h1:35Z070+5oB39WcVrh5DDlnVeftL/Ccmscw2MZFe9fUg=
-git.nobla.cn/golang/rest v0.1.1 h1:xsGO/1rDrjcmpeZWv7k1sjqACurBQy5l9wVZ430w0tQ=
-git.nobla.cn/golang/rest v0.1.1/go.mod h1:4viDk7VujDokpUeHQGbnSp2bkkVZEoIkWQIs/l/TTPQ=
 github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0=
 github.com/bytedance/sonic v1.11.6/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4=
 github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM=
@@ -67,6 +65,8 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/mssola/useragent v1.0.0 h1:WRlDpXyxHDNfvZaPEut5Biveq86Ze4o4EMffyMxmH5o=
+github.com/mssola/useragent v1.0.0/go.mod h1:hz9Cqz4RXusgg1EdI4Al0INR62kP7aPSRNHnpU+b85Y=
 github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
 github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=

i18n/zh.go

@@ -19,6 +19,9 @@ func (t *ZH) Menu(model *rest.Model, label string) string {
 	if _, ok := model.Value().Interface().(models.Role); ok {
 		return "角色管理"
 	}
+	if _, ok := model.Value().Interface().(models.Login); ok {
+		return "登录记录"
+	}
 	if _, ok := model.Value().Interface().(models.Permission); ok {
 		return "权限管理"
 	}
@@ -29,7 +32,7 @@ func (t *ZH) Menu(model *rest.Model, label string) string {
 		return "角色权限"
 	}
 	if _, ok := model.Value().Interface().(models.Setting); ok {
-		return "系统设置"
+		return "参数设置"
 	}
 	return label
 }

models/model.go

@@ -3,6 +3,7 @@ package models
 import (
 	"git.nobla.cn/golang/aeus-admin/pb"
 	"git.nobla.cn/golang/aeus-admin/types"
+	restTypes "git.nobla.cn/golang/rest/types"
 )
 
 type (
@@ -12,6 +13,9 @@ type (
 	Menu struct {
 		pb.MenuModel
 	}
+	Login struct {
+		pb.LoginModel
+	}
 	Department struct {
 		pb.DepartmentModel
 	}
@@ -37,6 +41,17 @@ func (m *User) GetMenu() *types.Menu {
 	}
 }
 
+func (m *Login) GetMenu() *types.Menu {
+	return &types.Menu{
+		Name:   "OrganizeLogin",
+		Parent: "Organize",
+	}
+}
+
+func (m *Login) Scenario() []string {
+	return []string{restTypes.ScenarioList}
+}
+
 func (m *Menu) GetMenu() *types.Menu {
 	return &types.Menu{
 		Name:   "OrganizeMenu",
@@ -44,6 +59,12 @@ func (m *Menu) GetMenu() *types.Menu {
 	}
 }
 
+func (m *Menu) ModelPermissions() map[string]string {
+	return map[string]string{
+		"organize:permission:list": "权限",
+	}
+}
+
 func (m *Department) GetMenu() *types.Menu {
 	return &types.Menu{
 		Name:   "OrganizeDepartment",
@@ -58,22 +79,40 @@ func (m *Role) GetMenu() *types.Menu {
 	}
 }
 
+func (m *Role) ModelPermissions() map[string]string {
+	return map[string]string{
+		"organize:role_permission:list": "权限",
+	}
+}
+
 func (m *Permission) GetMenu() *types.Menu {
 	return &types.Menu{
-		Name:   "OrganizePermission",
+		Name:     "OrganizePermission",
-		Parent: "Organize",
+		Parent:   "Organize",
-		Hidden: true,
+		Hidden:   true,
+		Uri:      "/organize/menu/permission/:id",
+		ViewPath: "../views/organize/menu/Permission.vue",
 	}
 }
 
+func (m *Permission) GetPermission(s string) string {
+	return "organize:permission:list"
+}
+
 func (m *RolePermission) GetMenu() *types.Menu {
 	return &types.Menu{
-		Name:   "OrganizeRolePermission",
+		Name:     "OrganizeRolePermission",
-		Parent: "Organize",
+		Parent:   "Organize",
-		Hidden: true,
+		Hidden:   true,
+		Uri:      "/organize/role/permission/:id",
+		ViewPath: "../views/organize/role/Permission.vue",
 	}
 }
 
+func (m *RolePermission) GetPermission(s string) string {
+	return "organize:role_permission:list"
+}
+
 func (m *Setting) GetMenu() *types.Menu {
 	return &types.Menu{
 		Name:   "SystemSetting",

models/model_test.go

@@ -1,17 +0,0 @@
-package models
-
-import (
-	"testing"
-
-	"git.nobla.cn/golang/aeus-admin/types"
-)
-
-func TestModel(t *testing.T) {
-	var m any
-	m = &User{}
-	if _, ok := m.(types.Model); ok {
-		t.Log("ok")
-	} else {
-		t.Error("error")
-	}
-}

pb/organize.pb.validate.go

@@ -58,7 +58,11 @@ func (m *Menu) validate(all bool) error {
 
 	// no validation rules for Id
 
-	// no validation rules for ParentId
+	// no validation rules for CreatedAt
+
+	// no validation rules for UpdatedAt
+
+	// no validation rules for Parent
 
 	if utf8.RuneCountInString(m.GetName()) > 60 {
 		err := MenuValidationError{
@@ -230,6 +234,10 @@ func (m *Role) validate(all bool) error {
 
 	// no validation rules for Id
 
+	// no validation rules for CreatedAt
+
+	// no validation rules for UpdatedAt
+
 	if utf8.RuneCountInString(m.GetName()) > 60 {
 		err := RoleValidationError{
 			field:  "Name",
@@ -364,7 +372,7 @@ func (m *Permission) validate(all bool) error {
 
 	// no validation rules for Id
 
-	// no validation rules for MenuId
+	// no validation rules for Menu
 
 	if utf8.RuneCountInString(m.GetPermission()) > 60 {
 		err := PermissionValidationError{
@@ -500,7 +508,7 @@ func (m *RolePermission) validate(all bool) error {
 		errors = append(errors, err)
 	}
 
-	// no validation rules for PermissionId
+	// no validation rules for Permission
 
 	if len(errors) > 0 {
 		return RolePermissionMultiError(errors)
@@ -642,6 +650,8 @@ func (m *User) validate(all bool) error {
 
 	// no validation rules for Admin
 
+	// no validation rules for Status
+
 	// no validation rules for DeptId
 
 	if utf8.RuneCountInString(m.GetTag()) > 60 {
@@ -916,6 +926,131 @@ var _ interface {
 	ErrorName() string
 } = DepartmentValidationError{}
 
+// Validate checks the field values on Login with the rules defined in the
+// proto definition for this message. If any rules are violated, the first
+// error encountered is returned, or nil if there are no violations.
+func (m *Login) Validate() error {
+	return m.validate(false)
+}
+
+// ValidateAll checks the field values on Login with the rules defined in the
+// proto definition for this message. If any rules are violated, the result is
+// a list of violation errors wrapped in LoginMultiError, or nil if none found.
+func (m *Login) ValidateAll() error {
+	return m.validate(true)
+}
+
+func (m *Login) validate(all bool) error {
+	if m == nil {
+		return nil
+	}
+
+	var errors []error
+
+	// no validation rules for Id
+
+	// no validation rules for CreatedAt
+
+	if l := utf8.RuneCountInString(m.GetUid()); l < 5 || l > 20 {
+		err := LoginValidationError{
+			field:  "Uid",
+			reason: "value length must be between 5 and 20 runes, inclusive",
+		}
+		if !all {
+			return err
+		}
+		errors = append(errors, err)
+	}
+
+	// no validation rules for Ip
+
+	// no validation rules for Browser
+
+	// no validation rules for Os
+
+	// no validation rules for Platform
+
+	// no validation rules for AccessToken
+
+	// no validation rules for UserAgent
+
+	if len(errors) > 0 {
+		return LoginMultiError(errors)
+	}
+
+	return nil
+}
+
+// LoginMultiError is an error wrapping multiple validation errors returned by
+// Login.ValidateAll() if the designated constraints aren't met.
+type LoginMultiError []error
+
+// Error returns a concatenation of all the error messages it wraps.
+func (m LoginMultiError) Error() string {
+	msgs := make([]string, 0, len(m))
+	for _, err := range m {
+		msgs = append(msgs, err.Error())
+	}
+	return strings.Join(msgs, "; ")
+}
+
+// AllErrors returns a list of validation violation errors.
+func (m LoginMultiError) AllErrors() []error { return m }
+
+// LoginValidationError is the validation error returned by Login.Validate if
+// the designated constraints aren't met.
+type LoginValidationError struct {
+	field  string
+	reason string
+	cause  error
+	key    bool
+}
+
+// Field function returns field value.
+func (e LoginValidationError) Field() string { return e.field }
+
+// Reason function returns reason value.
+func (e LoginValidationError) Reason() string { return e.reason }
+
+// Cause function returns cause value.
+func (e LoginValidationError) Cause() error { return e.cause }
+
+// Key function returns key value.
+func (e LoginValidationError) Key() bool { return e.key }
+
+// ErrorName returns error name.
+func (e LoginValidationError) ErrorName() string { return "LoginValidationError" }
+
+// Error satisfies the builtin error interface
+func (e LoginValidationError) Error() string {
+	cause := ""
+	if e.cause != nil {
+		cause = fmt.Sprintf(" | caused by: %v", e.cause)
+	}
+
+	key := ""
+	if e.key {
+		key = "key for "
+	}
+
+	return fmt.Sprintf(
+		"invalid %sLogin.%s: %s%s",
+		key,
+		e.field,
+		e.reason,
+		cause)
+}
+
+var _ error = LoginValidationError{}
+
+var _ interface {
+	Field() string
+	Reason() string
+	Key() bool
+	Cause() error
+	ErrorName() string
+} = LoginValidationError{}
+
 // Validate checks the field values on Setting with the rules defined in the
 // proto definition for this message. If any rules are violated, the first
 // error encountered is returned, or nil if there are no violations.
@@ -3009,6 +3144,112 @@ var _ interface {
 	ErrorName() string
 } = GetUserTagResponseValidationError{}
 
+// Validate checks the field values on DepartmentLabelValue with the rules
+// defined in the proto definition for this message. If any rules are
+// violated, the first error encountered is returned, or nil if there are no violations.
+func (m *DepartmentLabelValue) Validate() error {
+	return m.validate(false)
+}
+
+// ValidateAll checks the field values on DepartmentLabelValue with the rules
+// defined in the proto definition for this message. If any rules are
+// violated, the result is a list of violation errors wrapped in
+// DepartmentLabelValueMultiError, or nil if none found.
+func (m *DepartmentLabelValue) ValidateAll() error {
+	return m.validate(true)
+}
+
+func (m *DepartmentLabelValue) validate(all bool) error {
+	if m == nil {
+		return nil
+	}
+
+	var errors []error
+
+	// no validation rules for Label
+
+	// no validation rules for Value
+
+	if len(errors) > 0 {
+		return DepartmentLabelValueMultiError(errors)
+	}
+
+	return nil
+}
+
+// DepartmentLabelValueMultiError is an error wrapping multiple validation
+// errors returned by DepartmentLabelValue.ValidateAll() if the designated
+// constraints aren't met.
+type DepartmentLabelValueMultiError []error
+
+// Error returns a concatenation of all the error messages it wraps.
+func (m DepartmentLabelValueMultiError) Error() string {
+	msgs := make([]string, 0, len(m))
+	for _, err := range m {
+		msgs = append(msgs, err.Error())
+	}
+	return strings.Join(msgs, "; ")
+}
+
+// AllErrors returns a list of validation violation errors.
+func (m DepartmentLabelValueMultiError) AllErrors() []error { return m }
+
+// DepartmentLabelValueValidationError is the validation error returned by
+// DepartmentLabelValue.Validate if the designated constraints aren't met.
+type DepartmentLabelValueValidationError struct {
+	field  string
+	reason string
+	cause  error
+	key    bool
+}
+
+// Field function returns field value.
+func (e DepartmentLabelValueValidationError) Field() string { return e.field }
+
+// Reason function returns reason value.
+func (e DepartmentLabelValueValidationError) Reason() string { return e.reason }
+
+// Cause function returns cause value.
+func (e DepartmentLabelValueValidationError) Cause() error { return e.cause }
+
+// Key function returns key value.
+func (e DepartmentLabelValueValidationError) Key() bool { return e.key }
+
+// ErrorName returns error name.
+func (e DepartmentLabelValueValidationError) ErrorName() string {
+	return "DepartmentLabelValueValidationError"
+}
+
+// Error satisfies the builtin error interface
+func (e DepartmentLabelValueValidationError) Error() string {
+	cause := ""
+	if e.cause != nil {
+		cause = fmt.Sprintf(" | caused by: %v", e.cause)
+	}
+
+	key := ""
+	if e.key {
+		key = "key for "
+	}
+
+	return fmt.Sprintf(
+		"invalid %sDepartmentLabelValue.%s: %s%s",
+		key,
+		e.field,
+		e.reason,
+		cause)
+}
+
+var _ error = DepartmentLabelValueValidationError{}
+
+var _ interface {
+	Field() string
+	Reason() string
+	Key() bool
+	Cause() error
+	ErrorName() string
+} = DepartmentLabelValueValidationError{}
+
 // Validate checks the field values on GetDepartmentLabelRequest with the rules
 // defined in the proto definition for this message. If any rules are
 // violated, the first error encountered is returned, or nil if there are no violations.
@@ -3693,6 +3934,214 @@ var _ interface {
 	ErrorName() string
 } = GetRolePermissionResponseValidationError{}
 
+// Validate checks the field values on SaveRolePermissionRequest with the rules
+// defined in the proto definition for this message. If any rules are
+// violated, the first error encountered is returned, or nil if there are no violations.
+func (m *SaveRolePermissionRequest) Validate() error {
+	return m.validate(false)
+}
+
+// ValidateAll checks the field values on SaveRolePermissionRequest with the
+// rules defined in the proto definition for this message. If any rules are
+// violated, the result is a list of violation errors wrapped in
+// SaveRolePermissionRequestMultiError, or nil if none found.
+func (m *SaveRolePermissionRequest) ValidateAll() error {
+	return m.validate(true)
+}
+
+func (m *SaveRolePermissionRequest) validate(all bool) error {
+	if m == nil {
+		return nil
+	}
+
+	var errors []error
+
+	// no validation rules for Role
+
+	if len(errors) > 0 {
+		return SaveRolePermissionRequestMultiError(errors)
+	}
+
+	return nil
+}
+
+// SaveRolePermissionRequestMultiError is an error wrapping multiple validation
+// errors returned by SaveRolePermissionRequest.ValidateAll() if the
+// designated constraints aren't met.
+type SaveRolePermissionRequestMultiError []error
+
+// Error returns a concatenation of all the error messages it wraps.
+func (m SaveRolePermissionRequestMultiError) Error() string {
+	msgs := make([]string, 0, len(m))
+	for _, err := range m {
+		msgs = append(msgs, err.Error())
+	}
+	return strings.Join(msgs, "; ")
+}
+
+// AllErrors returns a list of validation violation errors.
+func (m SaveRolePermissionRequestMultiError) AllErrors() []error { return m }
+
+// SaveRolePermissionRequestValidationError is the validation error returned by
+// SaveRolePermissionRequest.Validate if the designated constraints aren't met.
+type SaveRolePermissionRequestValidationError struct {
+	field  string
+	reason string
+	cause  error
+	key    bool
+}
+
+// Field function returns field value.
+func (e SaveRolePermissionRequestValidationError) Field() string { return e.field }
+
+// Reason function returns reason value.
+func (e SaveRolePermissionRequestValidationError) Reason() string { return e.reason }
+
+// Cause function returns cause value.
+func (e SaveRolePermissionRequestValidationError) Cause() error { return e.cause }
+
+// Key function returns key value.
+func (e SaveRolePermissionRequestValidationError) Key() bool { return e.key }
+
+// ErrorName returns error name.
+func (e SaveRolePermissionRequestValidationError) ErrorName() string {
+	return "SaveRolePermissionRequestValidationError"
+}
+
+// Error satisfies the builtin error interface
+func (e SaveRolePermissionRequestValidationError) Error() string {
+	cause := ""
+	if e.cause != nil {
+		cause = fmt.Sprintf(" | caused by: %v", e.cause)
+	}
+
+	key := ""
+	if e.key {
+		key = "key for "
+	}
+
+	return fmt.Sprintf(
+		"invalid %sSaveRolePermissionRequest.%s: %s%s",
+		key,
+		e.field,
+		e.reason,
+		cause)
+}
+
+var _ error = SaveRolePermissionRequestValidationError{}
+
+var _ interface {
+	Field() string
+	Reason() string
+	Key() bool
+	Cause() error
+	ErrorName() string
+} = SaveRolePermissionRequestValidationError{}
+
+// Validate checks the field values on SaveRolePermissionResponse with the
+// rules defined in the proto definition for this message. If any rules are
+// violated, the first error encountered is returned, or nil if there are no violations.
+func (m *SaveRolePermissionResponse) Validate() error {
+	return m.validate(false)
+}
+
+// ValidateAll checks the field values on SaveRolePermissionResponse with the
+// rules defined in the proto definition for this message. If any rules are
+// violated, the result is a list of violation errors wrapped in
+// SaveRolePermissionResponseMultiError, or nil if none found.
+func (m *SaveRolePermissionResponse) ValidateAll() error {
+	return m.validate(true)
+}
+
+func (m *SaveRolePermissionResponse) validate(all bool) error {
+	if m == nil {
+		return nil
+	}
+
+	var errors []error
+
+	// no validation rules for Role
+
+	if len(errors) > 0 {
+		return SaveRolePermissionResponseMultiError(errors)
+	}
+
+	return nil
+}
+
+// SaveRolePermissionResponseMultiError is an error wrapping multiple
+// validation errors returned by SaveRolePermissionResponse.ValidateAll() if
+// the designated constraints aren't met.
+type SaveRolePermissionResponseMultiError []error
+
+// Error returns a concatenation of all the error messages it wraps.
+func (m SaveRolePermissionResponseMultiError) Error() string {
+	msgs := make([]string, 0, len(m))
+	for _, err := range m {
+		msgs = append(msgs, err.Error())
+	}
+	return strings.Join(msgs, "; ")
+}
+
+// AllErrors returns a list of validation violation errors.
+func (m SaveRolePermissionResponseMultiError) AllErrors() []error { return m }
+
+// SaveRolePermissionResponseValidationError is the validation error returned
+// by SaveRolePermissionResponse.Validate if the designated constraints aren't met.
+type SaveRolePermissionResponseValidationError struct {
+	field  string
+	reason string
+	cause  error
+	key    bool
+}
+
+// Field function returns field value.
+func (e SaveRolePermissionResponseValidationError) Field() string { return e.field }
+
+// Reason function returns reason value.
+func (e SaveRolePermissionResponseValidationError) Reason() string { return e.reason }
+
+// Cause function returns cause value.
+func (e SaveRolePermissionResponseValidationError) Cause() error { return e.cause }
+
+// Key function returns key value.
+func (e SaveRolePermissionResponseValidationError) Key() bool { return e.key }
+
+// ErrorName returns error name.
+func (e SaveRolePermissionResponseValidationError) ErrorName() string {
+	return "SaveRolePermissionResponseValidationError"
+}
+
+// Error satisfies the builtin error interface
+func (e SaveRolePermissionResponseValidationError) Error() string {
+	cause := ""
+	if e.cause != nil {
+		cause = fmt.Sprintf(" | caused by: %v", e.cause)
+	}
+
+	key := ""
+	if e.key {
+		key = "key for "
+	}
+
+	return fmt.Sprintf(
+		"invalid %sSaveRolePermissionResponse.%s: %s%s",
+		key,
+		e.field,
+		e.reason,
+		cause)
+}
+
+var _ error = SaveRolePermissionResponseValidationError{}
+
+var _ interface {
+	Field() string
+	Reason() string
+	Key() bool
+	Cause() error
+	ErrorName() string
+} = SaveRolePermissionResponseValidationError{}
+
 // Validate checks the field values on LoginRequest with the rules defined in
 // the proto definition for this message. If any rules are violated, the first
 // error encountered is returned, or nil if there are no violations.

pb/organize.proto

@@ -15,15 +15,17 @@ message Menu {
         table: "menus"
     };
     int64 id = 1 [(aeus.field) = {gorm:"primaryKey",comment:"菜单ID"}];
-    int64 parent_id = 2 [(aeus.field)={comment:"父级菜单"}];
+    int64 created_at = 2 [(aeus.field)={scenarios:"view;export",comment:"创建时间"}];
-    string name = 3 [(aeus.field)={gorm:"index;size:60",props:"readonly:update",rule:"required",comment: "组件名称"},(validate.rules).string = {max_len: 60}];
+    int64 updated_at = 3 [(aeus.field)={gorm:"index",scenarios:"view;export",comment:"更新时间"}];
-    string label = 4 [(aeus.field)={gorm:"size:120",rule:"required",comment: "菜单标题"},(validate.rules).string = {max_len: 120}];
+    string parent = 4 [(aeus.field)={gorm:"index;size:60",props:"readonly:update",comment:"父级菜单"}];
-    string uri  = 5 [(aeus.field)={gorm:"size:512",rule:"required",scenarios:"create;update;view;export",comment: "菜单链接"},(validate.rules).string = {max_len: 512}];
+    string name = 5 [(aeus.field)={gorm:"index;size:60",props:"readonly:update",rule:"unique;required",comment: "组件名称"},(validate.rules).string = {max_len: 60}];
-    string view_path  = 6 [(aeus.field)={gorm:"size:512",scenarios:"create;update;view;export",comment: "视图路径"},(validate.rules).string = {max_len: 512}];
+    string label = 6 [(aeus.field)={gorm:"size:120",rule:"required",comment: "菜单标题"},(validate.rules).string = {max_len: 120}];
-    string icon  = 7 [(aeus.field)={gorm:"size:60",scenarios:"create;update;view;export",comment: "菜单图标"},(validate.rules).string = {max_len: 60}];
+    string uri  = 7 [(aeus.field)={gorm:"size:512",rule:"required",scenarios:"create;update;view;export",comment: "菜单链接"},(validate.rules).string = {max_len: 512}];
-    bool hidden  = 8 [(aeus.field)={scenarios:"create;update;view;export",comment:"是否隐藏"}];
+    string view_path  = 8 [(aeus.field)={gorm:"size:512",scenarios:"create;update;view;export",comment: "视图路径"},(validate.rules).string = {max_len: 512}];
-    bool public  = 9 [(aeus.field)={scenarios:"create;update;view;export",comment:"是否公开"}];
+    string icon  = 9 [(aeus.field)={gorm:"size:60",scenarios:"create;update;view;export",comment: "菜单图标"},(validate.rules).string = {max_len: 60}];
-    string description = 10 [(aeus.field)={gorm:"size:1024",scenarios:"create;update;view;export;list",format:"textarea",comment: "备注说明"},(validate.rules).string = {max_len: 1024}];
+    bool hidden  = 10 [(aeus.field)={scenarios:"create;update;view;export",comment:"是否隐藏"}];
+    bool public  = 11 [(aeus.field)={scenarios:"create;update;view;export",comment:"是否公开"}];
+    string description = 12 [(aeus.field)={gorm:"size:1024",scenarios:"create;update;view;export;list",format:"textarea",comment: "备注说明"},(validate.rules).string = {max_len: 1024}];
 }
 
 // Role 角色模型定义
@@ -32,9 +34,11 @@ message Role {
         table: "roles"
     };
     int64 id = 1 [(aeus.field) = {gorm:"primaryKey",comment: "角色ID"}];
-    string name = 2 [(aeus.field)={gorm:"index;size:60",props:"readonly:update",comment: "角色名称"},(validate.rules).string = {max_len: 60}];
+    int64 created_at = 2 [(aeus.field)={scenarios:"view;export",comment:"创建时间"}];
-    string label = 3 [(aeus.field)={gorm:"size:60",comment: "角色标题"},(validate.rules).string = {max_len: 60}];
+    int64 updated_at = 3 [(aeus.field)={gorm:"index",scenarios:"view;export",comment:"更新时间"}];
-    string description = 4 [(aeus.field)={gorm:"size:1024",scenarios:"list;create;update;export",format:"textarea",comment: "备注说明"},(validate.rules).string = {max_len: 1024}];
+    string name = 4 [(aeus.field)={gorm:"index;size:60",props:"readonly:update",comment: "角色名称"},(validate.rules).string = {max_len: 60}];
+    string label = 5 [(aeus.field)={gorm:"size:60",comment: "角色标题"},(validate.rules).string = {max_len: 60}];
+    string description = 6 [(aeus.field)={gorm:"size:1024",scenarios:"list;create;update;export",format:"textarea",comment: "备注说明"},(validate.rules).string = {max_len: 1024}];
 }
 
 // Permission 权限模型定义
@@ -43,7 +47,7 @@ message Permission {
         table: "permissions"
     };
     int64 id = 1 [(aeus.field) = {gorm:"primaryKey",comment: "权限ID"}];
-    int64 menu_id = 2 [(aeus.field)={gorm:"index",rule:"required",comment: "所属菜单"}];
+    string menu = 2 [(aeus.field)={gorm:"index;size:60",rule:"required",comment: "所属菜单"}];
     string permission = 3 [(aeus.field)={gorm:"index;size:60",rule:"required",comment: "权限名称"},(validate.rules).string = {max_len: 60}];
     string label = 4 [(aeus.field)={gorm:"size:60",rule:"required",comment: "权限标题"},(validate.rules).string = {max_len: 60}];
 }
@@ -54,8 +58,8 @@ message RolePermission {
         table: "role_permissions"
     };
     int64 id = 1 [(aeus.field) = {gorm:"primaryKey",comment: "ID"}];
-    string role = 2 [(aeus.field)={gorm:"size:60",rule:"required",comment: "角色名称"},(validate.rules).string = {max_len: 60}];
+    string role = 2 [(aeus.field)={gorm:"index;size:60",rule:"required",comment: "角色"},(validate.rules).string = {max_len: 60}];
-    int64 permission_id = 3 [(aeus.field)={rule:"required",comment: "权限ID"}];
+    string permission = 3 [(aeus.field)={gorm:"size:60",rule:"required",comment: "权限"}];
 }
 
 // User 用户模型定义
@@ -65,18 +69,19 @@ message User {
     };
     int64 id = 1 [(aeus.field) = {gorm:"primaryKey",comment: "ID"}];
     int64 created_at = 2 [(aeus.field)={scenarios:"view;export",comment:"创建时间"}];
-    int64 updated_at = 3 [(aeus.field)={scenarios:"view;export",comment:"更新时间"}];
+    int64 updated_at = 3 [(aeus.field)={gorm:"index",scenarios:"view;export",comment:"更新时间"}];
     string uid = 4 [(aeus.field) = {gorm:"index;size:20",rule:"required;unique;regexp:^[a-zA-Z0-9]{3,8}$",props:"readonly:update",comment: "用户工号"},(validate.rules).string = {min_len: 5, max_len: 20}];
     string username = 5 [(aeus.field)={gorm:"size:20",rule:"required",comment: "用户名称"},(validate.rules).string = {min_len: 5, max_len: 20}];
-    string role = 6 [(aeus.field)={gorm:"size:60",rule:"required",format:"role",comment: "所属角色"},(validate.rules).string = {max_len: 60}];
+    string role = 6 [(aeus.field)={gorm:"size:60;not null;default:''",rule:"required",format:"role",live:"type:dropdown;url:/role/labels",comment: "所属角色"},(validate.rules).string = {max_len: 60}];
     bool admin = 7  [(aeus.field)={scenarios:"create",comment:"管理员"}];
-    int64 dept_id = 8 [(aeus.field) = {gorm:"not null;default:0",rule:"required",format:"department",comment: "所属部门"}];
+    string status = 8  [(aeus.field)={scenarios:"create,update,list,search",gorm:"size:20;default:normal",enum:"normal:正常;disable:禁用",comment:"状态"}];
-    string tag = 9 [ (aeus.field)={gorm:"size:60",scenarios:"list;create;update",comment: "用户标签"},(validate.rules).string = {max_len: 60}];
+    int64 dept_id = 9 [(aeus.field) = {gorm:"not null;default:0",rule:"required",live:"type:dropdown;url:/department/labels",format:"department",comment: "所属部门"}];
-    string password = 10 [(aeus.field)={gorm:"size:60",rule:"required",scenarios:"create",comment: "用户密码"},(validate.rules).string = {max_len: 60}];
+    string tag = 10 [ (aeus.field)={gorm:"size:60",scenarios:"list;create;update",dropdown:"created;filterable;default_first",live:"type:dropdown;url:/user/tags",comment: "用户标签"},(validate.rules).string = {max_len: 60}];
-    string email = 11 [(aeus.field)={gorm:"size:60",scenarios:"create;update;view;list;export",comment: "用户邮箱"},(validate.rules).string = {max_len: 60}];
+    string password = 11 [(aeus.field)={gorm:"size:60",rule:"required",scenarios:"create",comment: "用户密码"},(validate.rules).string = {max_len: 60}];
-    string avatar = 12 [(aeus.field)={gorm:"size:1024",scenarios:"view",comment: "用户头像"},(validate.rules).string = {max_len: 1024}];
+    string email = 12 [(aeus.field)={gorm:"size:60",scenarios:"create;update;view;list;export",comment: "用户邮箱"},(validate.rules).string = {max_len: 60}];
-    string gender  = 13 [(aeus.field)={gorm:"size:20;default:man",rule:"required",scenarios:"list;create;update;view;export",comment: "用户性别"},(validate.rules).string = {max_len: 20}];
+    string avatar = 13 [(aeus.field)={gorm:"size:1024",scenarios:"view",comment: "用户头像"},(validate.rules).string = {max_len: 1024}];
-    string description = 14 [(aeus.field)={gorm:"size:1024",format:"textarea",scenarios:"create;update;view;export",comment: "备注说明"},(validate.rules).string = {max_len: 1024}];
+    string gender  = 14 [(aeus.field)={gorm:"size:20;default:man",rule:"required",scenarios:"list;create;update;view;export",enum:"man:男;woman:女;other:其他",comment: "用户性别"},(validate.rules).string = {max_len: 20}];
+    string description = 15 [(aeus.field)={gorm:"size:1024",format:"textarea",scenarios:"create;update;view;export",comment: "备注说明"},(validate.rules).string = {max_len: 1024}];
 }
 
 // Department 部门模型定义
@@ -86,12 +91,27 @@ message Department {
     };
     int64 id = 1 [(aeus.field) = {gorm:"primaryKey",comment:"ID"}];
     int64 created_at = 2 [(aeus.field)={scenarios:"view;export",comment:"创建时间"}];
-    int64 updated_at = 3 [(aeus.field)={scenarios:"view;export",comment:"更新时间"}];
+    int64 updated_at = 3 [(aeus.field)={gorm:"index",scenarios:"view;export",comment:"更新时间"}];
     int64 parent_id = 4 [(aeus.field)={format:"department",comment:"父级部门"}];
     string name = 5 [(aeus.field)={gorm:"size:20",rule:"required",comment: "部门名称"},(validate.rules).string = {max_len: 20}];
     string description = 6 [(aeus.field)={gorm:"size:1024",scenarios:"create;update;view;export;list",format:"textarea",comment: "备注说明"},(validate.rules).string = {max_len: 1024}];
 }
 
+message Login {
+    option (aeus.rest) = {
+        table: "logins"
+    };
+    int64 id = 1 [(aeus.field) = {gorm:"primaryKey",comment:"ID"}];
+    int64 created_at = 2 [(aeus.field)={scenarios:"list;search;view;export",comment:"登录时间"}];
+    string uid = 4 [(aeus.field)={gorm:"index;size:20",rule:"required",props:"readonly:update",format:"user",comment: "用户工号"},(validate.rules).string = {min_len: 5, max_len: 20}];
+    string ip = 5 [(aeus.field)={gorm:"size:128",scenarios:"list;search;view;export",comment: "登录地址"}];
+    string browser = 6 [(aeus.field)={gorm:"size:128",scenarios:"list;view;export",comment: "浏览器"}];
+    string os = 7 [(aeus.field)={gorm:"size:128",scenarios:"list;view;export",comment: "操作系统"}];
+    string platform = 8 [(aeus.field)={gorm:"size:128",scenarios:"list;view;export",comment: "系统平台"}];
+    string access_token = 9 [(aeus.field)={gorm:"size:1024",scenarios:"list;view;export",comment: "访问令牌"}];
+    string user_agent = 10 [(aeus.field)={gorm:"size:1024",scenarios:"list;view;export",comment: "用户代理"}];
+}
+
 // Setting 参数设置表
 message Setting {
     option (aeus.rest) = {
@@ -250,11 +270,16 @@ service UserService {
 }
 
 
+message DepartmentLabelValue {
+    string label = 1;
+    int64 value = 2;
+}
+
 message GetDepartmentLabelRequest {
 }
 
 message GetDepartmentLabelResponse {
-    repeated LabelValue data = 1;
+    repeated DepartmentLabelValue data = 1;
 }
 
 service DepartmentService {
@@ -282,6 +307,15 @@ message GetRolePermissionResponse {
     repeated string permissions = 2;
 }
 
+message SaveRolePermissionRequest {
+    string role = 1;
+    repeated string permissions = 2;
+}
+
+message SaveRolePermissionResponse {
+    string role = 1;
+}
+
 service RoleService {
     // 获取角色标签
     rpc GetRoleLabels(GetRoleLabelRequest) returns (GetRoleLabelResponse) {
@@ -295,6 +329,13 @@ service RoleService {
             get: "/role/permissions"
         };
     }
+
+    rpc SaveRolePermission(SaveRolePermissionRequest) returns (SaveRolePermissionResponse) {
+        option (google.api.http) = {
+            post: "/role/permissions"
+            body: "*"
+        };
+    }
 }
 
 

pb/organize_grpc.pb.go

@@ -473,6 +473,7 @@ var DepartmentService_ServiceDesc = grpc.ServiceDesc{
 const (
 	RoleService_GetRoleLabels_FullMethodName      = "/organize.RoleService/GetRoleLabels"
 	RoleService_GetRolePermissions_FullMethodName = "/organize.RoleService/GetRolePermissions"
+	RoleService_SaveRolePermission_FullMethodName = "/organize.RoleService/SaveRolePermission"
 )
 
 // RoleServiceClient is the client API for RoleService service.
@@ -483,6 +484,7 @@ type RoleServiceClient interface {
 	GetRoleLabels(ctx context.Context, in *GetRoleLabelRequest, opts ...grpc.CallOption) (*GetRoleLabelResponse, error)
 	// 获取角色权限
 	GetRolePermissions(ctx context.Context, in *GetRolePermissionRequest, opts ...grpc.CallOption) (*GetRolePermissionResponse, error)
+	SaveRolePermission(ctx context.Context, in *SaveRolePermissionRequest, opts ...grpc.CallOption) (*SaveRolePermissionResponse, error)
 }
 
 type roleServiceClient struct {
@@ -513,6 +515,16 @@ func (c *roleServiceClient) GetRolePermissions(ctx context.Context, in *GetRoleP
 	return out, nil
 }
 
+func (c *roleServiceClient) SaveRolePermission(ctx context.Context, in *SaveRolePermissionRequest, opts ...grpc.CallOption) (*SaveRolePermissionResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(SaveRolePermissionResponse)
+	err := c.cc.Invoke(ctx, RoleService_SaveRolePermission_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 // RoleServiceServer is the server API for RoleService service.
 // All implementations must embed UnimplementedRoleServiceServer
 // for forward compatibility.
@@ -521,6 +533,7 @@ type RoleServiceServer interface {
 	GetRoleLabels(context.Context, *GetRoleLabelRequest) (*GetRoleLabelResponse, error)
 	// 获取角色权限
 	GetRolePermissions(context.Context, *GetRolePermissionRequest) (*GetRolePermissionResponse, error)
+	SaveRolePermission(context.Context, *SaveRolePermissionRequest) (*SaveRolePermissionResponse, error)
 	mustEmbedUnimplementedRoleServiceServer()
 }
 
@@ -537,6 +550,9 @@ func (UnimplementedRoleServiceServer) GetRoleLabels(context.Context, *GetRoleLab
 func (UnimplementedRoleServiceServer) GetRolePermissions(context.Context, *GetRolePermissionRequest) (*GetRolePermissionResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetRolePermissions not implemented")
 }
+func (UnimplementedRoleServiceServer) SaveRolePermission(context.Context, *SaveRolePermissionRequest) (*SaveRolePermissionResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method SaveRolePermission not implemented")
+}
 func (UnimplementedRoleServiceServer) mustEmbedUnimplementedRoleServiceServer() {}
 func (UnimplementedRoleServiceServer) testEmbeddedByValue()                     {}
 
@@ -594,6 +610,24 @@ func _RoleService_GetRolePermissions_Handler(srv interface{}, ctx context.Contex
 	return interceptor(ctx, in, info, handler)
 }
 
+func _RoleService_SaveRolePermission_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SaveRolePermissionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RoleServiceServer).SaveRolePermission(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RoleService_SaveRolePermission_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RoleServiceServer).SaveRolePermission(ctx, req.(*SaveRolePermissionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 // RoleService_ServiceDesc is the grpc.ServiceDesc for RoleService service.
 // It's only intended for direct use with grpc.RegisterService,
 // and not to be introspected or modified (even as a copy)
@@ -609,6 +643,10 @@ var RoleService_ServiceDesc = grpc.ServiceDesc{
 			MethodName: "GetRolePermissions",
 			Handler:    _RoleService_GetRolePermissions_Handler,
 		},
+		{
+			MethodName: "SaveRolePermission",
+			Handler:    _RoleService_SaveRolePermission_Handler,
+		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "organize.proto",

pb/organize_http.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go-aeus. DO NOT EDIT.
 // source: organize.proto
-// date: 2025-06-16 11:37:44
+// date: 2025-06-17 15:01:15
 
 package pb
 
@@ -34,6 +34,8 @@ type RoleServiceHttpServer interface {
 	GetRoleLabels(context.Context, *GetRoleLabelRequest) (*GetRoleLabelResponse, error)
 
 	GetRolePermissions(context.Context, *GetRolePermissionRequest) (*GetRolePermissionResponse, error)
+
+	SaveRolePermission(context.Context, *SaveRolePermissionRequest) (*SaveRolePermissionResponse, error)
 }
 
 type AuthServiceHttpServer interface {
@@ -250,6 +252,26 @@ func handleRoleServiceGetRolePermissions(s RoleServiceHttpServer) http.HandleFun
 	}
 }
 
+func handleRoleServiceSaveRolePermission(s RoleServiceHttpServer) http.HandleFunc {
+	return func(ctx *http.Context) (err error) {
+		req := &SaveRolePermissionRequest{}
+
+		if err := ctx.Bind(req); err != nil {
+			return ctx.Error(errors.Invalid, err.Error())
+		}
+
+		if res, err := s.SaveRolePermission(ctx.Context(), req); err != nil {
+			if er, ok := err.(*errors.Error); ok {
+				return ctx.Error(er.Code, er.Message)
+			} else {
+				return ctx.Error(errors.Unavailable, err.Error())
+			}
+		} else {
+			return ctx.Success(res)
+		}
+	}
+}
+
 func handleAuthServiceLogin(s AuthServiceHttpServer) http.HandleFunc {
 	return func(ctx *http.Context) (err error) {
 		req := &LoginRequest{}
@@ -346,6 +368,9 @@ func RegisterRoleServiceRouter(hs *http.Server, s RoleServiceHttpServer) {
 	// Register handle GetRolePermissions route
 	hs.GET("/role/permissions", handleRoleServiceGetRolePermissions(s))
 
+	// Register handle SaveRolePermission route
+	hs.POST("/role/permissions", handleRoleServiceSaveRolePermission(s))
+
 }
 
 func RegisterAuthServiceRouter(hs *http.Server, s AuthServiceHttpServer) {

pb/organize_model.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go-aeus. DO NOT EDIT.
 // source: organize.proto
-// date: 2025-06-16 11:37:44
+// date: 2025-06-17 15:01:15
 
 package pb
 
@@ -10,15 +10,17 @@ import (
 
 type MenuModel struct {
 	Id          int64  `json:"id" yaml:"id" xml:"id" gorm:"primaryKey" comment:"菜单ID"`
-	ParentId    int64  `json:"parent_id" yaml:"parentId" xml:"parentId" comment:"父级菜单"`
+	CreatedAt   int64  `json:"created_at" yaml:"createdAt" xml:"createdAt" comment:"创建时间" scenarios:"view;export"`
-	Name        string `json:"name" yaml:"name" xml:"name" gorm:"index;size:60" comment:"组件名称" props:"readonly:update" rule:"required"`
+	UpdatedAt   int64  `json:"updated_at" yaml:"updatedAt" xml:"updatedAt" gorm:"index" comment:"更新时间" scenarios:"view;export"`
+	Parent      string `json:"parent" yaml:"parent" xml:"parent" gorm:"index;size:60" comment:"父级菜单" props:"readonly:update"`
+	Name        string `json:"name" yaml:"name" xml:"name" gorm:"index;size:60" comment:"组件名称" props:"readonly:update" rule:"unique;required"`
 	Label       string `json:"label" yaml:"label" xml:"label" gorm:"size:120" comment:"菜单标题" rule:"required"`
 	Uri         string `json:"uri" yaml:"uri" xml:"uri" gorm:"size:512" comment:"菜单链接" scenarios:"create;update;view;export" rule:"required"`
 	ViewPath    string `json:"view_path" yaml:"viewPath" xml:"viewPath" gorm:"size:512" comment:"视图路径" scenarios:"create;update;view;export"`
 	Icon        string `json:"icon" yaml:"icon" xml:"icon" gorm:"size:60" comment:"菜单图标" scenarios:"create;update;view;export"`
 	Hidden      bool   `json:"hidden" yaml:"hidden" xml:"hidden" comment:"是否隐藏" scenarios:"create;update;view;export"`
 	Public      bool   `json:"public" yaml:"public" xml:"public" comment:"是否公开" scenarios:"create;update;view;export"`
-	Description string `json:"description" yaml:"description" xml:"description" gorm:"size:1024" comment:"备注说明" format:"textarea" scenarios:"create;update;view;export;list"`
+	Description string `json:"description" yaml:"description" xml:"description" gorm:"size:1024" comment:"备注说明" scenarios:"create;update;view;export;list" format:"textarea"`
 }
 
 func (m *MenuModel) TableName() string {
@@ -27,7 +29,9 @@ func (m *MenuModel) TableName() string {
 
 func (m *MenuModel) FromValue(x *Menu) {
 	m.Id = x.Id
-	m.ParentId = x.ParentId
+	m.CreatedAt = x.CreatedAt
+	m.UpdatedAt = x.UpdatedAt
+	m.Parent = x.Parent
 	m.Name = x.Name
 	m.Label = x.Label
 	m.Uri = x.Uri
@@ -41,7 +45,9 @@ func (m *MenuModel) FromValue(x *Menu) {
 func (m *MenuModel) ToValue() (x *Menu) {
 	x = &Menu{}
 	x.Id = m.Id
-	x.ParentId = m.ParentId
+	x.CreatedAt = m.CreatedAt
+	x.UpdatedAt = m.UpdatedAt
+	x.Parent = m.Parent
 	x.Name = m.Name
 	x.Label = m.Label
 	x.Uri = m.Uri
@@ -87,9 +93,11 @@ func NewMenuModel() *MenuModel {
 
 type RoleModel struct {
 	Id          int64  `json:"id" yaml:"id" xml:"id" gorm:"primaryKey" comment:"角色ID"`
+	CreatedAt   int64  `json:"created_at" yaml:"createdAt" xml:"createdAt" comment:"创建时间" scenarios:"view;export"`
+	UpdatedAt   int64  `json:"updated_at" yaml:"updatedAt" xml:"updatedAt" gorm:"index" comment:"更新时间" scenarios:"view;export"`
 	Name        string `json:"name" yaml:"name" xml:"name" gorm:"index;size:60" comment:"角色名称" props:"readonly:update"`
 	Label       string `json:"label" yaml:"label" xml:"label" gorm:"size:60" comment:"角色标题"`
-	Description string `json:"description" yaml:"description" xml:"description" gorm:"size:1024" comment:"备注说明" format:"textarea" scenarios:"list;create;update;export"`
+	Description string `json:"description" yaml:"description" xml:"description" gorm:"size:1024" comment:"备注说明" scenarios:"list;create;update;export" format:"textarea"`
 }
 
 func (m *RoleModel) TableName() string {
@@ -98,6 +106,8 @@ func (m *RoleModel) TableName() string {
 
 func (m *RoleModel) FromValue(x *Role) {
 	m.Id = x.Id
+	m.CreatedAt = x.CreatedAt
+	m.UpdatedAt = x.UpdatedAt
 	m.Name = x.Name
 	m.Label = x.Label
 	m.Description = x.Description
@@ -106,6 +116,8 @@ func (m *RoleModel) FromValue(x *Role) {
 func (m *RoleModel) ToValue() (x *Role) {
 	x = &Role{}
 	x.Id = m.Id
+	x.CreatedAt = m.CreatedAt
+	x.UpdatedAt = m.UpdatedAt
 	x.Name = m.Name
 	x.Label = m.Label
 	x.Description = m.Description
@@ -146,7 +158,7 @@ func NewRoleModel() *RoleModel {
 
 type PermissionModel struct {
 	Id         int64  `json:"id" yaml:"id" xml:"id" gorm:"primaryKey" comment:"权限ID"`
-	MenuId     int64  `json:"menu_id" yaml:"menuId" xml:"menuId" gorm:"index" comment:"所属菜单" rule:"required"`
+	Menu       string `json:"menu" yaml:"menu" xml:"menu" gorm:"index;size:60" comment:"所属菜单" rule:"required"`
 	Permission string `json:"permission" yaml:"permission" xml:"permission" gorm:"index;size:60" comment:"权限名称" rule:"required"`
 	Label      string `json:"label" yaml:"label" xml:"label" gorm:"size:60" comment:"权限标题" rule:"required"`
 }
@@ -157,7 +169,7 @@ func (m *PermissionModel) TableName() string {
 
 func (m *PermissionModel) FromValue(x *Permission) {
 	m.Id = x.Id
-	m.MenuId = x.MenuId
+	m.Menu = x.Menu
 	m.Permission = x.Permission
 	m.Label = x.Label
 }
@@ -165,7 +177,7 @@ func (m *PermissionModel) FromValue(x *Permission) {
 func (m *PermissionModel) ToValue() (x *Permission) {
 	x = &Permission{}
 	x.Id = m.Id
-	x.MenuId = m.MenuId
+	x.Menu = m.Menu
 	x.Permission = m.Permission
 	x.Label = m.Label
 	return x
@@ -204,9 +216,9 @@ func NewPermissionModel() *PermissionModel {
 }
 
 type RolePermissionModel struct {
-	Id           int64  `json:"id" yaml:"id" xml:"id" gorm:"primaryKey" comment:"ID"`
+	Id         int64  `json:"id" yaml:"id" xml:"id" gorm:"primaryKey" comment:"ID"`
-	Role         string `json:"role" yaml:"role" xml:"role" gorm:"size:60" comment:"角色名称" rule:"required"`
+	Role       string `json:"role" yaml:"role" xml:"role" gorm:"index;size:60" comment:"角色" rule:"required"`
-	PermissionId int64  `json:"permission_id" yaml:"permissionId" xml:"permissionId" comment:"权限ID" rule:"required"`
+	Permission string `json:"permission" yaml:"permission" xml:"permission" gorm:"size:60" comment:"权限" rule:"required"`
 }
 
 func (m *RolePermissionModel) TableName() string {
@@ -216,14 +228,14 @@ func (m *RolePermissionModel) TableName() string {
 func (m *RolePermissionModel) FromValue(x *RolePermission) {
 	m.Id = x.Id
 	m.Role = x.Role
-	m.PermissionId = x.PermissionId
+	m.Permission = x.Permission
 }
 
 func (m *RolePermissionModel) ToValue() (x *RolePermission) {
 	x = &RolePermission{}
 	x.Id = m.Id
 	x.Role = m.Role
-	x.PermissionId = m.PermissionId
+	x.Permission = m.Permission
 	return x
 }
 
@@ -244,7 +256,7 @@ func (m *RolePermissionModel) Delete(db *gorm.DB) (err error) {
 }
 
 func (m *RolePermissionModel) Find(db *gorm.DB, pk any) (err error) {
-	return db.Where("permission_id=?", pk).First(m).Error
+	return db.Where("permission=?", pk).First(m).Error
 }
 
 func (m *RolePermissionModel) FindOne(db *gorm.DB, query any, args ...any) (err error) {
@@ -262,18 +274,19 @@ func NewRolePermissionModel() *RolePermissionModel {
 type UserModel struct {
 	Id          int64  `json:"id" yaml:"id" xml:"id" gorm:"primaryKey" comment:"ID"`
 	CreatedAt   int64  `json:"created_at" yaml:"createdAt" xml:"createdAt" comment:"创建时间" scenarios:"view;export"`
-	UpdatedAt   int64  `json:"updated_at" yaml:"updatedAt" xml:"updatedAt" comment:"更新时间" scenarios:"view;export"`
+	UpdatedAt   int64  `json:"updated_at" yaml:"updatedAt" xml:"updatedAt" gorm:"index" comment:"更新时间" scenarios:"view;export"`
 	Uid         string `json:"uid" yaml:"uid" xml:"uid" gorm:"index;size:20" comment:"用户工号" props:"readonly:update" rule:"required;unique;regexp:^[a-zA-Z0-9]{3,8}$"`
 	Username    string `json:"username" yaml:"username" xml:"username" gorm:"size:20" comment:"用户名称" rule:"required"`
-	Role        string `json:"role" yaml:"role" xml:"role" gorm:"size:60" comment:"所属角色" format:"role" rule:"required"`
+	Role        string `json:"role" yaml:"role" xml:"role" gorm:"size:60;not null;default:''" comment:"所属角色" format:"role" rule:"required" live:"type:dropdown;url:/role/labels"`
 	Admin       bool   `json:"admin" yaml:"admin" xml:"admin" comment:"管理员" scenarios:"create"`
-	DeptId      int64  `json:"dept_id" yaml:"deptId" xml:"deptId" gorm:"not null;default:0" comment:"所属部门" format:"department" rule:"required"`
+	Status      string `json:"status" yaml:"status" xml:"status" gorm:"size:20;default:normal" comment:"状态" scenarios:"create,update,list,search" enum:"normal:正常;disable:禁用"`
-	Tag         string `json:"tag" yaml:"tag" xml:"tag" gorm:"size:60" comment:"用户标签" scenarios:"list;create;update"`
+	DeptId      int64  `json:"dept_id" yaml:"deptId" xml:"deptId" gorm:"not null;default:0" comment:"所属部门" format:"department" rule:"required" live:"type:dropdown;url:/department/labels"`
+	Tag         string `json:"tag" yaml:"tag" xml:"tag" gorm:"size:60" comment:"用户标签" scenarios:"list;create;update" live:"type:dropdown;url:/user/tags" dropdown:"created;filterable;default_first"`
 	Password    string `json:"password" yaml:"password" xml:"password" gorm:"size:60" comment:"用户密码" scenarios:"create" rule:"required"`
 	Email       string `json:"email" yaml:"email" xml:"email" gorm:"size:60" comment:"用户邮箱" scenarios:"create;update;view;list;export"`
 	Avatar      string `json:"avatar" yaml:"avatar" xml:"avatar" gorm:"size:1024" comment:"用户头像" scenarios:"view"`
-	Gender      string `json:"gender" yaml:"gender" xml:"gender" gorm:"size:20;default:man" comment:"用户性别" scenarios:"list;create;update;view;export" rule:"required"`
+	Gender      string `json:"gender" yaml:"gender" xml:"gender" gorm:"size:20;default:man" comment:"用户性别" scenarios:"list;create;update;view;export" rule:"required" enum:"man:男;woman:女;other:其他"`
-	Description string `json:"description" yaml:"description" xml:"description" gorm:"size:1024" comment:"备注说明" format:"textarea" scenarios:"create;update;view;export"`
+	Description string `json:"description" yaml:"description" xml:"description" gorm:"size:1024" comment:"备注说明" scenarios:"create;update;view;export" format:"textarea"`
 }
 
 func (m *UserModel) TableName() string {
@@ -288,6 +301,7 @@ func (m *UserModel) FromValue(x *User) {
 	m.Username = x.Username
 	m.Role = x.Role
 	m.Admin = x.Admin
+	m.Status = x.Status
 	m.DeptId = x.DeptId
 	m.Tag = x.Tag
 	m.Password = x.Password
@@ -306,6 +320,7 @@ func (m *UserModel) ToValue() (x *User) {
 	x.Username = m.Username
 	x.Role = m.Role
 	x.Admin = m.Admin
+	x.Status = m.Status
 	x.DeptId = m.DeptId
 	x.Tag = m.Tag
 	x.Password = m.Password
@@ -351,10 +366,10 @@ func NewUserModel() *UserModel {
 type DepartmentModel struct {
 	Id          int64  `json:"id" yaml:"id" xml:"id" gorm:"primaryKey" comment:"ID"`
 	CreatedAt   int64  `json:"created_at" yaml:"createdAt" xml:"createdAt" comment:"创建时间" scenarios:"view;export"`
-	UpdatedAt   int64  `json:"updated_at" yaml:"updatedAt" xml:"updatedAt" comment:"更新时间" scenarios:"view;export"`
+	UpdatedAt   int64  `json:"updated_at" yaml:"updatedAt" xml:"updatedAt" gorm:"index" comment:"更新时间" scenarios:"view;export"`
 	ParentId    int64  `json:"parent_id" yaml:"parentId" xml:"parentId" comment:"父级部门" format:"department"`
 	Name        string `json:"name" yaml:"name" xml:"name" gorm:"size:20" comment:"部门名称" rule:"required"`
-	Description string `json:"description" yaml:"description" xml:"description" gorm:"size:1024" comment:"备注说明" format:"textarea" scenarios:"create;update;view;export;list"`
+	Description string `json:"description" yaml:"description" xml:"description" gorm:"size:1024" comment:"备注说明" scenarios:"create;update;view;export;list" format:"textarea"`
 }
 
 func (m *DepartmentModel) TableName() string {
@@ -413,13 +428,87 @@ func NewDepartmentModel() *DepartmentModel {
 	return &DepartmentModel{}
 }
 
+type LoginModel struct {
+	Id          int64  `json:"id" yaml:"id" xml:"id" gorm:"primaryKey" comment:"ID"`
+	CreatedAt   int64  `json:"created_at" yaml:"createdAt" xml:"createdAt" comment:"登录时间" scenarios:"list;search;view;export"`
+	Uid         string `json:"uid" yaml:"uid" xml:"uid" gorm:"index;size:20" comment:"用户工号" format:"user" props:"readonly:update" rule:"required"`
+	Ip          string `json:"ip" yaml:"ip" xml:"ip" gorm:"size:128" comment:"登录地址" scenarios:"list;search;view;export"`
+	Browser     string `json:"browser" yaml:"browser" xml:"browser" gorm:"size:128" comment:"浏览器" scenarios:"list;view;export"`
+	Os          string `json:"os" yaml:"os" xml:"os" gorm:"size:128" comment:"操作系统" scenarios:"list;view;export"`
+	Platform    string `json:"platform" yaml:"platform" xml:"platform" gorm:"size:128" comment:"系统平台" scenarios:"list;view;export"`
+	AccessToken string `json:"access_token" yaml:"accessToken" xml:"accessToken" gorm:"size:1024" comment:"访问令牌" scenarios:"list;view;export"`
+	UserAgent   string `json:"user_agent" yaml:"userAgent" xml:"userAgent" gorm:"size:1024" comment:"用户代理" scenarios:"list;view;export"`
+}
+
+func (m *LoginModel) TableName() string {
+	return "logins"
+}
+
+func (m *LoginModel) FromValue(x *Login) {
+	m.Id = x.Id
+	m.CreatedAt = x.CreatedAt
+	m.Uid = x.Uid
+	m.Ip = x.Ip
+	m.Browser = x.Browser
+	m.Os = x.Os
+	m.Platform = x.Platform
+	m.AccessToken = x.AccessToken
+	m.UserAgent = x.UserAgent
+}
+
+func (m *LoginModel) ToValue() (x *Login) {
+	x = &Login{}
+	x.Id = m.Id
+	x.CreatedAt = m.CreatedAt
+	x.Uid = m.Uid
+	x.Ip = m.Ip
+	x.Browser = m.Browser
+	x.Os = m.Os
+	x.Platform = m.Platform
+	x.AccessToken = m.AccessToken
+	x.UserAgent = m.UserAgent
+	return x
+}
+
+func (m *LoginModel) Create(db *gorm.DB) (err error) {
+	return db.Create(m).Error
+}
+
+func (m *LoginModel) UpdateColumn(db *gorm.DB, column string, value any) (err error) {
+	return db.Model(m).UpdateColumn(column, value).Error
+}
+
+func (m *LoginModel) Save(db *gorm.DB) (err error) {
+	return db.Save(m).Error
+}
+
+func (m *LoginModel) Delete(db *gorm.DB) (err error) {
+	return db.Delete(m).Error
+}
+
+func (m *LoginModel) Find(db *gorm.DB, pk any) (err error) {
+	return db.Where("user_agent=?", pk).First(m).Error
+}
+
+func (m *LoginModel) FindOne(db *gorm.DB, query any, args ...any) (err error) {
+	return db.Where(query, args...).First(m).Error
+}
+
+func (m *LoginModel) FindAll(db *gorm.DB, query any, args ...any) (err error) {
+	return db.Where(query, args...).Find(m).Error
+}
+
+func NewLoginModel() *LoginModel {
+	return &LoginModel{}
+}
+
 type SettingModel struct {
 	Id          int64  `json:"id" yaml:"id" xml:"id" gorm:"primaryKey" comment:"ID"`
 	CreatedAt   int64  `json:"created_at" yaml:"createdAt" xml:"createdAt" comment:"创建时间" scenarios:"search;view;export"`
 	UpdatedAt   int64  `json:"updated_at" yaml:"updatedAt" xml:"updatedAt" comment:"更新时间" scenarios:"search;view;export"`
 	Name        string `json:"name" yaml:"name" xml:"name" gorm:"size:60" comment:"配置项" props:"readonly:update" rule:"required"`
 	Value       string `json:"value" yaml:"value" xml:"value" gorm:"size:512" comment:"配置值" format:"textarea" rule:"required"`
-	Description string `json:"description" yaml:"description" xml:"description" gorm:"size:1024" comment:"备注说明" format:"textarea" scenarios:"create;update;view;export"`
+	Description string `json:"description" yaml:"description" xml:"description" gorm:"size:1024" comment:"备注说明" scenarios:"create;update;view;export" format:"textarea"`
 }
 
 func (m *SettingModel) TableName() string {

permission.go

@@ -0,0 +1,59 @@
+package aeusadmin
+
+import (
+	"context"
+	"fmt"
+	"slices"
+	"time"
+
+	"git.nobla.cn/golang/aeus-admin/models"
+	"git.nobla.cn/golang/aeus-admin/pkg/dbcache"
+	"git.nobla.cn/golang/aeus/middleware/auth"
+	"git.nobla.cn/golang/aeus/pkg/errors"
+	"gorm.io/gorm"
+)
+
+type PermissionChecker struct {
+	db *gorm.DB
+}
+
+func (p *PermissionChecker) getUserPermissions(ctx context.Context, uid string) (permissions []string, err error) {
+	permissions, err = dbcache.TryCache(ctx, fmt.Sprintf("user:permissions:%s", uid), func(tx *gorm.DB) ([]string, error) {
+		var ss []string
+		err = tx.Select("permission").Model(&models.RolePermission{}).
+			Joins("LEFT JOIN users on users.role = role_permissions.role").
+			Where("users.uid = ?", uid).
+			Pluck("permission", &ss).
+			Error
+		return ss, err
+	}, dbcache.WithCacheDuration(time.Minute), dbcache.WithDB(p.db))
+	return
+}
+
+
+func (p *PermissionChecker) CheckPermission(ctx context.Context, permission string) (err error) {
+	var (
+		uid string
+		ps  []string
+	)
+	if claims, ok := auth.FromContext(ctx); !ok {
+		return errors.ErrAccessDenied
+	} else {
+		if uid, err = claims.GetSubject(); err != nil {
+			return
+		}
+	}
+	if ps, err = p.getUserPermissions(ctx, uid); err != nil {
+		return
+	}
+	if !slices.Contains(ps, permission) {
+		err = errors.ErrPermissionDenied
+	}
+	return
+}
+
+func NewPermissionChecker(db *gorm.DB) *PermissionChecker {
+	return &PermissionChecker{
+		db: db,
+	}
+}

pkg/dbcache/cache.go

@@ -0,0 +1,113 @@
+package dbcache
+
+import (
+	"context"
+	"time"
+
+	"git.nobla.cn/golang/aeus/pkg/cache"
+	"git.nobla.cn/golang/aeus/pkg/errors"
+	"golang.org/x/sync/singleflight"
+	"gorm.io/gorm"
+)
+
+var singleInstance singleflight.Group
+
+type (
+	CacheOptions struct {
+		db            *gorm.DB
+		cache         cache.Cache
+		dependency    CacheDependency
+		cacheDuration time.Duration
+	}
+
+	CacheOption func(o *CacheOptions)
+
+	cacheEntry[T any] struct {
+		Value        T
+		CompareValue string
+		CreatedAt    int64
+	}
+)
+
+func WithDB(db *gorm.DB) CacheOption {
+	return func(o *CacheOptions) {
+		o.db = db
+	}
+}
+
+func WithCache(c cache.Cache) CacheOption {
+	return func(o *CacheOptions) {
+		o.cache = c
+	}
+}
+
+func WithCacheDuration(d time.Duration) CacheOption {
+	return func(o *CacheOptions) {
+		o.cacheDuration = d
+	}
+}
+
+func WithDependency(d CacheDependency) CacheOption {
+	return func(o *CacheOptions) {
+		o.dependency = d
+	}
+}
+
+// TryCache 尝试从缓存中获取数据
+func TryCache[T any](ctx context.Context, key string, f func(tx *gorm.DB) (T, error), cbs ...CacheOption) (result T, err error) {
+	var (
+		none           T
+		value          any
+		val            any
+		hasDependValue bool
+		dependValue    string
+	)
+	opts := &CacheOptions{
+		cache:         cache.Default(),
+		cacheDuration: time.Minute * 10,
+	}
+	for _, cb := range cbs {
+		cb(opts)
+	}
+	if opts.db == nil {
+		return none, errors.Format(errors.Unavailable, "db instance unavailable")
+	}
+	//从缓存加载数据
+	if value, err = opts.cache.Get(ctx, key); err == nil {
+		if entry, ok := value.(*cacheEntry[T]); ok {
+			if time.Now().Unix()-entry.CreatedAt <= 1 {
+				return entry.Value, nil
+			}
+			if opts.dependency == nil {
+				return entry.Value, nil
+			}
+			if dependValue, err = opts.dependency.GetValue(ctx, opts.db); err == nil {
+				hasDependValue = true
+				if entry.CompareValue == dependValue {
+					return entry.Value, nil
+				} else {
+					opts.cache.Delete(ctx, key)
+				}
+			}
+		}
+	}
+	//从数据库加载数据
+	tx := opts.db.WithContext(ctx)
+	if val, err, _ = singleInstance.Do(key, func() (any, error) {
+		if result, err = f(tx); err == nil {
+			if !hasDependValue && opts.dependency != nil {
+				dependValue, err = opts.dependency.GetValue(ctx, tx)
+			}
+			opts.cache.Put(ctx, key, &cacheEntry[T]{
+				CompareValue: dependValue,
+				Value:        result,
+				CreatedAt:    time.Now().Unix(),
+			}, opts.cacheDuration)
+		}
+		return result, err
+	}); err != nil {
+		return none, err
+	} else {
+		return val.(T), err
+	}
+}

pkg/dbcache/depend.go

@@ -0,0 +1,29 @@
+package dbcache
+
+import (
+	"context"
+
+	"gorm.io/gorm"
+)
+
+type CacheDependency interface {
+	GetValue(ctx context.Context, tx *gorm.DB) (value string, err error)
+}
+
+type SqlDependency struct {
+	dependSQL  string
+	dependArgs []any
+}
+
+func (d *SqlDependency) GetValue(ctx context.Context, tx *gorm.DB) (value string, err error) {
+	var dependValue string
+	err = tx.Raw(d.dependSQL, d.dependArgs...).Scan(&dependValue).Error
+	return dependValue, err
+}
+
+func NewSqlDependency(dependSQL string, dependArgs ...any) *SqlDependency {
+	return &SqlDependency{
+		dependSQL:  dependSQL,
+		dependArgs: dependArgs,
+	}
+}

server.go

@@ -2,6 +2,7 @@ package aeusadmin
 
 import (
 	"context"
+	"fmt"
 	"html/template"
 	"os"
 	"path"
@@ -11,6 +12,7 @@ import (
 
 	"git.nobla.cn/golang/aeus-admin/defaults"
 	"git.nobla.cn/golang/aeus-admin/models"
+	"git.nobla.cn/golang/aeus-admin/pkg/dbcache"
 	adminTypes "git.nobla.cn/golang/aeus-admin/types"
 	"git.nobla.cn/golang/aeus/pkg/errors"
 	"git.nobla.cn/golang/aeus/pkg/pool"
@@ -29,6 +31,7 @@ func getModels() []any {
 		&models.Role{},
 		&models.User{},
 		&models.Menu{},
+		&models.Login{},
 		&models.Permission{},
 		&models.RolePermission{},
 		&models.Setting{},
@@ -47,10 +50,7 @@ func checkModelMenu(db *gorm.DB, viewPath string, apiPrefix string, model *rest.
 		if err = db.Where("name = ?", row.Name).First(value).Error; err != nil {
 			if errors.Is(err, gorm.ErrRecordNotFound) {
 				if row.Parent != "" {
-					parentModel := &models.Menu{}
+					value.Parent = row.Parent
-					if err = parentModel.FindOne(db, "name = ?", row.Parent); err == nil {
-						value.ParentId = parentModel.Id
-					}
 				}
 				value.Name = row.Name
 				value.Hidden = row.Hidden
@@ -79,7 +79,7 @@ func checkModelMenu(db *gorm.DB, viewPath string, apiPrefix string, model *rest.
 		if err = db.Where("name = ?", menuName).First(value).Error; err != nil {
 			if errors.Is(err, gorm.ErrRecordNotFound) {
 				value.Name = menuName
-				value.ParentId = 0
+				value.Parent = ""
 				value.Label = inflector.Camel2words(model.Naming().Pluralize)
 				if translate != nil {
 					value.Label = translate.Menu(model, value.Label)
@@ -94,12 +94,12 @@ func checkModelMenu(db *gorm.DB, viewPath string, apiPrefix string, model *rest.
 }
 
 // checkModelPermission  检查模型权限是否写入到数据库
-func checkModelPermission(db *gorm.DB, menuId int64, scene string, model *rest.Model, translate Translate) (permissionModel *models.Permission, err error) {
+func checkModelPermission(db *gorm.DB, menuName string, scene string, model *rest.Model, translate Translate) (permissionModel *models.Permission, err error) {
 	permissionModel = &models.Permission{}
 	permission := model.Permission(scene)
-	if err = db.Where("permission = ?", permission).First(permissionModel).Error; err != nil {
+	if err = db.Where("permission = ? AND menu = ?", permission, menuName).First(permissionModel).Error; err != nil {
 		if errors.Is(err, gorm.ErrRecordNotFound) {
-			permissionModel.MenuId = menuId
+			permissionModel.Menu = menuName
 			permissionModel.Label = scene
 			if translate != nil {
 				permissionModel.Label = translate.Permission(model, scene, permissionModel.Label)
@@ -111,6 +111,19 @@ func checkModelPermission(db *gorm.DB, menuId int64, scene string, model *rest.M
 	return
 }
 
+func replaceModelPermission(db *gorm.DB, menuName string, permission string, label string) (permissionModel *models.Permission, err error) {
+	permissionModel = &models.Permission{}
+	if err = db.Where("permission = ? AND menu = ?", permission, menuName).First(permissionModel).Error; err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			permissionModel.Menu = menuName
+			permissionModel.Label = label
+			permissionModel.Permission = permission
+			err = db.Create(permissionModel).Error
+		}
+	}
+	return
+}
+
 // checkModel 检查模型
 func checkModel(opts *options, model *rest.Model) (err error) {
 	var (
@@ -123,7 +136,16 @@ func checkModel(opts *options, model *rest.Model) (err error) {
 	}
 	for _, s := range defaultScenarios {
 		if model.HasScenario(s) {
-			if _, err = checkModelPermission(tx, menuModel.Id, s, model, opts.translate); err != nil {
+			if _, err = checkModelPermission(tx, menuModel.Name, s, model, opts.translate); err != nil {
+				tx.Rollback()
+				return
+			}
+		}
+	}
+	modelValue := reflect.New(model.Value().Type()).Interface()
+	if v, ok := modelValue.(adminTypes.PerrmissionModule); ok {
+		for k, v := range v.ModelPermissions() {
+			if _, err = replaceModelPermission(tx, menuModel.Name, k, v); err != nil {
 				tx.Rollback()
 				return
 			}
@@ -135,6 +157,15 @@ func checkModel(opts *options, model *rest.Model) (err error) {
 
 // generateVueFile 生成Vue文件
 func generateVueFile(prefix string, apiPrefix string, mv *rest.Model) (err error) {
+	refVal := reflect.New(mv.Value().Type()).Interface()
+	if v, ok := refVal.(adminTypes.MenuModel); ok {
+		instance := v.GetMenu()
+		if instance != nil {
+			if instance.Hidden {
+				return
+			}
+		}
+	}
 	filename := path.Join(prefix, mv.Naming().ModuleName, mv.Naming().Singular, "Index.vue")
 	if _, err = os.Stat(filename); err == nil {
 		return
@@ -146,7 +177,8 @@ func generateVueFile(prefix string, apiPrefix string, mv *rest.Model) (err error
 		}
 	}
 	var (
-		temp *template.Template
+		editable bool
+		temp     *template.Template
 	)
 	if temp, err = template.New("vue").Parse(vueTemplate); err != nil {
 		return
@@ -154,6 +186,9 @@ func generateVueFile(prefix string, apiPrefix string, mv *rest.Model) (err error
 	permissions := make(map[string]string)
 	for _, s := range defaultScenarios {
 		if mv.HasScenario(s) {
+			if s == types.ScenarioCreate || s == types.ScenarioUpdate {
+				editable = true
+			}
 			permissions[s] = mv.Permission(s)
 		}
 	}
@@ -161,6 +196,7 @@ func generateVueFile(prefix string, apiPrefix string, mv *rest.Model) (err error
 		ModuleName:  mv.ModuleName(),
 		TableName:   mv.TableName(),
 		Permissions: permissions,
+		Readonly:    !editable,
 		ApiPrefix:   strings.TrimPrefix(apiPrefix, "/"),
 	}
 	writer := pool.GetBuffer()
@@ -241,21 +277,37 @@ func registerRESTRoute(domain string, db *gorm.DB, hs *http.Server) {
 		)
 		scenario := ctx.Request().URL.Query().Get("scenario")
 		if scenario == "" {
-			schemas, err = rest.GetSchemas(
+			schemas, err = dbcache.TryCache(
 				ctx.Request().Context(),
-				db.WithContext(ctx.Request().Context()),
+				fmt.Sprintf("rest:schems:%s:%s", ctx.Param("module"), ctx.Param("table")),
-				"",
+				func(tx *gorm.DB) ([]*restTypes.Schema, error) {
-				ctx.Param("module"),
+					return rest.GetSchemas(
-				ctx.Param("table"),
+						ctx.Request().Context(),
+						tx,
+						"",
+						ctx.Param("module"),
+						ctx.Param("table"),
+					)
+				},
+				dbcache.WithDB(db),
+				dbcache.WithDependency(dbcache.NewSqlDependency("SELECT MAX(`updated_at`) FROM `schemas`")),
 			)
 		} else {
-			schemas, err = rest.VisibleSchemas(
+			schemas, err = dbcache.TryCache(
 				ctx.Request().Context(),
-				db.WithContext(ctx.Request().Context()),
+				fmt.Sprintf("rest:schems:%s:%s", ctx.Param("module"), ctx.Param("table")),
-				"",
+				func(tx *gorm.DB) ([]*restTypes.Schema, error) {
-				ctx.Param("module"),
+					return rest.VisibleSchemas(
-				ctx.Param("table"),
+						ctx.Request().Context(),
-				scenario,
+						db.WithContext(ctx.Request().Context()),
+						"",
+						ctx.Param("module"),
+						ctx.Param("table"),
+						scenario,
+					)
+				},
+				dbcache.WithDB(db),
+				dbcache.WithDependency(dbcache.NewSqlDependency("SELECT MAX(`updated_at`) FROM `schemas`")),
 			)
 		}
 		if err != nil {
@@ -314,17 +366,16 @@ func Init(ctx context.Context, cbs ...Option) (err error) {
 	if err = initREST(ctx, opts); err != nil {
 		return
 	}
-	if err = defaults.Menu(opts.db); err != nil {
-		return
-	}
 	if err = initModels(ctx, opts); err != nil {
 		return
 	}
 	if opts.httpServer != nil {
 		registerRESTRoute(opts.domain, opts.db, opts.httpServer)
 	}
-	if err = defaults.Data(opts.db); err != nil {
+	if !opts.disableDefault {
-		return
+		if err = defaults.Generate(opts.db); err != nil {
+			return
+		}
 	}
 	return
 }

service/auth.go

@@ -7,8 +7,10 @@ import (
 	"git.nobla.cn/golang/aeus-admin/models"
 	"git.nobla.cn/golang/aeus-admin/pb"
 	"git.nobla.cn/golang/aeus-admin/types"
+	"git.nobla.cn/golang/aeus/metadata"
 	"git.nobla.cn/golang/aeus/pkg/errors"
 	jwt "github.com/golang-jwt/jwt/v5"
+	"github.com/mssola/useragent"
 	"gorm.io/gorm"
 )
 
@@ -58,11 +60,13 @@ func (s *AuthService) Login(ctx context.Context, req *pb.LoginRequest) (res *pb.
 		return nil, errors.Format(errors.Invalid, err.Error())
 	}
 	if err = model.FindOne(tx, "uid=?", req.Username); err != nil {
-		return
+		return nil, errors.ErrAccessDenied
+	}
+	if model.Status != types.UserStatusNormal {
+		return nil, errors.ErrAccessDenied
 	}
 	if model.Password != req.Password {
-		err = errors.ErrAccessDenied
+		return nil, errors.ErrAccessDenied
-		return
 	}
 	claims := types.Claims{
 		Uid:          model.Uid,
@@ -71,12 +75,26 @@ func (s *AuthService) Login(ctx context.Context, req *pb.LoginRequest) (res *pb.
 		ExpirationAt: time.Now().Add(time.Second * time.Duration(s.opts.ttl)).Unix(),
 	}
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+
 	res = &pb.LoginResponse{}
 	if res.Token, err = token.SignedString(s.opts.secret); err == nil {
 		res.Uid = model.Uid
 		res.Username = model.Username
 		res.Expires = s.opts.ttl
 	}
+	loginModel := &models.Login{}
+	loginModel.Uid = model.Uid
+	loginModel.AccessToken = res.Token
+	md := metadata.FromContext(ctx)
+	if userAgent, ok := md.Get("User-Agent"); ok {
+		ua := useragent.New(userAgent)
+		loginModel.Os = ua.OS()
+		loginModel.Platform = ua.Platform()
+		loginModel.UserAgent = userAgent
+		browser, browserVersion := ua.Browser()
+		loginModel.Browser = browser + "/" + browserVersion
+		tx.Save(loginModel)
+	}
 	return
 }
 

service/department.go

@@ -2,10 +2,11 @@ package service
 
 import (
 	"context"
-	"strconv"
+	"fmt"
 
 	"git.nobla.cn/golang/aeus-admin/models"
 	"git.nobla.cn/golang/aeus-admin/pb"
+	"git.nobla.cn/golang/aeus-admin/pkg/dbcache"
 	"gorm.io/gorm"
 )
 
@@ -27,18 +28,25 @@ func WithDepartmentDB(db *gorm.DB) DepartmentOption {
 }
 
 func (s *DepartmentService) GetDepartmentLabels(ctx context.Context, req *pb.GetDepartmentLabelRequest) (res *pb.GetDepartmentLabelResponse, err error) {
-	values := make([]*models.Department, 0)
+	res = &pb.GetDepartmentLabelResponse{}
-	if err = s.opts.db.WithContext(ctx).Find(&values).Error; err == nil {
+	res.Data, err = dbcache.TryCache(ctx, fmt.Sprintf("department:labels"), func(tx *gorm.DB) ([]*pb.DepartmentLabelValue, error) {
-		res = &pb.GetDepartmentLabelResponse{
+		values := make([]*models.Department, 0)
-			Data: make([]*pb.LabelValue, 0, len(values)),
+		if err = tx.Find(&values).Error; err == nil {
+			items := make([]*pb.DepartmentLabelValue, 0, len(values))
+			for _, v := range values {
+				items = append(items, &pb.DepartmentLabelValue{
+					Label: v.Name,
+					Value: v.Id,
+				})
+			}
+			return items, nil
+		} else {
+			return nil, err
 		}
-		for _, v := range values {
+	},
-			res.Data = append(res.Data, &pb.LabelValue{
+		dbcache.WithDB(s.opts.db),
-				Label: v.Name,
+		dbcache.WithDependency(dbcache.NewSqlDependency("SELECT MAX(`updated_at`) FROM departments")),
-				Value: strconv.FormatInt(v.Id, 10),
+	)
-			})
-		}
-	}
 	return
 }
 

service/role.go

@@ -2,9 +2,11 @@ package service
 
 import (
 	"context"
+	"fmt"
 
 	"git.nobla.cn/golang/aeus-admin/models"
 	"git.nobla.cn/golang/aeus-admin/pb"
+	"git.nobla.cn/golang/aeus-admin/pkg/dbcache"
 	"gorm.io/gorm"
 )
 
@@ -26,32 +28,57 @@ func WithRoleDB(db *gorm.DB) RoleOption {
 }
 
 func (s *RoleService) GetRoleLabels(ctx context.Context, req *pb.GetRoleLabelRequest) (res *pb.GetRoleLabelResponse, err error) {
-	values := make([]*models.Role, 0)
+	res = &pb.GetRoleLabelResponse{}
-	if err = s.opts.db.WithContext(ctx).Find(&values).Error; err == nil {
+	res.Data, err = dbcache.TryCache(ctx, fmt.Sprintf("role:labels"), func(tx *gorm.DB) ([]*pb.LabelValue, error) {
-		res = &pb.GetRoleLabelResponse{
+		values := make([]*models.Role, 0)
-			Data: make([]*pb.LabelValue, 0, len(values)),
+		if err = tx.Find(&values).Error; err == nil {
+			items := make([]*pb.LabelValue, 0, len(values))
+			for _, v := range values {
+				items = append(items, &pb.LabelValue{
+					Label: v.Label,
+					Value: v.Name,
+				})
+			}
+			return items, nil
+		} else {
+			return nil, err
 		}
-		for _, v := range values {
+	},
-			res.Data = append(res.Data, &pb.LabelValue{
+		dbcache.WithDB(s.opts.db),
-				Label: v.Label,
+		dbcache.WithDependency(dbcache.NewSqlDependency("SELECT MAX(`updated_at`) FROM roles")),
-				Value: v.Name,
+	)
-			})
-		}
-	}
 	return
 }
 
 func (s *RoleService) GetRolePermissions(ctx context.Context, req *pb.GetRolePermissionRequest) (res *pb.GetRolePermissionResponse, err error) {
-	permissions := make([]*models.Permission, 0)
+	var permissions []string
-	if err = s.opts.db.WithContext(ctx).Where("id IN (SELECT permission_id FROM role_permissions WHERE role = ?)", req.Role).Find(&permissions).Error; err != nil {
+	if err = s.opts.db.WithContext(ctx).Model(&models.RolePermission{}).Where("role=?", req.Role).Pluck("permission", &permissions).Error; err != nil {
 		return
 	}
 	res = &pb.GetRolePermissionResponse{
 		Role:        req.Role,
-		Permissions: make([]string, 0, len(permissions)),
+		Permissions: permissions,
 	}
-	for _, permission := range permissions {
+	return
-		res.Permissions = append(res.Permissions, permission.Permission)
+}
+
+func (s *RoleService) SaveRolePermission(ctx context.Context, req *pb.SaveRolePermissionRequest) (res *pb.SaveRolePermissionResponse, err error) {
+	tx := s.opts.db.WithContext(ctx).Begin()
+	tx.Where("role = ?", req.Role).Delete(&models.RolePermission{})
+	values := make([]*models.RolePermission, 0)
+	for _, permission := range req.Permissions {
+		item := &models.RolePermission{}
+		item.Role = req.Role
+		item.Permission = permission
+		values = append(values, item)
+	}
+	if err = tx.Save(values).Error; err == nil {
+		tx.Commit()
+	} else {
+		tx.Rollback()
+	}
+	res = &pb.SaveRolePermissionResponse{
+		Role: req.Role,
 	}
 	return
 }

service/setting.go

@@ -19,6 +19,12 @@ type SettingService struct {
 	opts *settingOptions
 }
 
+func WithSettingDB(db *gorm.DB) SettingOption {
+	return func(o *settingOptions) {
+		o.db = db
+	}
+}
+
 func (s *SettingService) GetSetting(ctx context.Context, req *pb.GetSettingRequest) (res *pb.GetSettingResponse, err error) {
 	tx := s.opts.db.WithContext(ctx)
 	values := make([]*models.Setting, 0)

service/user.go

@@ -2,10 +2,12 @@ package service
 
 import (
 	"context"
+	"fmt"
+	"time"
 
 	"git.nobla.cn/golang/aeus-admin/models"
 	"git.nobla.cn/golang/aeus-admin/pb"
-	"git.nobla.cn/golang/aeus-admin/types"
+	"git.nobla.cn/golang/aeus-admin/pkg/dbcache"
 	"git.nobla.cn/golang/aeus/middleware/auth"
 	"git.nobla.cn/golang/aeus/pkg/errors"
 	"gorm.io/gorm"
@@ -15,6 +17,7 @@ type (
 	userOptions struct {
 		db *gorm.DB
 	}
+
 	UserOption func(o *userOptions)
 
 	UserService struct {
@@ -36,19 +39,19 @@ func (s *UserService) getUidFromContext(ctx context.Context) (string, error) {
 	}
 }
 
-func (s *UserService) hasPermission(menuID int64, permissions []*models.Permission) bool {
+func (s *UserService) hasPermission(menuName string, permissions []*models.Permission) bool {
 	for _, permission := range permissions {
-		if permission.MenuId == menuID {
+		if permission.Menu == menuName {
 			return true
 		}
 	}
 	return false
 }
 
-func (s *UserService) getPermissions(menuID int64, permissions []*models.Permission) []*pb.PermissionItem {
+func (s *UserService) getPermissions(menuName string, permissions []*models.Permission) []*pb.PermissionItem {
 	ss := make([]*pb.PermissionItem, 0, 10)
 	for _, permission := range permissions {
-		if permission.MenuId == menuID {
+		if permission.Menu == menuName {
 			ss = append(ss, &pb.PermissionItem{
 				Value: permission.Permission,
 				Label: permission.Label,
@@ -58,11 +61,11 @@ func (s *UserService) getPermissions(menuID int64, permissions []*models.Permiss
 	return ss
 }
 
-func (s *UserService) recursiveNestedMenu(ctx context.Context, parent int64, perm bool, menus []*models.Menu, permissions []*models.Permission) []*pb.MenuItem {
+func (s *UserService) recursiveNestedMenu(ctx context.Context, parent string, perm bool, menus []*models.Menu, permissions []*models.Permission) []*pb.MenuItem {
 	values := make([]*pb.MenuItem, 0)
 	for _, row := range menus {
-		if row.ParentId == parent {
+		if row.Parent == parent {
-			if !row.Public && !s.hasPermission(row.Id, permissions) {
+			if !row.Public && !s.hasPermission(row.Name, permissions) {
 				continue
 			}
 			v := &pb.MenuItem{
@@ -73,10 +76,10 @@ func (s *UserService) recursiveNestedMenu(ctx context.Context, parent int64, per
 				Route:    row.Uri,
 				Public:   row.Public,
 				View:     row.ViewPath,
-				Children: s.recursiveNestedMenu(ctx, row.Id, perm, menus, permissions),
+				Children: s.recursiveNestedMenu(ctx, row.Name, perm, menus, permissions),
 			}
 			if perm {
-				v.Permissions = s.getPermissions(row.Id, permissions)
+				v.Permissions = s.getPermissions(row.Name, permissions)
 			}
 			values = append(values, v)
 		}
@@ -84,31 +87,45 @@ func (s *UserService) recursiveNestedMenu(ctx context.Context, parent int64, per
 	return values
 }
 
-func (s *UserService) getRolePermissions(ctx context.Context, db *gorm.DB, role string) (permissions []*models.Permission, err error) {
+func (s *UserService) getRolePermissions(db *gorm.DB, role string) (permissions []*models.Permission, err error) {
 	permissions = make([]*models.Permission, 0)
-	err = db.Where("id IN (SELECT permission_id FROM role_permissions WHERE role = ?)", role).Find(&permissions).Error
+	err = db.Where("permission IN (SELECT permission FROM role_permissions WHERE role = ?)", role).Find(&permissions).Error
 	return
 }
 
 func (s *UserService) GetMenus(ctx context.Context, req *pb.GetMenuRequest) (res *pb.GetMenuResponse, err error) {
-	claims, ok := auth.FromContext(ctx)
-	if !ok {
-		return nil, errors.ErrAccessDenied
-	}
 	var (
+		uid         string
 		permissions []*models.Permission
 	)
-	tx := s.opts.db.WithContext(ctx)
+	if uid, err = s.getUidFromContext(ctx); err != nil {
-	if claims, ok := claims.(*types.Claims); ok {
-		permissions, err = s.GetRolePermissions(ctx, tx, claims.Role)
-	}
-	values := make([]*models.Menu, 0)
-	if err = tx.Find(&values).Error; err != nil {
 		return
 	}
-	res = &pb.GetMenuResponse{
+	res = &pb.GetMenuResponse{}
-		Data: s.recursiveNestedMenu(ctx, 0, req.Permission, values, permissions),
+	res.Data, err = dbcache.TryCache(ctx, fmt.Sprintf("user:menu:%s:%v", uid, req.Permission), func(tx *gorm.DB) ([]*pb.MenuItem, error) {
-	}
+		userModel := &models.User{}
+		if err = tx.Where("uid=?", uid).First(userModel).Error; err != nil {
+			return nil, err
+		}
+		items := make([]*models.Menu, 0)
+		if err = tx.Find(&items).Error; err != nil {
+			return nil, err
+		}
+		if userModel.Admin {
+			permissions = make([]*models.Permission, 0)
+			if err = tx.Find(&permissions).Error; err != nil {
+				return nil, err
+			}
+		} else {
+			if permissions, err = s.getRolePermissions(tx, userModel.Role); err != nil {
+				return nil, err
+			}
+		}
+		return s.recursiveNestedMenu(ctx, "", req.Permission, items, permissions), nil
+	},
+		dbcache.WithDB(s.opts.db),
+		dbcache.WithDependency(dbcache.NewSqlDependency("SELECT `updated_at` FROM users WHERE `uid`=?", uid)),
+	)
 	return
 }
 
@@ -118,12 +135,18 @@ func (s *UserService) GetProfile(ctx context.Context, req *pb.GetProfileRequest)
 			return
 		}
 	}
-	res = &pb.GetProfileResponse{}
+	res, err = dbcache.TryCache(ctx, fmt.Sprintf("user:profile:%s", req.Uid), func(tx *gorm.DB) (*pb.GetProfileResponse, error) {
-	tx := s.opts.db.WithContext(ctx)
+		profile := &pb.GetProfileResponse{}
-	err = tx.Table("users AS u").
+		err = tx.Table("users AS u").
-		Select("u.uid as uid", "u.username", "u.avatar", "u.email", "u.description", "u.role", "u.admin").
+			Select("u.uid as uid", "u.username", "u.avatar", "u.email", "u.description", "u.role", "u.admin").
-		Where("u.uid=? ", req.Uid).
+			Where("u.uid=? ", req.Uid).
-		First(res).Error
+			First(profile).Error
+		return profile, err
+	},
+		dbcache.WithDB(s.opts.db),
+		dbcache.WithDependency(dbcache.NewSqlDependency("SELECT `updated_at` FROM users WHERE `uid`=?", req.Uid)),
+		// dbcache.WithDepend("SELECT `updated_at` FROM users WHERE `uid`=?", req.Uid),
+	)
 	return
 }
 
@@ -187,49 +210,67 @@ func (s *UserService) GetPermissions(ctx context.Context, req *pb.GetPermissionR
 			return
 		}
 	}
-	userModel := &models.User{}
-	tx := s.opts.db.WithContext(ctx)
-	if err = userModel.FindOne(tx, "uid=?", req.Uid); err != nil {
-		return
-	}
-	var permissions []string
-	tx.Select("permission").Where("id IN (SELECT permission_id FROM role_permissions WHERE role =?)", userModel.Role).Model(&models.Permission{}).Pluck("permission", &permissions)
 	res = &pb.GetPermissionResponse{
-		Uid:         userModel.Uid,
+		Uid: req.Uid,
-		Permissions: permissions,
 	}
+	res.Permissions, err = dbcache.TryCache(ctx, fmt.Sprintf("user:permissions:%s", req.Uid), func(tx *gorm.DB) ([]string, error) {
+		var ss []string
+		err = tx.Select("permission").Model(&models.RolePermission{}).
+			Joins("LEFT JOIN users on users.role = role_permissions.role").
+			Where("users.uid = ?", req.Uid).
+			Pluck("permission", &ss).
+			Error
+		return ss, err
+	}, dbcache.WithCacheDuration(time.Minute), dbcache.WithDB(s.opts.db))
 	return
 }
 
 func (s *UserService) GetUserLabels(ctx context.Context, req *pb.GetUserLabelRequest) (res *pb.GetUserLabelResponse, err error) {
-	values := make([]*models.User, 0)
+	res = &pb.GetUserLabelResponse{}
-	if err = s.opts.db.WithContext(ctx).Find(&values).Error; err == nil {
+	res.Data, err = dbcache.TryCache(ctx, fmt.Sprintf("user:labels"), func(tx *gorm.DB) ([]*pb.LabelValue, error) {
-		res = &pb.GetUserLabelResponse{
+		values := make([]*models.User, 0)
-			Data: make([]*pb.LabelValue, 0, len(values)),
+		if err = tx.Find(&values).Error; err == nil {
+			items := make([]*pb.LabelValue, 0, len(values))
+			for _, v := range values {
+				items = append(items, &pb.LabelValue{
+					Label: v.Username,
+					Value: v.Uid,
+				})
+			}
+			return items, nil
+		} else {
+			return nil, err
 		}
-		for _, v := range values {
+	},
-			res.Data = append(res.Data, &pb.LabelValue{
+		dbcache.WithDB(s.opts.db),
-				Label: v.Username,
+		dbcache.WithDependency(dbcache.NewSqlDependency("SELECT MAX(`updated_at`) FROM users")),
-				Value: v.Uid,
+	)
-			})
-		}
-	}
 	return
 }
 
 func (s *UserService) GetUserTags(ctx context.Context, req *pb.GetUserTagRequest) (res *pb.GetUserTagResponse, err error) {
-	values := make([]*models.User, 0)
+	res = &pb.GetUserTagResponse{}
-	if err = s.opts.db.WithContext(ctx).Select("DISTINCT(`tag`) AS `tag`").Find(&values).Error; err == nil {
+	res.Data, err = dbcache.TryCache(ctx, fmt.Sprintf("user:tags"), func(tx *gorm.DB) ([]*pb.LabelValue, error) {
-		res = &pb.GetUserTagResponse{
+		values := make([]*models.User, 0)
-			Data: make([]*pb.LabelValue, 0, len(values)),
+		if err = tx.Select("DISTINCT(`tag`) AS `tag`").Find(&values).Error; err == nil {
+			items := make([]*pb.LabelValue, 0, len(values))
+			for _, v := range values {
+				if v.Tag == "" {
+					continue
+				}
+				items = append(items, &pb.LabelValue{
+					Label: v.Tag,
+					Value: v.Tag,
+				})
+			}
+			return items, nil
+		} else {
+			return nil, err
 		}
-		for _, v := range values {
+	},
-			res.Data = append(res.Data, &pb.LabelValue{
+		dbcache.WithDB(s.opts.db),
-				Label: v.Tag,
+		dbcache.WithDependency(dbcache.NewSqlDependency("SELECT MAX(`updated_at`) FROM users")),
-				Value: v.Tag,
+	)
-			})
-		}
-	}
 	return
 }
 

template.go

@@ -11,6 +11,7 @@ var (
         :permissions="permissions"
         :disable-toolbar="false"
         default-sortable="id"
+        {{if .Readonly}}:readonly="true"{{end}}
     >
     </viewer>
 </template>

types.go

@@ -14,22 +14,22 @@ var (
 		types.ScenarioUpdate,
 		types.ScenarioDelete,
 		types.ScenarioView,
-		types.ScenarioImport,
 		types.ScenarioExport,
 	}
 )
 
 type (
 	options struct {
-		db         *gorm.DB
+		db             *gorm.DB
-		domain     string
+		domain         string
-		moduleName string
+		moduleName     string
-		apiPrefix  string //接口前缀
+		apiPrefix      string //接口前缀
-		viewPrefix string //生成菜单View的前缀路径
+		viewPrefix     string //生成菜单View的前缀路径
-		vuePath    string //生成Vue文件的路径,如果指定了启动的时候会自动生成Vue的文件
+		vuePath        string //生成Vue文件的路径,如果指定了启动的时候会自动生成Vue的文件
-		translate  Translate
+		translate      Translate
-		httpServer *http.Server
+		disableDefault bool
-		restOpts   []rest.Option
+		httpServer     *http.Server
+		restOpts       []rest.Option
 	}
 
 	Option func(*options)
@@ -51,6 +51,7 @@ type (
 		ModuleName  string
 		TableName   string
 		ApiPrefix   string
+		Readonly    bool
 		Permissions map[string]string
 	}
 )
@@ -61,6 +62,12 @@ func WithDB(db *gorm.DB) Option {
 	}
 }
 
+func WithoutDefault() Option {
+	return func(o *options) {
+		o.disableDefault = true
+	}
+}
+
 func WithHttpServer(server *http.Server) Option {
 	return func(o *options) {
 		o.httpServer = server

types/model.go

@@ -17,3 +17,7 @@ type MenuModel interface {
 type ModuleModel interface {
 	ModuleName() string
 }
+
+type PerrmissionModule interface {
+	ModelPermissions() map[string]string
+}

types/types.go

@@ -0,0 +1,5 @@
+package types
+
+const (
+	UserStatusNormal = "normal"
+)