66 lines
1.3 KiB
Go
66 lines
1.3 KiB
Go
package aeusadmin
|
|
|
|
import (
|
|
"context"
|
|
"slices"
|
|
|
|
"git.nobla.cn/golang/aeus-admin/internal/logic"
|
|
"git.nobla.cn/golang/aeus-admin/models"
|
|
"git.nobla.cn/golang/aeus-admin/types"
|
|
"git.nobla.cn/golang/aeus/middleware/auth"
|
|
"git.nobla.cn/golang/aeus/pkg/cache"
|
|
"git.nobla.cn/golang/aeus/pkg/errors"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
type PermissionChecker struct {
|
|
db *gorm.DB
|
|
user *logic.User
|
|
role *logic.Role
|
|
}
|
|
|
|
func (p *PermissionChecker) CheckPermission(ctx context.Context, permission string) (err error) {
|
|
var (
|
|
uid string
|
|
ps []string
|
|
)
|
|
claims, ok := auth.FromContext(ctx)
|
|
if !ok {
|
|
return errors.ErrAccessDenied
|
|
}
|
|
if cl, ok := claims.(*types.Claims); ok {
|
|
if cl.Admin {
|
|
return
|
|
} else {
|
|
var pms []*models.Permission
|
|
if pms, err = p.role.GetPermissions(ctx, cl.Role); err == nil {
|
|
for _, pm := range pms {
|
|
if pm.Permission == permission {
|
|
return
|
|
}
|
|
}
|
|
} else {
|
|
return errors.ErrPermissionDenied
|
|
}
|
|
}
|
|
}
|
|
if uid, err = claims.GetSubject(); err != nil {
|
|
return
|
|
}
|
|
if ps, err = p.user.GetPermissions(ctx, uid); err != nil {
|
|
return
|
|
}
|
|
if !slices.Contains(ps, permission) {
|
|
err = errors.ErrPermissionDenied
|
|
}
|
|
return
|
|
}
|
|
|
|
func NewPermissionChecker(db *gorm.DB, ch cache.Cache) *PermissionChecker {
|
|
return &PermissionChecker{
|
|
db: db,
|
|
user: logic.NewUserLogic(db, ch),
|
|
role: logic.NewRoleLogic(db, ch),
|
|
}
|
|
}
|