shopping-service/domain/service/permission.go

package service

import (
	"context"
	"fmt"
	"github.com/google/uuid"
	"github.com/pkg/errors"
	"go-micro.dev/v4/auth"
	"gorm.io/gorm"
	"sghgogs.com/micro/common/errorcode"
	req "sghgogs.com/micro/shopping-service/domain/model/request"
	pb "sghgogs.com/micro/shopping-service/proto"
	"sghgogs.com/micro/shopping-service/utils"
	"sghgogs.com/micro/shopping-service/utils/authutil"
	"time"
)

func (svc *Service) GetPermissionList(query *pb.GetPermissionListRequest) ([]*pb.Permission, int64, error) {
	list, i, err := svc.Repository.GetPermissionList(query)
	permissions := make([]*pb.Permission, 0)
	if err != nil {
		if errors.Is(err, gorm.ErrRecordNotFound) {
			return permissions, 0, nil // 记录不存在，角色不存在
		} else {
			return permissions, 0, err
		}
	}
	for _, item := range list {
		permissions = append(permissions, svc.getPermissionRes(item))
	}
	return permissions, i, nil
}

func (svc *Service) GetPermission(query *pb.GetPermissionRequest) (*pb.Permission, error) {
	permission, err := svc.Repository.GetPermission(query.PermissionId)
	if err != nil {
		return &pb.Permission{}, errorcode.New(svc.Namespace, err.Error(), 400)
	}
	return svc.getPermissionRes(permission), nil
}

func (svc *Service) TogglePermission(query *pb.TogglePermissionRequest) error {
	if err := svc.Repository.TogglePermission(query.PermissionId, map[string]interface{}{
		"status":     query.Status,
		"updated_at": time.Now(),
	}); err != nil {
		return errorcode.New(svc.Namespace, err.Error(), 400)
	}
	roles, err := svc.Repository.AllRoles()
	if err == nil {
		items := svc.UpdateRulesItems(roles)
		authutil.JWTAuthService.SetRuleItems(items)
	}
	return nil
}

func (svc *Service) DeletePermission(query *pb.DeletePermissionRequest) error {
	if err := svc.Repository.DeletePermission(query.PermissionId); err != nil {
		return errorcode.New(svc.Namespace, err.Error(), 500)
	}
	roles, err := svc.Repository.AllRoles()
	if err == nil {
		items := svc.UpdateRulesItems(roles)
		authutil.JWTAuthService.SetRuleItems(items)
	}
	return nil
}
func (svc *Service) UpdateRulesItems(roles []*req.Role) []*auth.Rule {
	rules := make([]*auth.Rule, 0)
	for _, role := range roles {
		for _, permission := range role.Permissions {
			rules = append(rules, &auth.Rule{
				Resource: &auth.Resource{
					Name:     permission.Name,
					Type:     "user",
					Endpoint: permission.Endpoint,
				},
				ID:       uuid.New().String(),
				Scope:    role.Name,
				Priority: 1,
			})
		}
	}
	return rules
}
func (svc *Service) getPermissionRes(permission *req.Permission) *pb.Permission {
	var updatedAt int64
	if permission.UpdatedAt != nil {
		if permission.CreatedAt.Truncate(time.Second) == permission.UpdatedAt.Truncate(time.Second) {
			permission.UpdatedAt = nil
		} else {
			updatedAt = utils.ConvertTimeToInt64(*permission.UpdatedAt)
		}
	}
	p := pb.Permission{
		Id:          permission.ID,
		Name:        permission.Name,
		Description: permission.Description,
		Roles:       svc.getBaseRoleRes(permission.Roles),
		CreatedAt:   utils.ConvertTimeToInt64(permission.CreatedAt),
		CreatedBy:   permission.CreatedBy,
		UpdatedAt:   updatedAt,
		Status:      permission.Status,
		IsReserved:  permission.IsReserved,
		Endpoint:    permission.Endpoint,
	}

	return &p
}

func (svc *Service) getBaseRoleRes(roles []req.Role) []*pb.Base {
	bases := make([]*pb.Base, 0)
	for _, item := range roles {
		bases = append(bases, &pb.Base{
			Key:   item.Name,
			Value: fmt.Sprintf("%d", item.ID),
		})
	}
	return bases
}

func (svc *Service) getRolesToBase(roles []*req.Role) []*pb.Base {
	bases := make([]*pb.Base, 0)
	for _, item := range roles {
		bases = append(bases, &pb.Base{
			Key:   item.Name,
			Value: fmt.Sprintf("%d", item.ID),
		})
	}
	return bases
}

func (svc *Service) CreatePermission(ctx context.Context, add *pb.CreatePermissionRequest) error {
	_, by, _, _ := utils.ParseMetadata(ctx)
	role := req.Permission{
		Name:        add.Name,
		Description: add.Description,
		CreatedBy:   by,
		CreatedAt:   time.Now(),
		Status:      pb.StatusEnum_ENABLED,
		IsReserved:  false,
		UpdatedAt:   nil,
		Endpoint:    add.Endpoint,
	}
	if err := svc.Repository.CreatePermission(&role, add.Roles); err != nil {
		return errorcode.New(svc.Namespace, err.Error(), 500)
	}
	roles, err := svc.Repository.AllRoles()
	if err == nil {
		items := svc.UpdateRulesItems(roles)
		authutil.JWTAuthService.SetRuleItems(items)
	}
	return nil
}

func (svc *Service) CreateMultiplePermissions(ctx context.Context, data *pb.CreateMultiplePermissionsRequest) error {
	_, by, _, _ := utils.ParseMetadata(ctx)
	permissions := make([]*req.Permission, 0)
	for _, item := range data.Items {
		permissions = append(permissions, &req.Permission{
			Name:        item.Name,
			Description: item.Description,
			CreatedBy:   by,
			CreatedAt:   time.Now(),
			Status:      pb.StatusEnum_ENABLED,
			IsReserved:  false,
			Endpoint:    item.Endpoint,
		})
	}
	if err := svc.Repository.CreateMultiplePermissions(permissions, data.Roles); err != nil {
		return errorcode.New(svc.Namespace, err.Error(), 500)
	}
	roles, err := svc.Repository.AllRoles()
	if err == nil {
		items := svc.UpdateRulesItems(roles)
		authutil.JWTAuthService.SetRuleItems(items)
	}
	return nil
}

func (svc *Service) UpdatePermission(ctx context.Context, query *pb.UpdatePermissionRequest) error {
	_, by, _, _ := utils.ParseMetadata(ctx)
	if err := svc.Repository.UpdatePermission(query.PermissionId, map[string]interface{}{
		"description": query.Description,
		"endpoint":    query.Endpoint,
		"updated_by":  by,
		"updated_at":  time.Now(),
	}, query.Roles); err != nil {
		return errorcode.New(svc.Namespace, err.Error(), 500)
	}
	roles, err := svc.Repository.AllRoles()
	if err == nil {
		items := svc.UpdateRulesItems(roles)
		authutil.JWTAuthService.SetRuleItems(items)
	}
	return nil
}