权限管理接口实现

2026-03-18 18:09:32 +08:00
parent 9d996acf5f
commit bb895eccdf
44 changed files with 1958 additions and 161 deletions
--- a/web/services/admin.go
+++ b/web/services/admin.go
@@ -0,0 +1,151 @@
+package services
+
+import (
+	"platform/pkg/u"
+	"platform/web/core"
+	m "platform/web/models"
+	q "platform/web/queries"
+
+	"golang.org/x/crypto/bcrypt"
+	"gorm.io/gen/field"
+)
+
+var Admin = &adminService{}
+
+type adminService struct{}
+
+func (s *adminService) PageAdmins(req core.PageReq) (result []*m.Admin, count int64, err error) {
+	return q.Admin.
+		Preload(q.Admin.Roles).
+		Omit(q.Admin.Password).
+		Order(q.Admin.CreatedAt.Desc()).
+		FindByPage(req.GetOffset(), req.GetLimit())
+}
+
+type CreateAdmin struct {
+	Username string         `json:"username" validate:"required,min=3,max=50"`
+	Password string         `json:"password" validate:"required,min=6,max=50"`
+	Name     *string        `json:"name"`
+	Avatar   *string        `json:"avatar"`
+	Phone    *string        `json:"phone"`
+	Email    *string        `json:"email"`
+	Status   *m.AdminStatus `json:"status"`
+	Roles    []int32        `json:"roles"`
+}
+
+func (s *adminService) CreateAdmin(create *CreateAdmin) error {
+	// 哈希密码
+	hash, err := bcrypt.GenerateFromPassword([]byte(create.Password), bcrypt.DefaultCost)
+	if err != nil {
+		return core.NewServErr("密码加密失败", err)
+	}
+
+	return q.Q.Transaction(func(tx *q.Query) error {
+		// 创建管理员
+		admin := &m.Admin{
+			Username: create.Username,
+			Password: string(hash),
+			Name:     create.Name,
+			Avatar:   create.Avatar,
+			Phone:    create.Phone,
+			Email:    create.Email,
+			Status:   u.Else(create.Status, m.AdminStatusEnabled),
+		}
+		if err := tx.Admin.Create(admin); err != nil {
+			return err
+		}
+
+		// 关联角色
+		if len(create.Roles) > 0 {
+			links := make([]*m.LinkAdminRole, len(create.Roles))
+			for i, roleID := range create.Roles {
+				links[i] = &m.LinkAdminRole{
+					AdminID: admin.ID,
+					RoleID:  roleID,
+				}
+			}
+			if err := tx.LinkAdminRole.CreateInBatches(links, 1000); err != nil {
+				return err
+			}
+		}
+
+		return nil
+	})
+}
+
+type UpdateAdmin struct {
+	Id       int32          `json:"id" validate:"required"`
+	Password *string        `json:"password"`
+	Name     *string        `json:"name"`
+	Avatar   *string        `json:"avatar"`
+	Phone    *string        `json:"phone"`
+	Email    *string        `json:"email"`
+	Status   *m.AdminStatus `json:"status"`
+	Roles    *[]int32       `json:"roles"`
+}
+
+func (s *adminService) UpdateAdmin(update *UpdateAdmin) error {
+	simples := make([]field.AssignExpr, 0)
+
+	if update.Password != nil {
+		hash, err := bcrypt.GenerateFromPassword([]byte(*update.Password), bcrypt.DefaultCost)
+		if err != nil {
+			return core.NewServErr("密码加密失败", err)
+		}
+		simples = append(simples, q.Admin.Password.Value(string(hash)))
+	}
+	if update.Name != nil {
+		simples = append(simples, q.Admin.Name.Value(*update.Name))
+	}
+	if update.Avatar != nil {
+		simples = append(simples, q.Admin.Avatar.Value(*update.Avatar))
+	}
+	if update.Phone != nil {
+		simples = append(simples, q.Admin.Phone.Value(*update.Phone))
+	}
+	if update.Email != nil {
+		simples = append(simples, q.Admin.Email.Value(*update.Email))
+	}
+	if update.Status != nil {
+		simples = append(simples, q.Admin.Status.Value(int(*update.Status)))
+	}
+
+	return q.Q.Transaction(func(tx *q.Query) error {
+		// 更新管理员基本信息
+		if len(simples) > 0 {
+			_, err := tx.Admin.
+				Where(tx.Admin.ID.Eq(update.Id)).
+				UpdateSimple(simples...)
+			if err != nil {
+				return err
+			}
+		}
+
+		// 更新角色关联
+		if update.Roles != nil {
+			roles := *update.Roles
+			if _, err := tx.LinkAdminRole.Where(tx.LinkAdminRole.AdminID.Eq(update.Id)).Delete(); err != nil {
+				return err
+			}
+			if len(roles) > 0 {
+				links := make([]*m.LinkAdminRole, len(roles))
+				for i, roleID := range roles {
+					links[i] = &m.LinkAdminRole{
+						AdminID: update.Id,
+						RoleID:  roleID,
+					}
+				}
+				if err := tx.LinkAdminRole.CreateInBatches(links, 1000); err != nil {
+					return err
+				}
+			}
+		}
+
+		return nil
+	})
+}
+
+func (s *adminService) RemoveAdmin(id int32) error {
+	_, err := q.Admin.Where(q.Admin.ID.Eq(id)).Delete()
+	return err
+}
--- a/web/services/admin_role.go
+++ b/web/services/admin_role.go
@@ -0,0 +1,143 @@
+package services
+
+import (
+	"platform/pkg/u"
+	"platform/web/core"
+	g "platform/web/globals"
+	"platform/web/models"
+	m "platform/web/models"
+	q "platform/web/queries"
+
+	"gorm.io/gen/field"
+)
+
+var AdminRole = &adminRoleService{}
+
+type adminRoleService struct{}
+
+func (r *adminRoleService) ListRoles() (result []*m.AdminRole, err error) {
+	return q.AdminRole.
+		Order(q.AdminRole.Sort.Asc(), q.AdminRole.CreatedAt.Desc()).
+		Find()
+}
+
+func (r *adminRoleService) PageRoles(req core.PageReq) (result []*m.AdminRole, count int64, err error) {
+	return q.AdminRole.
+		Preload(q.AdminRole.Permissions).
+		Order(q.AdminRole.Sort.Asc(), q.AdminRole.CreatedAt.Desc()).
+		FindByPage(req.GetOffset(), req.GetLimit())
+}
+
+func (r *adminRoleService) CreateAdminRole(create *CreateAdminRole) error {
+	return q.Q.Transaction(func(q *q.Query) error {
+
+		// 创建角色
+		role := &m.AdminRole{
+			Name:        create.Name,
+			Description: create.Description,
+			Active:      u.Else(create.Active, true),
+			Sort:        u.Else(create.Sort, 0),
+		}
+		if err := q.AdminRole.Create(role); err != nil {
+			return err
+		}
+
+		// 替换权限
+		permissions := make([]*models.LinkAdminRolePermission, 0, len(create.Permissions))
+		for _, permissionID := range create.Permissions {
+			permissions = append(permissions, &models.LinkAdminRolePermission{
+				RoleID:       role.ID,
+				PermissionID: permissionID,
+			})
+		}
+		if len(permissions) > 0 {
+			err := g.Redsync.WithLock(AdminRoleModifyLock, func() error {
+				return q.LinkAdminRolePermission.CreateInBatches(permissions, 1000)
+			})
+			if err != nil {
+				return err
+			}
+		}
+
+		return nil
+	})
+}
+
+type CreateAdminRole struct {
+	Name        string  `json:"name"`
+	Description *string `json:"description"`
+	Active      *bool   `json:"active"`
+	Sort        *int32  `json:"sort"`
+	Permissions []int32 `json:"permissions"`
+}
+
+func (r *adminRoleService) UpdateAdminRole(update *UpdateAdminRole) error {
+
+	var simples = make([]field.AssignExpr, 0)
+	if update.Name != nil {
+		simples = append(simples, q.AdminRole.Name.Value(*update.Name))
+	}
+	if update.Description != nil {
+		simples = append(simples, q.AdminRole.Description.Value(*update.Description))
+	}
+	if update.Active != nil {
+		simples = append(simples, q.AdminRole.Active.Value(*update.Active))
+	}
+	if update.Sort != nil {
+		simples = append(simples, q.AdminRole.Sort.Value(*update.Sort))
+	}
+
+	err := q.Q.Transaction(func(q *q.Query) error {
+
+		// 修改角色
+		_, err := q.AdminRole.
+			Where(q.AdminRole.ID.Eq(update.Id)).
+			UpdateSimple(simples...)
+		if err != nil {
+			return err
+		}
+
+		// 修改角色关联权限
+		if update.Permissions != nil {
+			updatePermissions := *update.Permissions
+			permissions := make([]*models.LinkAdminRolePermission, len(updatePermissions))
+			for i, permissionID := range updatePermissions {
+				permissions[i] = &models.LinkAdminRolePermission{
+					RoleID:       update.Id,
+					PermissionID: permissionID,
+				}
+			}
+			err = g.Redsync.WithLock(AdminRoleModifyLock, func() error {
+				if _, err := q.LinkAdminRolePermission.Where(q.LinkAdminRolePermission.RoleID.Eq(update.Id)).Delete(); err != nil {
+					return err
+				}
+				if err = q.LinkAdminRolePermission.CreateInBatches(permissions, 1000); err != nil {
+					return err
+				}
+				return nil
+			})
+			if err != nil {
+				return err
+			}
+		}
+
+		return nil
+	})
+	return err
+}
+
+type UpdateAdminRole struct {
+	Id          int32    `json:"id"`
+	Name        *string  `json:"name"`
+	Description *string  `json:"description"`
+	Active      *bool    `json:"active"`
+	Sort        *int32   `json:"sort"`
+	Permissions *[]int32 `json:"permissions"`
+}
+
+func (r *adminRoleService) RemoveAdminRole(id int32) error {
+	_, err := q.AdminRole.Where(q.AdminRole.ID.Eq(id)).Delete()
+	return err
+}
+
+var AdminRoleModifyLock = "platform:admin_role_permissions:modify"
--- a/web/services/channel_baiyin.go
+++ b/web/services/channel_baiyin.go
@@ -174,7 +174,7 @@ func (s *channelBaiyinProvider) CreateChannels(source netip.Addr, resourceId int
 				)

 		case isLongType:
-			rs, err = q.ResourceLong.Debug().
+			rs, err = q.ResourceLong.
 				Where(
 					q.ResourceLong.ID.Eq(*resource.LongId),
 					q.ResourceLong.Used.Eq(resource.Used),
--- a/web/services/permission.go
+++ b/web/services/permission.go
@@ -0,0 +1,19 @@
+package services
+
+import (
+	"platform/web/core"
+	m "platform/web/models"
+	q "platform/web/queries"
+)
+
+var Permission = &permissionService{}
+
+type permissionService struct{}
+
+func (r *permissionService) ListPermissions() (result []*m.Permission, err error) {
+	return q.Permission.Find()
+}
+
+func (p *permissionService) PagePermissions(req core.PageReq) (result []*m.Permission, count int64, err error) {
+	return q.Permission.FindByPage(req.GetOffset(), req.GetLimit())
+}