feat(admin): add comprehensive admin management system

- Add admin handlers and services for users, posts, comments, groups, and dashboard
- Implement role permission management with ability to view and update permissions
- Add database seeding for roles and Casbin permission policies
- Upgrade Casbin from v2 to v3 with GORM adapter for persistent policy storage
- Add admin-specific repository methods with filtering and pagination
- Register new admin API routes under /api/v1/admin/*
This commit is contained in:
2026-03-14 18:01:55 +08:00
parent ae5b997924
commit d3065b30cc
28 changed files with 4018 additions and 107 deletions

View File

@@ -24,6 +24,37 @@ type RoleService interface {
// GetRole 获取角色详情
GetRole(ctx context.Context, name string) (*model.Role, error)
// GetRoleDetail 获取角色详情(包含用户数量和权限)
GetRoleDetail(ctx context.Context, name string) (*RoleDetail, error)
// GetRolePermissions 获取角色的权限列表
GetRolePermissions(ctx context.Context, name string) ([]Permission, error)
// GetAllPermissions 获取系统中所有权限定义
GetAllPermissions(ctx context.Context) ([]Permission, error)
// UpdateRolePermissions 更新角色权限
UpdateRolePermissions(ctx context.Context, roleName string, permissions []Permission) error
}
// Permission 权限定义
type Permission struct {
Resource string `json:"resource"`
Action string `json:"action"`
}
// RoleDetail 角色详情
type RoleDetail struct {
Name string `json:"name"`
DisplayName string `json:"display_name"`
Description string `json:"description"`
ParentRole *string `json:"parent_role"`
Priority int `json:"priority"`
UserCount int64 `json:"user_count"`
Permissions []Permission `json:"permissions"`
CreatedAt string `json:"created_at"`
UpdatedAt string `json:"updated_at"`
}
type roleService struct {
@@ -114,3 +145,106 @@ func (s *roleService) GetAllRoles(ctx context.Context) ([]model.Role, error) {
func (s *roleService) GetRole(ctx context.Context, name string) (*model.Role, error) {
return s.roleRepo.GetRole(ctx, name)
}
func (s *roleService) GetRoleDetail(ctx context.Context, name string) (*RoleDetail, error) {
role, err := s.roleRepo.GetRole(ctx, name)
if err != nil {
return nil, apperrors.ErrRoleNotFound
}
// 获取用户数量
userCount, err := s.roleRepo.GetRoleUserCount(ctx, name)
if err != nil {
userCount = 0
}
// 获取权限
permissions, err := s.casbinSvc.GetPermissionsForRole(ctx, name)
if err != nil {
return nil, err
}
perms := make([]Permission, 0)
for _, p := range permissions {
if len(p) >= 2 {
perms = append(perms, Permission{
Resource: p[0],
Action: p[1],
})
}
}
return &RoleDetail{
Name: role.Name,
DisplayName: role.DisplayName,
Description: role.Description,
ParentRole: role.ParentRole,
Priority: role.Priority,
UserCount: userCount,
Permissions: perms,
CreatedAt: role.CreatedAt.Format("2006-01-02T15:04:05Z07:00"),
UpdatedAt: role.UpdatedAt.Format("2006-01-02T15:04:05Z07:00"),
}, nil
}
func (s *roleService) GetRolePermissions(ctx context.Context, name string) ([]Permission, error) {
// 检查角色是否存在
_, err := s.roleRepo.GetRole(ctx, name)
if err != nil {
return nil, apperrors.ErrRoleNotFound
}
permissions, err := s.casbinSvc.GetPermissionsForRole(ctx, name)
if err != nil {
return nil, err
}
// 初始化为空数组,避免 JSON 序列化为 null
perms := make([]Permission, 0)
for _, p := range permissions {
if len(p) >= 2 {
perms = append(perms, Permission{
Resource: p[0],
Action: p[1],
})
}
}
return perms, nil
}
func (s *roleService) GetAllPermissions(ctx context.Context) ([]Permission, error) {
permissions := s.casbinSvc.GetAllPermissions(ctx)
perms := make([]Permission, 0)
for _, p := range permissions {
if len(p) >= 3 {
// p[0] 是角色名p[1] 是资源p[2] 是操作
perms = append(perms, Permission{
Resource: p[1],
Action: p[2],
})
}
}
return perms, nil
}
func (s *roleService) UpdateRolePermissions(ctx context.Context, roleName string, permissions []Permission) error {
// 检查角色是否存在
_, err := s.roleRepo.GetRole(ctx, roleName)
if err != nil {
return apperrors.ErrRoleNotFound
}
// 不能修改超级管理员权限
if roleName == model.RoleSuperAdmin {
return apperrors.ErrCannotModifySuperAdmin
}
// 转换权限格式
var perms [][]string
for _, p := range permissions {
perms = append(perms, []string{p.Resource, p.Action})
}
return s.casbinSvc.UpdatePermissionsForRole(ctx, roleName, perms)
}