feat(admin): add comprehensive admin management system
- Add admin handlers and services for users, posts, comments, groups, and dashboard - Implement role permission management with ability to view and update permissions - Add database seeding for roles and Casbin permission policies - Upgrade Casbin from v2 to v3 with GORM adapter for persistent policy storage - Add admin-specific repository methods with filtering and pagination - Register new admin API routes under /api/v1/admin/*
This commit is contained in:
@@ -24,6 +24,37 @@ type RoleService interface {
|
||||
|
||||
// GetRole 获取角色详情
|
||||
GetRole(ctx context.Context, name string) (*model.Role, error)
|
||||
|
||||
// GetRoleDetail 获取角色详情(包含用户数量和权限)
|
||||
GetRoleDetail(ctx context.Context, name string) (*RoleDetail, error)
|
||||
|
||||
// GetRolePermissions 获取角色的权限列表
|
||||
GetRolePermissions(ctx context.Context, name string) ([]Permission, error)
|
||||
|
||||
// GetAllPermissions 获取系统中所有权限定义
|
||||
GetAllPermissions(ctx context.Context) ([]Permission, error)
|
||||
|
||||
// UpdateRolePermissions 更新角色权限
|
||||
UpdateRolePermissions(ctx context.Context, roleName string, permissions []Permission) error
|
||||
}
|
||||
|
||||
// Permission 权限定义
|
||||
type Permission struct {
|
||||
Resource string `json:"resource"`
|
||||
Action string `json:"action"`
|
||||
}
|
||||
|
||||
// RoleDetail 角色详情
|
||||
type RoleDetail struct {
|
||||
Name string `json:"name"`
|
||||
DisplayName string `json:"display_name"`
|
||||
Description string `json:"description"`
|
||||
ParentRole *string `json:"parent_role"`
|
||||
Priority int `json:"priority"`
|
||||
UserCount int64 `json:"user_count"`
|
||||
Permissions []Permission `json:"permissions"`
|
||||
CreatedAt string `json:"created_at"`
|
||||
UpdatedAt string `json:"updated_at"`
|
||||
}
|
||||
|
||||
type roleService struct {
|
||||
@@ -114,3 +145,106 @@ func (s *roleService) GetAllRoles(ctx context.Context) ([]model.Role, error) {
|
||||
func (s *roleService) GetRole(ctx context.Context, name string) (*model.Role, error) {
|
||||
return s.roleRepo.GetRole(ctx, name)
|
||||
}
|
||||
|
||||
func (s *roleService) GetRoleDetail(ctx context.Context, name string) (*RoleDetail, error) {
|
||||
role, err := s.roleRepo.GetRole(ctx, name)
|
||||
if err != nil {
|
||||
return nil, apperrors.ErrRoleNotFound
|
||||
}
|
||||
|
||||
// 获取用户数量
|
||||
userCount, err := s.roleRepo.GetRoleUserCount(ctx, name)
|
||||
if err != nil {
|
||||
userCount = 0
|
||||
}
|
||||
|
||||
// 获取权限
|
||||
permissions, err := s.casbinSvc.GetPermissionsForRole(ctx, name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
perms := make([]Permission, 0)
|
||||
for _, p := range permissions {
|
||||
if len(p) >= 2 {
|
||||
perms = append(perms, Permission{
|
||||
Resource: p[0],
|
||||
Action: p[1],
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
return &RoleDetail{
|
||||
Name: role.Name,
|
||||
DisplayName: role.DisplayName,
|
||||
Description: role.Description,
|
||||
ParentRole: role.ParentRole,
|
||||
Priority: role.Priority,
|
||||
UserCount: userCount,
|
||||
Permissions: perms,
|
||||
CreatedAt: role.CreatedAt.Format("2006-01-02T15:04:05Z07:00"),
|
||||
UpdatedAt: role.UpdatedAt.Format("2006-01-02T15:04:05Z07:00"),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *roleService) GetRolePermissions(ctx context.Context, name string) ([]Permission, error) {
|
||||
// 检查角色是否存在
|
||||
_, err := s.roleRepo.GetRole(ctx, name)
|
||||
if err != nil {
|
||||
return nil, apperrors.ErrRoleNotFound
|
||||
}
|
||||
|
||||
permissions, err := s.casbinSvc.GetPermissionsForRole(ctx, name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// 初始化为空数组,避免 JSON 序列化为 null
|
||||
perms := make([]Permission, 0)
|
||||
for _, p := range permissions {
|
||||
if len(p) >= 2 {
|
||||
perms = append(perms, Permission{
|
||||
Resource: p[0],
|
||||
Action: p[1],
|
||||
})
|
||||
}
|
||||
}
|
||||
return perms, nil
|
||||
}
|
||||
|
||||
func (s *roleService) GetAllPermissions(ctx context.Context) ([]Permission, error) {
|
||||
permissions := s.casbinSvc.GetAllPermissions(ctx)
|
||||
|
||||
perms := make([]Permission, 0)
|
||||
for _, p := range permissions {
|
||||
if len(p) >= 3 {
|
||||
// p[0] 是角色名,p[1] 是资源,p[2] 是操作
|
||||
perms = append(perms, Permission{
|
||||
Resource: p[1],
|
||||
Action: p[2],
|
||||
})
|
||||
}
|
||||
}
|
||||
return perms, nil
|
||||
}
|
||||
|
||||
func (s *roleService) UpdateRolePermissions(ctx context.Context, roleName string, permissions []Permission) error {
|
||||
// 检查角色是否存在
|
||||
_, err := s.roleRepo.GetRole(ctx, roleName)
|
||||
if err != nil {
|
||||
return apperrors.ErrRoleNotFound
|
||||
}
|
||||
|
||||
// 不能修改超级管理员权限
|
||||
if roleName == model.RoleSuperAdmin {
|
||||
return apperrors.ErrCannotModifySuperAdmin
|
||||
}
|
||||
|
||||
// 转换权限格式
|
||||
var perms [][]string
|
||||
for _, p := range permissions {
|
||||
perms = append(perms, []string{p.Resource, p.Action})
|
||||
}
|
||||
|
||||
return s.casbinSvc.UpdatePermissionsForRole(ctx, roleName, perms)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user