github.com/infraboard/keyauth@v0.8.1/apps/role/impl/role.go

github.com/infraboard/keyauth@v0.8.1/apps/role/impl/role.go (about)

     1  package impl
     2  
     3  import (
     4  	"context"
     5  	"fmt"
     6  
     7  	"github.com/infraboard/mcube/exception"
     8  	"github.com/infraboard/mcube/http/request"
     9  	"go.mongodb.org/mongo-driver/bson"
    10  	"go.mongodb.org/mongo-driver/mongo"
    11  
    12  	"github.com/infraboard/keyauth/apps/policy"
    13  	"github.com/infraboard/keyauth/apps/role"
    14  )
    15  
    16  func (s *service) CreateRole(ctx context.Context, req *role.CreateRoleRequest) (*role.Role, error) {
    17  	r, err := role.New(req)
    18  	if err != nil {
    19  		return nil, err
    20  	}
    21  
    22  	// 检测服务是否存在
    23  	req.ServiceIds()
    24  
    25  	if _, err := s.col.InsertOne(ctx, r); err != nil {
    26  		return nil, exception.NewInternalServerError("inserted role(%s) document error, %s",
    27  			r.Name, err)
    28  	}
    29  
    30  	// 添加权限条目
    31  	permReq := role.NewAddPermissionToRoleRequest()
    32  	permReq.Permissions = req.Permissions
    33  	permReq.RoleId = r.Id
    34  	permReq.CreateBy = req.CreateBy
    35  	ps, err := s.AddPermissionToRole(ctx, permReq)
    36  	if err != nil {
    37  		return nil, fmt.Errorf("add permission to role %s error, %s", r.Name, err)
    38  	}
    39  	r.Permissions = ps.Items
    40  	return r, nil
    41  }
    42  
    43  func (s *service) QueryRole(ctx context.Context, req *role.QueryRoleRequest) (*role.Set, error) {
    44  	query, err := newQueryRoleRequest(req)
    45  	if err != nil {
    46  		return nil, err
    47  	}
    48  
    49  	s.log.Debugf("query role filter: %s", query.FindFilter())
    50  	resp, err := s.col.Find(context.TODO(), query.FindFilter(), query.FindOptions())
    51  	if err != nil {
    52  		return nil, exception.NewInternalServerError("find role error, error is %s", err)
    53  	}
    54  
    55  	set := role.NewRoleSet()
    56  	// 循环
    57  	for resp.Next(context.TODO()) {
    58  		ins := role.NewDefaultRole()
    59  		if err := resp.Decode(ins); err != nil {
    60  			return nil, exception.NewInternalServerError("decode role error, error is %s", err)
    61  		}
    62  		set.Add(ins)
    63  	}
    64  
    65  	// count
    66  	count, err := s.col.CountDocuments(context.TODO(), query.FindFilter())
    67  	if err != nil {
    68  		return nil, exception.NewInternalServerError("get token count error, error is %s", err)
    69  	}
    70  	set.Total = count
    71  
    72  	return set, nil
    73  }
    74  
    75  func (s *service) DescribeRole(ctx context.Context, req *role.DescribeRoleRequest) (*role.Role, error) {
    76  	query, err := newDescribeRoleRequest(req)
    77  	if err != nil {
    78  		return nil, err
    79  	}
    80  
    81  	ins := role.NewDefaultRole()
    82  	if err := s.col.FindOne(context.TODO(), query.FindFilter(), query.FindOptions()).Decode(ins); err != nil {
    83  		if err == mongo.ErrNoDocuments {
    84  			return nil, exception.NewNotFound("role %s not found", req)
    85  		}
    86  
    87  		return nil, exception.NewInternalServerError("find role %s error, %s", req, err)
    88  	}
    89  
    90  	if req.WithPermissions {
    91  		queryPerm := role.NewQueryPermissionRequest(request.NewPageRequest(role.RoleMaxPermission, 1))
    92  		queryPerm.RoleId = ins.Id
    93  		ps, err := s.QueryPermission(ctx, queryPerm)
    94  		if err != nil {
    95  			return nil, err
    96  		}
    97  		ins.Permissions = ps.Items
    98  	}
    99  
   100  	return ins, nil
   101  }
   102  
   103  func (s *service) DeleteRole(ctx context.Context, req *role.DeleteRoleRequest) (*role.Role, error) {
   104  	r, err := s.DescribeRole(ctx, role.NewDescribeRoleRequestWithID(req.Id))
   105  	if err != nil {
   106  		return nil, err
   107  	}
   108  
   109  	if r.Type.Equal(role.RoleType_BUILDIN) {
   110  		return nil, fmt.Errorf("build_in role can't be delete")
   111  	}
   112  
   113  	if !req.DeletePolicy {
   114  		queryReq := policy.NewQueryPolicyRequest(request.NewPageRequest(20, 1))
   115  		queryReq.RoleId = req.Id
   116  		ps, err := s.policy.QueryPolicy(ctx, queryReq)
   117  		if err != nil {
   118  			return nil, err
   119  		}
   120  		if ps.Total > 0 {
   121  			return nil, exception.NewBadRequest("该角色还关联得有策略, 请先删除关联策略")
   122  		}
   123  	}
   124  
   125  	resp, err := s.col.DeleteOne(context.TODO(), bson.M{"_id": req.Id})
   126  	if err != nil {
   127  		return nil, exception.NewInternalServerError("delete role(%s) error, %s", req.Id, err)
   128  	}
   129  
   130  	if resp.DeletedCount == 0 {
   131  		return nil, exception.NewNotFound("role(%s) not found", req.Id)
   132  	}
   133  
   134  	// 清除角色关联的权限
   135  	permReq := role.NewRemovePermissionFromRoleRequest()
   136  	permReq.RoleId = req.Id
   137  	permReq.RemoveAll = true
   138  	_, err = s.RemovePermissionFromRole(ctx, permReq)
   139  	if err != nil {
   140  		s.log.Errorf("delete role permission error, %s", err)
   141  	}
   142  
   143  	// 清除角色关联的策略
   144  	_, err = s.policy.DeletePolicy(ctx, policy.NewDeletePolicyRequestWithRoleID(req.Id))
   145  	if err != nil {
   146  		s.log.Errorf("delete role policy error, %s", err)
   147  	}
   148  
   149  	return r, nil
   150  }