github.com/infraboard/keyauth@v0.8.1/apps/role/impl/role.go (about) 1 package impl 2 3 import ( 4 "context" 5 "fmt" 6 7 "github.com/infraboard/mcube/exception" 8 "github.com/infraboard/mcube/http/request" 9 "go.mongodb.org/mongo-driver/bson" 10 "go.mongodb.org/mongo-driver/mongo" 11 12 "github.com/infraboard/keyauth/apps/policy" 13 "github.com/infraboard/keyauth/apps/role" 14 ) 15 16 func (s *service) CreateRole(ctx context.Context, req *role.CreateRoleRequest) (*role.Role, error) { 17 r, err := role.New(req) 18 if err != nil { 19 return nil, err 20 } 21 22 // 检测服务是否存在 23 req.ServiceIds() 24 25 if _, err := s.col.InsertOne(ctx, r); err != nil { 26 return nil, exception.NewInternalServerError("inserted role(%s) document error, %s", 27 r.Name, err) 28 } 29 30 // 添加权限条目 31 permReq := role.NewAddPermissionToRoleRequest() 32 permReq.Permissions = req.Permissions 33 permReq.RoleId = r.Id 34 permReq.CreateBy = req.CreateBy 35 ps, err := s.AddPermissionToRole(ctx, permReq) 36 if err != nil { 37 return nil, fmt.Errorf("add permission to role %s error, %s", r.Name, err) 38 } 39 r.Permissions = ps.Items 40 return r, nil 41 } 42 43 func (s *service) QueryRole(ctx context.Context, req *role.QueryRoleRequest) (*role.Set, error) { 44 query, err := newQueryRoleRequest(req) 45 if err != nil { 46 return nil, err 47 } 48 49 s.log.Debugf("query role filter: %s", query.FindFilter()) 50 resp, err := s.col.Find(context.TODO(), query.FindFilter(), query.FindOptions()) 51 if err != nil { 52 return nil, exception.NewInternalServerError("find role error, error is %s", err) 53 } 54 55 set := role.NewRoleSet() 56 // 循环 57 for resp.Next(context.TODO()) { 58 ins := role.NewDefaultRole() 59 if err := resp.Decode(ins); err != nil { 60 return nil, exception.NewInternalServerError("decode role error, error is %s", err) 61 } 62 set.Add(ins) 63 } 64 65 // count 66 count, err := s.col.CountDocuments(context.TODO(), query.FindFilter()) 67 if err != nil { 68 return nil, exception.NewInternalServerError("get token count error, error is %s", err) 69 } 70 set.Total = count 71 72 return set, nil 73 } 74 75 func (s *service) DescribeRole(ctx context.Context, req *role.DescribeRoleRequest) (*role.Role, error) { 76 query, err := newDescribeRoleRequest(req) 77 if err != nil { 78 return nil, err 79 } 80 81 ins := role.NewDefaultRole() 82 if err := s.col.FindOne(context.TODO(), query.FindFilter(), query.FindOptions()).Decode(ins); err != nil { 83 if err == mongo.ErrNoDocuments { 84 return nil, exception.NewNotFound("role %s not found", req) 85 } 86 87 return nil, exception.NewInternalServerError("find role %s error, %s", req, err) 88 } 89 90 if req.WithPermissions { 91 queryPerm := role.NewQueryPermissionRequest(request.NewPageRequest(role.RoleMaxPermission, 1)) 92 queryPerm.RoleId = ins.Id 93 ps, err := s.QueryPermission(ctx, queryPerm) 94 if err != nil { 95 return nil, err 96 } 97 ins.Permissions = ps.Items 98 } 99 100 return ins, nil 101 } 102 103 func (s *service) DeleteRole(ctx context.Context, req *role.DeleteRoleRequest) (*role.Role, error) { 104 r, err := s.DescribeRole(ctx, role.NewDescribeRoleRequestWithID(req.Id)) 105 if err != nil { 106 return nil, err 107 } 108 109 if r.Type.Equal(role.RoleType_BUILDIN) { 110 return nil, fmt.Errorf("build_in role can't be delete") 111 } 112 113 if !req.DeletePolicy { 114 queryReq := policy.NewQueryPolicyRequest(request.NewPageRequest(20, 1)) 115 queryReq.RoleId = req.Id 116 ps, err := s.policy.QueryPolicy(ctx, queryReq) 117 if err != nil { 118 return nil, err 119 } 120 if ps.Total > 0 { 121 return nil, exception.NewBadRequest("该角色还关联得有策略, 请先删除关联策略") 122 } 123 } 124 125 resp, err := s.col.DeleteOne(context.TODO(), bson.M{"_id": req.Id}) 126 if err != nil { 127 return nil, exception.NewInternalServerError("delete role(%s) error, %s", req.Id, err) 128 } 129 130 if resp.DeletedCount == 0 { 131 return nil, exception.NewNotFound("role(%s) not found", req.Id) 132 } 133 134 // 清除角色关联的权限 135 permReq := role.NewRemovePermissionFromRoleRequest() 136 permReq.RoleId = req.Id 137 permReq.RemoveAll = true 138 _, err = s.RemovePermissionFromRole(ctx, permReq) 139 if err != nil { 140 s.log.Errorf("delete role permission error, %s", err) 141 } 142 143 // 清除角色关联的策略 144 _, err = s.policy.DeletePolicy(ctx, policy.NewDeletePolicyRequestWithRoleID(req.Id)) 145 if err != nil { 146 s.log.Errorf("delete role policy error, %s", err) 147 } 148 149 return r, nil 150 }