package rbac import ( "context" "fmt" "github.com/samber/lo" "strings" "uauth/model" ) func (u *RBAC) newScope(ctx context.Context, code, label, parent string) (*model.Scope, error) { s := &model.Scope{Code: code, Label: label, Parent: parent} if err := u.store.Session(ctx).Create(s).Error; err != nil { return s, err } return s, nil } func (u *RBAC) GetScopeGroup(ctx context.Context, name string) (*model.Scope, error) { scope := new(model.Scope) err := u.store.Session(ctx).Where("name = ?", name).Take(scope).Error return scope, err } func (u *RBAC) newRole(ctx context.Context, code, label, parent string, privileges ...*model.Privilege) (*model.Role, error) { ps := lo.FilterMap( privileges, func(p *model.Privilege, _ int) (string, bool) { if p == nil { return "", false } return p.Code, p.Code != "" }, ) r := &model.Role{ Code: code, Label: label, Parent: parent, PrivilegeCodes: ps, } if err := u.store.Session(ctx).Create(r).Error; err != nil { return r, err } return r, nil } func (u *RBAC) GetRole(ctx context.Context, name string) (*model.Role, error) { var r model.Role if err := u.store.Session(ctx).Take(&r, "name = ?", name).Error; err != nil { return nil, err } return &r, nil } func (u *RBAC) newPrivilege(ctx context.Context, code, label string, parent string, scope string) (*model.Privilege, error) { p := &model.Privilege{Code: code, Label: label, Parent: parent, Scope: scope} codes := strings.SplitN(code, ":", 4) if len(codes) != 4 { return nil, fmt.Errorf("invalid code format") } wailcard := false for _, item := range codes { if item == "*" { wailcard = true } if wailcard && item != "*" { return nil, fmt.Errorf("invalid code format") } if len(item) > 8 { return nil, fmt.Errorf("invalid code format: code snippet too long") } } if codes[0] != "*" { if _, err := u.GetScopeGroup(ctx, codes[0]); err != nil { return nil, err } } if err := u.store.Session(ctx).Create(p).Error; err != nil { return p, err } return p, nil } func (u *RBAC) newUser(ctx context.Context, target *model.User) (*model.User, error) { result := u.store.Session(ctx). Create(target) if result.Error != nil { return nil, result.Error } if result.RowsAffected != 1 { return nil, fmt.Errorf("invalid rows affected") } return target, nil }