package middlewares import ( "errors" "fmt" "net/http" "sync" "xugu_license/internal/global" "xugu_license/internal/models" "github.com/gin-gonic/gin" ) var Roles = map[string]Role{ "admin": AdminRole, "supportRole": SupportRole, "guest": GuestRole, } type UserPermission struct { UserInfo models.UserInfo Role Role } // 定义权限类型 type Permission string const ( // License 相关权限 GenerateLicense Permission = "generate_license" //生成license UploadLicense Permission = "upload_license" //上传license ReadLicense Permission = "read_license" //读取license ReadAllLicense Permission = "read_all_license" //读取所有license ReadlicenseRecord Permission = "read_license_record" //读取license UpdateLicense Permission = "update_license" //更新license DeleteLicense Permission = "delete_license" //删除license // 消息分发权限 DispatLicense Permission = "dispat_license" //分发license // 主动抓取oaLicense到支撑库 CaptureLicenseOnceToDb Permission = "capture_license_once_to_db" //主动抓取oaLicense到支撑库 // 获得用户信息 //GetUserInfo1 Permission = "get_user_info" //获得用户信息 // 用户管理权限 CreateUser Permission = "create_user" //创建用户 ReadUser Permission = "read_user" //读取用户 UpdateUser Permission = "update_user" //更新用户 DeleteUser Permission = "delete_user" //删除用户 //角色管理权限 CreateRole Permission = "create_role" //创建角色 DeleteRole Permission = "delete_role" //删除角色 UpdateRole Permission = "update_role" //更新角色 GetRole Permission = "get_role" //获得角色 ) // 定义映射 var permissionMap = map[string]Permission{ "generate_license": GenerateLicense, "upload_license": UploadLicense, "read_license": ReadLicense, "read_all_license": ReadAllLicense, "read_license_record": ReadlicenseRecord, "update_license": UpdateLicense, "delete_license": DeleteLicense, "dispat_license": DispatLicense, "capture_license_once_to_db": CaptureLicenseOnceToDb, //"get_user_info": GetUserInfo1, "create_user": CreateUser, "read_user": ReadUser, "update_user": UpdateUser, "delete_user": DeleteUser, "create_role": CreateRole, "delete_role": DeleteRole, "update_role": UpdateRole, "get_role": GetRole, } // MapBasedStringToPermission 使用 map 进行字符串到 Permission 的转换 func MapBasedStringToPermission(permissionStr string) (Permission, error) { fmt.Println("permissionStr: ", permissionStr) if perm, exists := permissionMap[permissionStr]; exists { return perm, nil } return "", errors.New("invalid permission string") } // StringsToPermissions 将字符串数组转换为 Permission 数组 func StringsToPermissions(permissionStrs []string) ([]Permission, error) { var permissions []Permission fmt.Println("permissionStrs: ", permissionStrs) for _, str := range permissionStrs { perm, err := MapBasedStringToPermission(str) if err != nil { return nil, err // 如果有任何一个字符串无效,返回错误 } permissions = append(permissions, perm) } return permissions, nil } type Role struct { Id int Name string Permissions []Permission } var AdminRole = Role{ Id: 0, Name: "admin", Permissions: []Permission{ GenerateLicense, UploadLicense, ReadLicense, ReadAllLicense, UpdateLicense, DeleteLicense, DispatLicense, CaptureLicenseOnceToDb, //GetUserInfo1, ReadlicenseRecord, CreateUser, ReadUser, UpdateUser, DeleteUser, CreateRole, DeleteRole, UpdateRole, GetRole, }, } var SupportRole = Role{ Id: 0, Name: "support", Permissions: []Permission{ ReadLicense, DispatLicense, //GetUserInfo1, GenerateLicense, ReadlicenseRecord, ReadUser, UpdateUser, DeleteUser, }, } var GuestRole = Role{ Id: 0, Name: "guest", Permissions: []Permission{ ReadLicense, }, } // RBAC 中间件 func PermissionMiddleware(requiredPermission Permission) gin.HandlerFunc { return func(c *gin.Context) { userAny, exists := c.Get("userInfo") if !exists { c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"}) c.Abort() return } userInfo := userAny.(*UserAuthInfo) uP := UserPermission{ //UserInfo: *userInfo, Role: Role{ Name: userInfo.Role, }, } // switch userInfo.Role { // case "admin": // uP.Role = AdminRole // case "support": // uP.Role = SupportRole // case "guest": // uP.Role = GuestRole // default: // c.JSON(http.StatusBadRequest, gin.H{"error": "invalid role"}) // c.Abort() // return // } // 检查用户是否具有所需的权限 roleKey := userInfo.Role if role, exists := Roles[roleKey]; exists { // 如果存在,可以在这里使用 role 进行后续操作 uP.Role = role } else { // 如果不存在,进行相应的处理 global.Logger.Errorln("Role does not exist ") c.JSON(http.StatusBadRequest, gin.H{"error": "invalid role"}) c.Abort() return } hasPermission := false for _, p := range uP.Role.Permissions { if p == requiredPermission { hasPermission = true break } } if !hasPermission { global.Logger.Errorln("没有权限 ") c.JSON(http.StatusForbidden, gin.H{"error": "没有权限"}) c.Abort() return } c.Next() } } var mu sync.Mutex // 权限分配功能 // func AssignRole(c *gin.Context) { // var req struct { // Username string `json:"username" binding:"required"` // Role string `json:"role" binding:"required"` // } // if err := c.ShouldBindJSON(&req); err != nil { // c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) // return // } // mu.Lock() // defer mu.Unlock() // //从数据库里查询用户 // user, exists := users[req.Username] // if exists { // switch req.Role { // case "admin": // user.Role = AdminRole // case "user": // user.Role = UserRole // case "guest": // user.Role = GuestRole // default: // c.JSON(http.StatusBadRequest, gin.H{"error": "invalid role"}) // return // } // users[req.Username] = user // } else { // c.JSON(http.StatusNotFound, gin.H{"error": "user not found"}) // return // } // c.JSON(http.StatusOK, gin.H{"message": "Role assigned successfully"}) // }