✨ Account groups

2024-07-24 17:23:44 +08:00
parent 2d181bfdaf
commit f113719e79
8 changed files with 560 additions and 403 deletions
--- a/pkg/internal/database/migrator.go
+++ b/pkg/internal/database/migrator.go
@ -7,6 +7,8 @@ import (

 var AutoMaintainRange = []any{
 	&models.Account{},
+	&models.AccountGroup{},
+	&models.AccountGroupMember{},
 	&models.AuthFactor{},
 	&models.AccountProfile{},
 	&models.AccountContact{},
--- a/pkg/internal/models/account_groups.go
+++ b/pkg/internal/models/account_groups.go
@ -0,0 +1,19 @@
+package models
+
+import "gorm.io/datatypes"
+
+type AccountGroup struct {
+	BaseModel
+
+	Name      string            `json:"name"`
+	PermNodes datatypes.JSONMap `json:"perm_nodes"`
+}
+
+type AccountGroupMember struct {
+	BaseModel
+
+	Account   Account      `json:"account"`
+	Group     AccountGroup `json:"group"`
+	AccountID uint         `json:"account_id"`
+	GroupID   uint         `json:"group_id"`
+}
--- a/pkg/internal/services/account_groups.go
+++ b/pkg/internal/services/account_groups.go
@ -0,0 +1,25 @@
+package services
+
+import (
+	"git.solsynth.dev/hydrogen/passport/pkg/internal/database"
+	"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
+	"github.com/samber/lo"
+)
+
+func GetUserAccountGroup(user models.Account) ([]models.AccountGroup, error) {
+	var members []models.AccountGroupMember
+	if err := database.C.Where(&models.AccountGroupMember{
+		AccountID: user.ID,
+	}).Find(&members).Error; err != nil {
+		return nil, err
+	}
+
+	var groups []models.AccountGroup
+	if err := database.C.Where("id IN ?", lo.Map(groups, func(item models.AccountGroup, index int) uint {
+		return item.ID
+	})).Find(&groups).Error; err != nil {
+		return nil, err
+	}
+
+	return groups, nil
+}
--- a/pkg/internal/services/accounts.go
+++ b/pkg/internal/services/accounts.go
@ -2,6 +2,7 @@ package services

 import (
 	"fmt"
+	"gorm.io/gorm/clause"
 	"time"

 	"github.com/rs/zerolog/log"
@ -209,29 +210,7 @@ func ConfirmResetPassword(code, newPassword string) error {
 func DeleteAccount(id uint) error {
 	tx := database.C.Begin()

-	for _, model := range []any{
-		&models.Badge{},
-		&models.RealmMember{},
-		&models.AccountContact{},
-		&models.AuthFactor{},
-		&models.AuthTicket{},
-		&models.MagicToken{},
-		&models.ThirdClient{},
-		&models.NotificationSubscriber{},
-		&models.AccountRelationship{},
-	} {
-		if err := tx.Delete(model, "account_id = ?", id).Error; err != nil {
-			tx.Rollback()
-			return err
-		}
-	}
-
-	if err := tx.Delete(&models.Notification{}, "recipient_id = ?", id).Error; err != nil {
-		tx.Rollback()
-		return err
-	}
-
-	if err := tx.Delete(&models.Account{}, "id = ?", id).Error; err != nil {
+	if err := tx.Select(clause.Associations).Delete(&models.Account{}, "id = ?", id).Error; err != nil {
 		tx.Rollback()
 		return err
 	}
--- a/pkg/internal/services/auth.go
+++ b/pkg/internal/services/auth.go
@ -76,6 +76,18 @@ func CacheAuthContext(jti string) (models.AuthContext, error) {
 	if err != nil {
 		return ctx, fmt.Errorf("invalid account: %v", err)
 	}
+	groups, err := GetUserAccountGroup(user)
+	if err != nil {
+		return ctx, fmt.Errorf("unable to get account groups: %v", err)
+	}
+
+	for _, group := range groups {
+		for k, v := range group.PermNodes {
+			if _, ok := user.PermNodes[k]; !ok {
+				user.PermNodes[k] = v
+			}
+		}
+	}

 	ctx = models.AuthContext{
 		Ticket:     ticket,