✨ Account groups

.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25/storage_v2/_src_/database/hy_passport.gNOKQQ/schema/public.abK9xQ.meta

@@ -1,2 +1,2 @@
 #n:public
-!<md> [10102, 0, null, null, -2147483648, -2147483648]
+!<md> [10192, 0, null, null, -2147483648, -2147483648]

.idea/workspace.xml

@@ -4,7 +4,16 @@
     <option name="autoReloadType" value="ALL" />
   </component>
   <component name="ChangeListManager">
-    <list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":bug: Fix push notification to wrong person" />
+    <list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":bug: Fix push notification to wrong person">
+      <change afterPath="$PROJECT_DIR$/pkg/internal/models/account_groups.go" afterDir="false" />
+      <change afterPath="$PROJECT_DIR$/pkg/internal/services/account_groups.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25.xml" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25/storage_v2/_src_/database/hy_passport.gNOKQQ/schema/public.abK9xQ.meta" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25/storage_v2/_src_/database/hy_passport.gNOKQQ/schema/public.abK9xQ.meta" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/internal/database/migrator.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/database/migrator.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/internal/services/accounts.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/accounts.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/internal/services/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/auth.go" afterDir="false" />
+    </list>
     <option name="SHOW_DIALOG" value="false" />
     <option name="HIGHLIGHT_CONFLICTS" value="true" />
     <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />

pkg/internal/database/migrator.go

@@ -7,6 +7,8 @@ import (
 
 var AutoMaintainRange = []any{
 	&models.Account{},
+	&models.AccountGroup{},
+	&models.AccountGroupMember{},
 	&models.AuthFactor{},
 	&models.AccountProfile{},
 	&models.AccountContact{},

pkg/internal/models/account_groups.go

@@ -0,0 +1,19 @@
+package models
+
+import "gorm.io/datatypes"
+
+type AccountGroup struct {
+	BaseModel
+
+	Name      string            `json:"name"`
+	PermNodes datatypes.JSONMap `json:"perm_nodes"`
+}
+
+type AccountGroupMember struct {
+	BaseModel
+
+	Account   Account      `json:"account"`
+	Group     AccountGroup `json:"group"`
+	AccountID uint         `json:"account_id"`
+	GroupID   uint         `json:"group_id"`
+}

pkg/internal/services/account_groups.go

@@ -0,0 +1,25 @@
+package services
+
+import (
+	"git.solsynth.dev/hydrogen/passport/pkg/internal/database"
+	"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
+	"github.com/samber/lo"
+)
+
+func GetUserAccountGroup(user models.Account) ([]models.AccountGroup, error) {
+	var members []models.AccountGroupMember
+	if err := database.C.Where(&models.AccountGroupMember{
+		AccountID: user.ID,
+	}).Find(&members).Error; err != nil {
+		return nil, err
+	}
+
+	var groups []models.AccountGroup
+	if err := database.C.Where("id IN ?", lo.Map(groups, func(item models.AccountGroup, index int) uint {
+		return item.ID
+	})).Find(&groups).Error; err != nil {
+		return nil, err
+	}
+
+	return groups, nil
+}

pkg/internal/services/accounts.go

@@ -2,6 +2,7 @@ package services
 
 import (
 	"fmt"
+	"gorm.io/gorm/clause"
 	"time"
 
 	"github.com/rs/zerolog/log"
@@ -209,29 +210,7 @@ func ConfirmResetPassword(code, newPassword string) error {
 func DeleteAccount(id uint) error {
 	tx := database.C.Begin()
 
-	for _, model := range []any{
-		&models.Badge{},
-		&models.RealmMember{},
-		&models.AccountContact{},
-		&models.AuthFactor{},
-		&models.AuthTicket{},
-		&models.MagicToken{},
-		&models.ThirdClient{},
-		&models.NotificationSubscriber{},
-		&models.AccountRelationship{},
-	} {
-		if err := tx.Delete(model, "account_id = ?", id).Error; err != nil {
-			tx.Rollback()
-			return err
-		}
-	}
-
-	if err := tx.Delete(&models.Notification{}, "recipient_id = ?", id).Error; err != nil {
-		tx.Rollback()
-		return err
-	}
-
-	if err := tx.Delete(&models.Account{}, "id = ?", id).Error; err != nil {
+	if err := tx.Select(clause.Associations).Delete(&models.Account{}, "id = ?", id).Error; err != nil {
 		tx.Rollback()
 		return err
 	}

pkg/internal/services/auth.go

@@ -76,6 +76,18 @@ func CacheAuthContext(jti string) (models.AuthContext, error) {
 	if err != nil {
 		return ctx, fmt.Errorf("invalid account: %v", err)
 	}
+	groups, err := GetUserAccountGroup(user)
+	if err != nil {
+		return ctx, fmt.Errorf("unable to get account groups: %v", err)
+	}
+
+	for _, group := range groups {
+		for k, v := range group.PermNodes {
+			if _, ok := user.PermNodes[k]; !ok {
+				user.PermNodes[k] = v
+			}
+		}
+	}
 
 	ctx = models.AuthContext{
 		Ticket:     ticket,