💥 Simplified permission node system and data structure

2025-12-02 21:42:26 +08:00
parent fa2f53ff7a
commit 158cc75c5b
32 changed files with 3333 additions and 379 deletions
--- a/DysonNetwork.Pass/Account/AccountController.cs
+++ b/DysonNetwork.Pass/Account/AccountController.cs
@@ -4,6 +4,7 @@ using DysonNetwork.Pass.Auth;
 using DysonNetwork.Pass.Credit;
 using DysonNetwork.Pass.Permission;
 using DysonNetwork.Pass.Wallet;
+using DysonNetwork.Shared.Auth;
 using DysonNetwork.Shared.GeoIp;
 using DysonNetwork.Shared.Http;
 using DysonNetwork.Shared.Models;
@@ -319,7 +320,7 @@ public class AccountController(

    [HttpPost("credits/validate")]
    [Authorize]
-    [RequiredPermission("maintenance", "credits.validate.perform")]
+    [AskPermission("credits.validate.perform")]
    public async Task<IActionResult> PerformSocialCreditValidation()
    {
        await socialCreditService.ValidateSocialCredits();
@@ -328,7 +329,7 @@ public class AccountController(

    [HttpDelete("{name}")]
    [Authorize]
-    [RequiredPermission("maintenance", "accounts.deletion")]
+    [AskPermission("accounts.deletion")]
    public async Task<IActionResult> AdminDeleteAccount(string name)
    {
        var account = await accounts.LookupAccount(name);
--- a/DysonNetwork.Pass/Account/AccountCurrentController.cs
+++ b/DysonNetwork.Pass/Account/AccountCurrentController.cs
@@ -1,6 +1,7 @@
 using System.ComponentModel.DataAnnotations;
 using DysonNetwork.Pass.Permission;
 using DysonNetwork.Pass.Wallet;
+using DysonNetwork.Shared.Auth;
 using DysonNetwork.Shared.Http;
 using DysonNetwork.Shared.Models;
 using DysonNetwork.Shared.Proto;
@@ -194,7 +195,7 @@ public class AccountCurrentController(
    }

    [HttpPatch("statuses")]
-    [RequiredPermission("global", "accounts.statuses.update")]
+    [AskPermission("accounts.statuses.update")]
    public async Task<ActionResult<SnAccountStatus>> UpdateStatus([FromBody] AccountController.StatusRequest request)
    {
        if (HttpContext.Items["CurrentUser"] is not SnAccount currentUser) return Unauthorized();
@@ -228,7 +229,7 @@ public class AccountCurrentController(
    }

    [HttpPost("statuses")]
-    [RequiredPermission("global", "accounts.statuses.create")]
+    [AskPermission("accounts.statuses.create")]
    public async Task<ActionResult<SnAccountStatus>> CreateStatus([FromBody] AccountController.StatusRequest request)
    {
        if (HttpContext.Items["CurrentUser"] is not SnAccount currentUser) return Unauthorized();
--- a/DysonNetwork.Pass/Account/AccountService.cs
+++ b/DysonNetwork.Pass/Account/AccountService.cs
@@ -158,7 +158,7 @@ public class AccountService(
            {
                db.PermissionGroupMembers.Add(new SnPermissionGroupMember
                {
-                    Actor = $"user:{account.Id}",
+                    Actor = account.Id.ToString(),
                    Group = defaultGroup
                });
            }
--- a/DysonNetwork.Pass/Account/MagicSpellService.cs
+++ b/DysonNetwork.Pass/Account/MagicSpellService.cs
@@ -194,7 +194,7 @@ public class MagicSpellService(
                {
                    db.PermissionGroupMembers.Add(new SnPermissionGroupMember
                    {
-                        Actor = $"user:{account.Id}",
+                        Actor = account.Id.ToString(),
                        Group = defaultGroup
                    });
                }