[feature] migrate to monorepo
This commit is contained in:
commit
05ddc1f783
GPG key ID:
0C656827F9F80080
267 changed files with 75165 additions and 0 deletions
110
backend/internal/middleware/rbac.go
Normal file
110
backend/internal/middleware/rbac.go
Normal file
|
|
@ -0,0 +1,110 @@
|
|||
package middleware
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"tss-rocks-be/ent"
|
||||
"tss-rocks-be/ent/user"
|
||||
"tss-rocks-be/internal/auth"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
// RequirePermission creates a middleware that checks if the user has the required permission
|
||||
func RequirePermission(client *ent.Client, resource, action string) gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
// Get user from context
|
||||
userID, exists := c.Get(auth.UserIDKey)
|
||||
if !exists {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
|
||||
"error": "Unauthorized",
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
// Get user with roles
|
||||
user, err := client.User.Query().
|
||||
Where(user.ID(userID.(int))).
|
||||
WithRoles(func(q *ent.RoleQuery) {
|
||||
q.WithPermissions()
|
||||
}).
|
||||
Only(context.Background())
|
||||
|
||||
if err != nil {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
|
||||
"error": "User not found",
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
// Check if user has the required permission through any of their roles
|
||||
hasPermission := false
|
||||
for _, r := range user.Edges.Roles {
|
||||
for _, p := range r.Edges.Permissions {
|
||||
if p.Resource == resource && p.Action == action {
|
||||
hasPermission = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if hasPermission {
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if !hasPermission {
|
||||
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{
|
||||
"error": fmt.Sprintf("Missing required permission: %s:%s", resource, action),
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
// RequireRole creates a middleware that checks if the user has the required role
|
||||
func RequireRole(client *ent.Client, roleName string) gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
// Get user from context
|
||||
userID, exists := c.Get(auth.UserIDKey)
|
||||
if !exists {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
|
||||
"error": "Unauthorized",
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
// Get user with roles
|
||||
user, err := client.User.Query().
|
||||
Where(user.ID(userID.(int))).
|
||||
WithRoles().
|
||||
Only(context.Background())
|
||||
|
||||
if err != nil {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
|
||||
"error": "User not found",
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
// Check if user has the required role
|
||||
hasRole := false
|
||||
for _, r := range user.Edges.Roles {
|
||||
if r.Name == roleName {
|
||||
hasRole = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if !hasRole {
|
||||
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{
|
||||
"error": fmt.Sprintf("Required role: %s", roleName),
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue