feat: restrict permission roles
This commit is contained in:
+50
-3
@@ -6,6 +6,53 @@ import (
|
||||
"gorm.io/gorm"
|
||||
)
|
||||
|
||||
const (
|
||||
RoleAdmin = "admin"
|
||||
RoleTechnicianLegacy = "technician"
|
||||
RoleEmployee = "employee"
|
||||
RoleSoftwareEngineer = "software_engineer"
|
||||
RoleHardwareEngineer = "hardware_engineer"
|
||||
RoleBusinessManager = "business_manager"
|
||||
RoleProjectManager = "project_manager"
|
||||
)
|
||||
|
||||
// WorkOrderRoles 是权限管理中可创建/编辑的四个对等角色。
|
||||
var WorkOrderRoles = []string{
|
||||
RoleSoftwareEngineer,
|
||||
RoleHardwareEngineer,
|
||||
RoleBusinessManager,
|
||||
RoleProjectManager,
|
||||
}
|
||||
|
||||
// AssignableWorkOrderRoles 是可被派单的角色,包含旧 technician 数据兼容。
|
||||
var AssignableWorkOrderRoles = append([]string{}, append(WorkOrderRoles, RoleTechnicianLegacy)...)
|
||||
|
||||
func IsWorkOrderRole(role string) bool {
|
||||
for _, item := range WorkOrderRoles {
|
||||
if role == item {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func IsAssignableWorkOrderRole(role string) bool {
|
||||
for _, item := range AssignableWorkOrderRoles {
|
||||
if role == item {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func HasBackendAccess(role string) bool {
|
||||
return role == RoleAdmin || IsAssignableWorkOrderRole(role)
|
||||
}
|
||||
|
||||
func HasWorkOrderAccess(role string) bool {
|
||||
return role == RoleAdmin || IsAssignableWorkOrderRole(role)
|
||||
}
|
||||
|
||||
// User 模型
|
||||
type User struct {
|
||||
ID uint `gorm:"primaryKey" json:"id"`
|
||||
@@ -94,7 +141,7 @@ type CreateUserDTO struct {
|
||||
Phone string `json:"phone" validate:"required"`
|
||||
EmployeeNo string `json:"employeeNo" validate:"required"`
|
||||
Position string `json:"position" validate:"required"`
|
||||
Role string `json:"role" validate:"required,oneof=admin technician employee"`
|
||||
Role string `json:"role" validate:"required,oneof=software_engineer hardware_engineer business_manager project_manager"`
|
||||
}
|
||||
|
||||
// UpdateUserDTO 管理员更新用户信息请求
|
||||
@@ -104,7 +151,7 @@ type UpdateUserDTO struct {
|
||||
Phone string `json:"phone,omitempty"`
|
||||
EmployeeNo string `json:"employeeNo,omitempty"`
|
||||
Position string `json:"position,omitempty"`
|
||||
Role string `json:"role,omitempty" validate:"omitempty,oneof=admin technician employee"`
|
||||
Role string `json:"role,omitempty" validate:"omitempty,oneof=software_engineer hardware_engineer business_manager project_manager"`
|
||||
}
|
||||
|
||||
// AdminResetPasswordDTO 管理员重置用户密码
|
||||
@@ -295,7 +342,7 @@ type CustomerConfirmDTO struct {
|
||||
RejectReason string `json:"rejectReason,omitempty" validate:"required_if=Action reject"`
|
||||
}
|
||||
|
||||
// ReassignAftersalesDTO 重新分配技术员请求
|
||||
// ReassignAftersalesDTO 重新分配工单负责人请求
|
||||
type ReassignAftersalesDTO struct {
|
||||
TechnicianID uint `json:"technicianId" validate:"required"`
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user