feat: restrict permission roles

This commit is contained in:
Frudrax Cheng
2026-06-06 13:50:56 +08:00
parent a55f515930
commit 5edb25ac4e
17 changed files with 229 additions and 175 deletions
+50 -3
View File
@@ -6,6 +6,53 @@ import (
"gorm.io/gorm"
)
const (
RoleAdmin = "admin"
RoleTechnicianLegacy = "technician"
RoleEmployee = "employee"
RoleSoftwareEngineer = "software_engineer"
RoleHardwareEngineer = "hardware_engineer"
RoleBusinessManager = "business_manager"
RoleProjectManager = "project_manager"
)
// WorkOrderRoles 是权限管理中可创建/编辑的四个对等角色。
var WorkOrderRoles = []string{
RoleSoftwareEngineer,
RoleHardwareEngineer,
RoleBusinessManager,
RoleProjectManager,
}
// AssignableWorkOrderRoles 是可被派单的角色,包含旧 technician 数据兼容。
var AssignableWorkOrderRoles = append([]string{}, append(WorkOrderRoles, RoleTechnicianLegacy)...)
func IsWorkOrderRole(role string) bool {
for _, item := range WorkOrderRoles {
if role == item {
return true
}
}
return false
}
func IsAssignableWorkOrderRole(role string) bool {
for _, item := range AssignableWorkOrderRoles {
if role == item {
return true
}
}
return false
}
func HasBackendAccess(role string) bool {
return role == RoleAdmin || IsAssignableWorkOrderRole(role)
}
func HasWorkOrderAccess(role string) bool {
return role == RoleAdmin || IsAssignableWorkOrderRole(role)
}
// User 模型
type User struct {
ID uint `gorm:"primaryKey" json:"id"`
@@ -94,7 +141,7 @@ type CreateUserDTO struct {
Phone string `json:"phone" validate:"required"`
EmployeeNo string `json:"employeeNo" validate:"required"`
Position string `json:"position" validate:"required"`
Role string `json:"role" validate:"required,oneof=admin technician employee"`
Role string `json:"role" validate:"required,oneof=software_engineer hardware_engineer business_manager project_manager"`
}
// UpdateUserDTO 管理员更新用户信息请求
@@ -104,7 +151,7 @@ type UpdateUserDTO struct {
Phone string `json:"phone,omitempty"`
EmployeeNo string `json:"employeeNo,omitempty"`
Position string `json:"position,omitempty"`
Role string `json:"role,omitempty" validate:"omitempty,oneof=admin technician employee"`
Role string `json:"role,omitempty" validate:"omitempty,oneof=software_engineer hardware_engineer business_manager project_manager"`
}
// AdminResetPasswordDTO 管理员重置用户密码
@@ -295,7 +342,7 @@ type CustomerConfirmDTO struct {
RejectReason string `json:"rejectReason,omitempty" validate:"required_if=Action reject"`
}
// ReassignAftersalesDTO 重新分配技术员请求
// ReassignAftersalesDTO 重新分配工单负责人请求
type ReassignAftersalesDTO struct {
TechnicianID uint `json:"technicianId" validate:"required"`
}