完成权限角色守卫

tone-page-server/src/common/decorators/permissions.decorator.ts

@@ -0,0 +1,3 @@
+import { SetMetadata } from "@nestjs/common";
+
+export const Permissions = (...permissions: string[]) => SetMetadata('permissions', permissions);

tone-page-server/src/common/decorators/role.decorator.ts

@@ -0,0 +1,3 @@
+import { SetMetadata } from "@nestjs/common";
+
+export const Roles = (...roles: string[]) => SetMetadata('roles', roles);

tone-page-server/src/common/guard/permission.guard.ts

@@ -0,0 +1,40 @@
+import { CanActivate, ExecutionContext, Injectable } from "@nestjs/common";
+import { Reflector } from '@nestjs/core';
+import { PermissionService } from "src/role/services/permission.service";
+import { RolePermissionService } from "src/role/services/role-permission.service";
+import { UserRoleService } from "src/role/services/user-role.service";
+
+@Injectable()
+export class PermissionGuard implements CanActivate {
+    constructor(
+        private reflector: Reflector,
+        private readonly userRoleService: UserRoleService,
+        private readonly rolePermissionService: RolePermissionService,
+        private readonly permissionService: PermissionService,
+    ) { }
+
+    async canActivate(context: ExecutionContext): Promise<boolean> {
+        const requiredPermissions = this.reflector.getAllAndOverride<string[]>('permissions', [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+
+        if (!requiredPermissions) return true;
+
+        const request = context.switchToHttp().getRequest();
+        const userId = request.user?.userId;
+
+        if (!userId) return false;
+
+        // 查询用户拥有的有效角色ID
+        const userRoleIds = await this.userRoleService.findValidRoleIdsByUserId(userId);
+
+        // 查询用户拥有的有效角色ID对应的权限ID
+        const userPermissionIds = await this.rolePermissionService.findPermissionIdsByRoleIds(userRoleIds);
+
+        // 查询用户拥有的权限ID对应的权限名
+        const userPermissionNames = await this.permissionService.findPermissionNamesByPermissionIds(userPermissionIds);
+
+        return requiredPermissions.every(permission => userPermissionNames.includes(permission))
+    }
+}

tone-page-server/src/common/guard/roles.guard.ts

@@ -0,0 +1,36 @@
+import { CanActivate, ExecutionContext, Injectable } from "@nestjs/common";
+import { Reflector } from '@nestjs/core';
+import { RoleService } from "src/role/services/role.service";
+import { UserRoleService } from "src/role/services/user-role.service";
+
+@Injectable()
+export class RolesGuard implements CanActivate {
+    constructor(
+        private reflector: Reflector,
+        private readonly userRoleService: UserRoleService,
+        private readonly roleService: RoleService,
+    ) { }
+
+    async canActivate(context: ExecutionContext): Promise<boolean> {
+        const requiredRoles = this.reflector.getAllAndOverride<string[]>('roles', [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+
+        if (!requiredRoles) return true;
+        
+
+        const request = context.switchToHttp().getRequest();
+        const userId = request.user?.userId;
+
+        if (!userId) return false;
+
+        // 查询用户拥有的有效角色Id
+        const userRoleIds = await this.userRoleService.findValidRoleIdsByUserId(userId);
+
+        // 查询用户角色Id对应的角色名
+        const userRoleNames = await this.roleService.findRoleNamesByRoleIds(userRoleIds);
+
+        return requiredRoles.some(role => userRoleNames.includes(role));
+    }
+}