完成权限角色守卫

2025-05-07 23:14:57 +08:00
parent 9a705d5b21
commit 69c40c39aa
11 changed files with 201 additions and 3 deletions
--- a/tone-page-server/src/common/decorators/permissions.decorator.ts
+++ b/tone-page-server/src/common/decorators/permissions.decorator.ts
@@ -0,0 +1,3 @@
 import { SetMetadata } from "@nestjs/common";
 export const Permissions = (...permissions: string[]) => SetMetadata('permissions', permissions);
--- a/tone-page-server/src/common/decorators/role.decorator.ts
+++ b/tone-page-server/src/common/decorators/role.decorator.ts
@@ -0,0 +1,3 @@
 import { SetMetadata } from "@nestjs/common";
 export const Roles = (...roles: string[]) => SetMetadata('roles', roles);
--- a/tone-page-server/src/common/guard/permission.guard.ts
+++ b/tone-page-server/src/common/guard/permission.guard.ts
@@ -0,0 +1,40 @@
 import { CanActivate, ExecutionContext, Injectable } from "@nestjs/common";
 import { Reflector } from '@nestjs/core';
 import { PermissionService } from "src/role/services/permission.service";
 import { RolePermissionService } from "src/role/services/role-permission.service";
 import { UserRoleService } from "src/role/services/user-role.service";
@Injectable()
 export class PermissionGuard implements CanActivate {
    constructor(
        private reflector: Reflector,
        private readonly userRoleService: UserRoleService,
        private readonly rolePermissionService: RolePermissionService,
        private readonly permissionService: PermissionService,
    ) { }
    async canActivate(context: ExecutionContext): Promise<boolean> {
        const requiredPermissions = this.reflector.getAllAndOverride<string[]>('permissions', [
            context.getHandler(),
            context.getClass(),
        ]);
        if (!requiredPermissions) return true;
        const request = context.switchToHttp().getRequest();
        const userId = request.user?.userId;
        if (!userId) return false;
        // 查询用户拥有的有效角色ID
        const userRoleIds = await this.userRoleService.findValidRoleIdsByUserId(userId);
        // 查询用户拥有的有效角色ID对应的权限ID
        const userPermissionIds = await this.rolePermissionService.findPermissionIdsByRoleIds(userRoleIds);
        // 查询用户拥有的权限ID对应的权限名
        const userPermissionNames = await this.permissionService.findPermissionNamesByPermissionIds(userPermissionIds);
        return requiredPermissions.every(permission => userPermissionNames.includes(permission))
    }
 }
--- a/tone-page-server/src/common/guard/roles.guard.ts
+++ b/tone-page-server/src/common/guard/roles.guard.ts
@@ -0,0 +1,36 @@
 import { CanActivate, ExecutionContext, Injectable } from "@nestjs/common";
 import { Reflector } from '@nestjs/core';
 import { RoleService } from "src/role/services/role.service";
 import { UserRoleService } from "src/role/services/user-role.service";
@Injectable()
 export class RolesGuard implements CanActivate {
    constructor(
        private reflector: Reflector,
        private readonly userRoleService: UserRoleService,
        private readonly roleService: RoleService,
    ) { }
    async canActivate(context: ExecutionContext): Promise<boolean> {
        const requiredRoles = this.reflector.getAllAndOverride<string[]>('roles', [
            context.getHandler(),
            context.getClass(),
        ]);
        if (!requiredRoles) return true;
        const request = context.switchToHttp().getRequest();
        const userId = request.user?.userId;
        if (!userId) return false;
        // 查询用户拥有的有效角色Id
        const userRoleIds = await this.userRoleService.findValidRoleIdsByUserId(userId);
        // 查询用户角色Id对应的角色名
        const userRoleNames = await this.roleService.findRoleNamesByRoleIds(userRoleIds);
        return requiredRoles.some(role => userRoleNames.includes(role));
    }
 }
--- a/tone-page-server/src/role/entities/user-role.entity.ts
+++ b/tone-page-server/src/role/entities/user-role.entity.ts
--- a/tone-page-server/src/role/role.module.ts
+++ b/tone-page-server/src/role/role.module.ts
@@ -3,8 +3,15 @@ import { TypeOrmModule } from '@nestjs/typeorm';
 import { Role } from './entities/role.entity';
 import { Permission } from './entities/permission.entity';
 import { RolePermission } from './entities/role-permission.entity';
 import { RolePermissionService } from './services/role-permission.service';
 import { RoleService } from './services/role.service';
 import { UserRoleService } from './services/user-role.service';
 import { UserRole } from './entities/user-role.entity';
 import { PermissionService } from './services/permission.service';
@Module({
-    imports: [TypeOrmModule.forFeature([Role, Permission, RolePermission])]
+    imports: [TypeOrmModule.forFeature([Role, Permission, RolePermission, UserRole])],
    providers: [RolePermissionService, RoleService, UserRoleService, PermissionService],
    exports: [RolePermissionService, RoleService, UserRoleService, PermissionService],
 })
 export class RoleModule { }
--- a/tone-page-server/src/role/services/permission.service.ts
+++ b/tone-page-server/src/role/services/permission.service.ts
@@ -0,0 +1,26 @@
 import { Injectable } from "@nestjs/common";
 import { InjectRepository } from "@nestjs/typeorm";
 import { Permission } from "../entities/permission.entity";
 import { In, Repository } from "typeorm";
@Injectable()
 export class PermissionService {
    constructor(
        @InjectRepository(Permission)
        private readonly permissionRepository: Repository<Permission>,
    ) { }
    async findPermissionNamesByPermissionIds(permissionIds: string[]): Promise<string[]> {
        const permissions = await this.findPermissionsByPermissionIds(permissionIds);
        return permissions.map(permission => permission.name);
    }
    async findPermissionsByPermissionIds(permissionIds: string[]): Promise<Permission[]> {
        return this.permissionRepository.find({
            where: {
                id: In(permissionIds),
            }
        })
    }
 }
--- a/tone-page-server/src/role/services/role-permission.service.ts
+++ b/tone-page-server/src/role/services/role-permission.service.ts
@@ -0,0 +1,23 @@
 import { Injectable } from "@nestjs/common";
 import { InjectRepository } from "@nestjs/typeorm";
 import { RolePermission } from "../entities/role-permission.entity";
 import { In, Repository } from "typeorm";
@Injectable()
 export class RolePermissionService {
    constructor(
        @InjectRepository(RolePermission)
        private readonly rolePermissionRepository: Repository<RolePermission>,
    ) { }
    async findPermissionIdsByRoleIds(roleIds: string[]): Promise<string[]> {
        const rolePermissions = await this.rolePermissionRepository.find({
            where: {
                roleId: In(roleIds),
            }
        });
        return rolePermissions.map(rp => rp.permissionId);
    }
 }
--- a/tone-page-server/src/role/services/role.service.ts
+++ b/tone-page-server/src/role/services/role.service.ts
@@ -0,0 +1,26 @@
 import { Injectable } from "@nestjs/common";
 import { InjectRepository } from "@nestjs/typeorm";
 import { Role } from "../entities/role.entity";
 import { In, Repository } from "typeorm";
@Injectable()
 export class RoleService {
    constructor(
        @InjectRepository(Role)
        private readonly roleRepository: Repository<Role>,
    ) { }
    async findRoleNamesByRoleIds(roleIds: string[]): Promise<string[]> {
        const roles = await this.findRolesByRoleIds(roleIds);
        return roles.map(role => role.name);
    }
    async findRolesByRoleIds(roleIds: string[]): Promise<Role[]> {
        return this.roleRepository.find({
            where: {
                id: In(roleIds),
            }
        })
    }
 }
--- a/tone-page-server/src/role/services/user-role.service.ts
+++ b/tone-page-server/src/role/services/user-role.service.ts
@@ -0,0 +1,35 @@
 import { Injectable } from "@nestjs/common";
 import { InjectRepository } from "@nestjs/typeorm";
 import { UserRole } from "src/role/entities/user-role.entity";
 import { IsNull, MoreThanOrEqual, Repository } from "typeorm";
@Injectable()
 export class UserRoleService {
    constructor(
        @InjectRepository(UserRole)
        private readonly userRoleRepository: Repository<UserRole>,
    ) { }
    async findValidRoleIdsByUserId(userId: string): Promise<string[]> {
        return (await this.findValidRolesByUserId(userId)).map(ur => ur.roleId);
    }
    async findValidRolesByUserId(userId: string) {
        const now = new Date();
        return this.userRoleRepository.find({
            where: [
                {
                    userId,
                    isEnabled: true,
                    expiredAt: MoreThanOrEqual(now),
                },
                {
                    userId,
                    isEnabled: true,
                    expiredAt: IsNull(),
                }
            ]
        })
    }
 }
--- a/tone-page-server/src/user/user.module.ts
+++ b/tone-page-server/src/user/user.module.ts
@@ -6,11 +6,10 @@ import { UserService } from './user.service';
 import { UserSession } from './entities/user-session.entity';
 import { AuthModule } from 'src/auth/auth.module';
 import { UserSessionService } from './services/user-session.service';
 import { UserRole } from './entities/user-role.entity';
@Module({
    imports: [
-        TypeOrmModule.forFeature([User, UserSession, UserRole]),
+        TypeOrmModule.forFeature([User, UserSession]),
        forwardRef(() => AuthModule),// 解决循环依赖问题
    ],
    controllers: [UserController],
		`@@ -0,0 +1,3 @@`
							`import { SetMetadata } from "@nestjs/common";`

							`export const Permissions = (...permissions: string[]) => SetMetadata('permissions', permissions);`
		`@@ -0,0 +1,3 @@`
							`import { SetMetadata } from "@nestjs/common";`

							`export const Roles = (...roles: string[]) => SetMetadata('roles', roles);`