user-system/internal/domain/permission.go

package domain

import "time"

// PermissionType 权限类型
type PermissionType int

const (
	PermissionTypeMenu   PermissionType = iota // 菜单
	PermissionTypeButton                       // 按钮
	PermissionTypeAPI                          // 接口
)

// PermissionStatus 权限状态
type PermissionStatus int

const (
	PermissionStatusDisabled PermissionStatus = 0 // 禁用
	PermissionStatusEnabled  PermissionStatus = 1 // 启用
)

// Permission 权限模型
type Permission struct {
	ID          int64            `gorm:"primaryKey;autoIncrement" json:"id"`
	Name        string           `gorm:"type:varchar(50);not null" json:"name"`
	Code        string           `gorm:"type:varchar(100);uniqueIndex;not null" json:"code"`
	Type        PermissionType   `gorm:"type:int;not null" json:"type"`
	Description string           `gorm:"type:varchar(200)" json:"description"`
	ParentID    *int64           `gorm:"index" json:"parent_id,omitempty"`
	Level       int              `gorm:"default:1" json:"level"`
	Path        string           `gorm:"type:varchar(200)" json:"path,omitempty"`
	Method      string           `gorm:"type:varchar(10)" json:"method,omitempty"`
	Sort        int              `gorm:"default:0" json:"sort"`
	Icon        string           `gorm:"type:varchar(50)" json:"icon,omitempty"`
	Status      PermissionStatus `gorm:"type:int;default:1" json:"status"`
	CreatedAt   time.Time        `gorm:"autoCreateTime" json:"created_at"`
	UpdatedAt   time.Time        `gorm:"autoUpdateTime" json:"updated_at"`
	Children    []*Permission    `gorm:"-" json:"children,omitempty"` // 子权限，不持久化
}

// TableName 指定表名
func (Permission) TableName() string {
	return "permissions"
}

// DefaultPermissions 返回系统默认权限列表
func DefaultPermissions() []Permission {
	return []Permission{
		// 用户管理
		{Name: "用户列表", Code: "user:list", Type: PermissionTypeAPI, Path: "/api/v1/users", Method: "GET", Sort: 10, Status: PermissionStatusEnabled, Description: "查看用户列表"},
		{Name: "查看用户", Code: "user:view", Type: PermissionTypeAPI, Path: "/api/v1/users/:id", Method: "GET", Sort: 11, Status: PermissionStatusEnabled, Description: "查看用户详情"},
		{Name: "编辑用户", Code: "user:edit", Type: PermissionTypeAPI, Path: "/api/v1/users/:id", Method: "PUT", Sort: 12, Status: PermissionStatusEnabled, Description: "编辑用户信息"},
		{Name: "删除用户", Code: "user:delete", Type: PermissionTypeAPI, Path: "/api/v1/users/:id", Method: "DELETE", Sort: 13, Status: PermissionStatusEnabled, Description: "删除用户"},
		{Name: "管理用户", Code: "user:manage", Type: PermissionTypeAPI, Path: "/api/v1/users/:id/status", Method: "PUT", Sort: 14, Status: PermissionStatusEnabled, Description: "管理用户状态和角色"},
		// 个人资料
		{Name: "查看资料", Code: "profile:view", Type: PermissionTypeAPI, Path: "/api/v1/auth/userinfo", Method: "GET", Sort: 20, Status: PermissionStatusEnabled, Description: "查看个人资料"},
		{Name: "编辑资料", Code: "profile:edit", Type: PermissionTypeAPI, Path: "/api/v1/users/:id", Method: "PUT", Sort: 21, Status: PermissionStatusEnabled, Description: "编辑个人资料"},
		{Name: "修改密码", Code: "profile:change_password", Type: PermissionTypeAPI, Path: "/api/v1/users/:id/password", Method: "PUT", Sort: 22, Status: PermissionStatusEnabled, Description: "修改密码"},
		// 角色管理
		{Name: "角色管理", Code: "role:manage", Type: PermissionTypeAPI, Path: "/api/v1/roles", Method: "GET", Sort: 30, Status: PermissionStatusEnabled, Description: "管理角色"},
		{Name: "创建角色", Code: "role:create", Type: PermissionTypeAPI, Path: "/api/v1/roles", Method: "POST", Sort: 31, Status: PermissionStatusEnabled, Description: "创建角色"},
		{Name: "编辑角色", Code: "role:edit", Type: PermissionTypeAPI, Path: "/api/v1/roles/:id", Method: "PUT", Sort: 32, Status: PermissionStatusEnabled, Description: "编辑角色"},
		{Name: "删除角色", Code: "role:delete", Type: PermissionTypeAPI, Path: "/api/v1/roles/:id", Method: "DELETE", Sort: 33, Status: PermissionStatusEnabled, Description: "删除角色"},
		// 权限管理
		{Name: "权限管理", Code: "permission:manage", Type: PermissionTypeAPI, Path: "/api/v1/permissions", Method: "GET", Sort: 40, Status: PermissionStatusEnabled, Description: "管理权限"},
		// 日志查看
		{Name: "查看自己的日志", Code: "log:view_own", Type: PermissionTypeAPI, Path: "/api/v1/logs/login/me", Method: "GET", Sort: 50, Status: PermissionStatusEnabled, Description: "查看个人登录日志"},
		{Name: "查看所有日志", Code: "log:view_all", Type: PermissionTypeAPI, Path: "/api/v1/logs/login", Method: "GET", Sort: 51, Status: PermissionStatusEnabled, Description: "查看全部日志（管理员）"},
		// 系统统计
		{Name: "仪表盘统计", Code: "stats:view", Type: PermissionTypeAPI, Path: "/api/v1/admin/stats/dashboard", Method: "GET", Sort: 60, Status: PermissionStatusEnabled, Description: "查看系统统计数据"},
		// 设备管理
		{Name: "设备管理", Code: "device:manage", Type: PermissionTypeAPI, Path: "/api/v1/devices", Method: "GET", Sort: 70, Status: PermissionStatusEnabled, Description: "管理设备"},
	}
}