8117958bd6
- Add user management with roles and permissions (RBAC) - Implement OAuth2 service provider supporting 4 grant types: authorization_code, password, client_credentials, refresh_token - Add JWT authentication with 7-day expiry - Add admin API for users, roles and OAuth clients management - Add CLI tool for user management (scripts/user-cli.js) - Add collapsible sidebar layout with login dialog - Add user management page and OAuth client management page - Add server middleware for auth token verification - Add seed script for initial data (admin/admin123)
129 lines
3.2 KiB
TypeScript
129 lines
3.2 KiB
TypeScript
export const PERMISSIONS = {
|
|
USER_CREATE: 'user:create',
|
|
USER_READ: 'user:read',
|
|
USER_UPDATE: 'user:update',
|
|
USER_DELETE: 'user:delete',
|
|
|
|
EVENT_CREATE: 'event:create',
|
|
EVENT_READ: 'event:read',
|
|
EVENT_UPDATE: 'event:update',
|
|
EVENT_DELETE: 'event:delete',
|
|
|
|
RESULT_CREATE: 'result:create',
|
|
RESULT_READ: 'result:read',
|
|
RESULT_UPDATE: 'result:update',
|
|
RESULT_DELETE: 'result:delete',
|
|
|
|
TEAM_CREATE: 'team:create',
|
|
TEAM_READ: 'team:read',
|
|
TEAM_UPDATE: 'team:update',
|
|
TEAM_DELETE: 'team:delete',
|
|
|
|
ADMIN_ACCESS: 'admin:access',
|
|
ROLE_MANAGE: 'role:manage',
|
|
OAUTH_CLIENT_CREATE: 'oauth:client:create',
|
|
OAUTH_CLIENT_READ: 'oauth:client:read',
|
|
OAUTH_CLIENT_UPDATE: 'oauth:client:update',
|
|
OAUTH_CLIENT_DELETE: 'oauth:client:delete'
|
|
} as const
|
|
|
|
export const DEFAULT_ROLES = {
|
|
admin: {
|
|
name: 'admin',
|
|
description: '系统管理员',
|
|
permissions: Object.values(PERMISSIONS),
|
|
isSystem: true
|
|
},
|
|
user: {
|
|
name: 'user',
|
|
description: '普通用户',
|
|
permissions: [
|
|
PERMISSIONS.EVENT_READ,
|
|
PERMISSIONS.RESULT_READ,
|
|
PERMISSIONS.TEAM_READ
|
|
],
|
|
isSystem: true
|
|
},
|
|
guest: {
|
|
name: 'guest',
|
|
description: '访客',
|
|
permissions: [
|
|
PERMISSIONS.EVENT_READ
|
|
],
|
|
isSystem: true
|
|
}
|
|
}
|
|
|
|
export function hasPermission(userPermissions: string[], requiredPermission: string): boolean {
|
|
if (userPermissions.includes(PERMISSIONS.ADMIN_ACCESS)) {
|
|
return true
|
|
}
|
|
return userPermissions.includes(requiredPermission)
|
|
}
|
|
|
|
export function hasAnyPermission(userPermissions: string[], requiredPermissions: string[]): boolean {
|
|
if (userPermissions.includes(PERMISSIONS.ADMIN_ACCESS)) {
|
|
return true
|
|
}
|
|
return requiredPermissions.some(p => userPermissions.includes(p))
|
|
}
|
|
|
|
export function hasAllPermissions(userPermissions: string[], requiredPermissions: string[]): boolean {
|
|
if (userPermissions.includes(PERMISSIONS.ADMIN_ACCESS)) {
|
|
return true
|
|
}
|
|
return requiredPermissions.every(p => userPermissions.includes(p))
|
|
}
|
|
|
|
export function getPermissionGroups(): Record<string, { name: string; permissions: string[] }> {
|
|
return {
|
|
user: {
|
|
name: '用户管理',
|
|
permissions: [
|
|
PERMISSIONS.USER_CREATE,
|
|
PERMISSIONS.USER_READ,
|
|
PERMISSIONS.USER_UPDATE,
|
|
PERMISSIONS.USER_DELETE
|
|
]
|
|
},
|
|
event: {
|
|
name: '比赛管理',
|
|
permissions: [
|
|
PERMISSIONS.EVENT_CREATE,
|
|
PERMISSIONS.EVENT_READ,
|
|
PERMISSIONS.EVENT_UPDATE,
|
|
PERMISSIONS.EVENT_DELETE
|
|
]
|
|
},
|
|
result: {
|
|
name: '成绩管理',
|
|
permissions: [
|
|
PERMISSIONS.RESULT_CREATE,
|
|
PERMISSIONS.RESULT_READ,
|
|
PERMISSIONS.RESULT_UPDATE,
|
|
PERMISSIONS.RESULT_DELETE
|
|
]
|
|
},
|
|
team: {
|
|
name: '队伍管理',
|
|
permissions: [
|
|
PERMISSIONS.TEAM_CREATE,
|
|
PERMISSIONS.TEAM_READ,
|
|
PERMISSIONS.TEAM_UPDATE,
|
|
PERMISSIONS.TEAM_DELETE
|
|
]
|
|
},
|
|
system: {
|
|
name: '系统管理',
|
|
permissions: [
|
|
PERMISSIONS.ADMIN_ACCESS,
|
|
PERMISSIONS.ROLE_MANAGE,
|
|
PERMISSIONS.OAUTH_CLIENT_CREATE,
|
|
PERMISSIONS.OAUTH_CLIENT_READ,
|
|
PERMISSIONS.OAUTH_CLIENT_UPDATE,
|
|
PERMISSIONS.OAUTH_CLIENT_DELETE
|
|
]
|
|
}
|
|
}
|
|
}
|