use crate::auth::get_auth_user; use crate::graphql::guards::*; use crate::graphql::types::*; use crate::services::casbin_service::CasbinService; use async_graphql::{Context, Object, Result}; #[derive(Default)] pub struct PermissionQuery; #[Object] impl PermissionQuery { // 权限管理查询 #[graphql(guard = "RequireReadPermission::new(\"permissions\")")] async fn check_permission( &self, ctx: &Context<'_>, resource: String, action: String, ) -> Result { let user = get_auth_user(ctx).await?; let casbin_service = ctx.data::()?; let has_permission = casbin_service .check_permission(&user.id.to_string(), &resource, &action) .await?; let roles = casbin_service.get_user_roles(&user.id.to_string()).await?; Ok(PermissionCheckResult { user_id: user.id.to_string(), resource, action, has_permission, roles, }) } #[graphql(guard = "RequireReadPermission::new(\"permissions\")")] async fn get_user_roles(&self, ctx: &Context<'_>) -> Result> { let user = get_auth_user(ctx).await?; let casbin_service = ctx.data::()?; let roles = casbin_service.get_user_roles(&user.id.to_string()).await?; Ok(roles) } #[graphql(guard = "RequireLogin")] async fn get_user_permissions(&self, ctx: &Context<'_>) -> Result> { let user = get_auth_user(ctx).await?; let casbin_service = ctx.data::()?; let permissions = casbin_service .get_user_permissions(&user.id.to_string()) .await?; Ok(permissions .into_iter() .map(|p| PermissionPair { resource: p.0, action: p.1, }) .collect()) } #[graphql(guard = "RequireReadPermission::new(\"permissions\")")] async fn get_all_policies(&self, ctx: &Context<'_>) -> Result> { let casbin_service = ctx.data::()?; let policies = casbin_service.get_all_policies().await?; Ok(policies .into_iter() .filter(|p| p.len() >= 3) .map(|p| PolicyType { role: p[0].clone(), resource: p[1].clone(), action: p[2].clone(), }) .collect()) } #[graphql(guard = "RequireReadPermission::new(\"permissions\")")] async fn get_role_permissions( &self, ctx: &Context<'_>, role_name: String, ) -> Result> { let casbin_service = ctx.data::()?; let permissions = casbin_service.get_role_permissions(&role_name).await?; Ok(permissions .into_iter() .map(|p| PermissionPair { resource: p.0, action: p.1, }) .collect()) } #[graphql(guard = "RequireReadPermission::new(\"permissions\")")] async fn can_read(&self, ctx: &Context<'_>, resource: String) -> Result { let user = get_auth_user(ctx).await?; let casbin_service = ctx.data::()?; let can_read = casbin_service .can_read(&user.id.to_string(), &resource) .await?; Ok(can_read) } #[graphql(guard = "RequireReadPermission::new(\"permissions\")")] async fn can_write(&self, ctx: &Context<'_>, resource: String) -> Result { let user = get_auth_user(ctx).await?; let casbin_service = ctx.data::()?; let can_write = casbin_service .can_write(&user.id.to_string(), &resource) .await?; Ok(can_write) } #[graphql(guard = "RequireReadPermission::new(\"permissions\")")] async fn can_delete(&self, ctx: &Context<'_>, resource: String) -> Result { let user = get_auth_user(ctx).await?; let casbin_service = ctx.data::()?; let can_delete = casbin_service .can_delete(&user.id.to_string(), &resource) .await?; Ok(can_delete) } }