add rbac module

This commit is contained in:
liuyi 2025-06-30 13:44:11 +08:00
parent 9461fc53f3
commit db5b553a93
3 changed files with 100 additions and 1 deletions

View File

@ -1,6 +1,7 @@
import { DynamicModule, Module, ModuleMetadata } from '@nestjs/common';
import * as entities from '@/modules/content/entities';
import { ContentRbac } from '@/modules/content/rbac';
import * as repositories from '@/modules/content/repositories';
import * as services from '@/modules/content/services';
import { SearchService } from '@/modules/content/services';
@ -23,6 +24,7 @@ export class ContentModule {
static async forRoot(configure: Configure): Promise<DynamicModule> {
const config = await configure.get<ContentConfig>('content', defauleContentConfig);
const providers: ModuleMetadata['providers'] = [
ContentRbac,
...Object.values(services),
...(await addSubscribers(configure, Object.values(subscribers))),
{

View File

@ -0,0 +1,97 @@
import { Injectable, OnModuleInit } from '@nestjs/common';
import { ModuleRef } from '@nestjs/core';
import { CategoryEntity, CommentEntity, PostEntity, TagEntity } from '@/modules/content/entities';
import { PermissionAction, SystemRoles } from '@/modules/rbac/constants';
import { RbacResolver } from '@/modules/rbac/rbac.resolver';
@Injectable()
export class ContentRbac implements OnModuleInit {
constructor(private ref: ModuleRef) {}
onModuleInit() {
const resolver = this.ref.get(RbacResolver, { strict: false });
resolver.addPermissions([
{
name: 'post.create',
rule: {
action: PermissionAction.CREATE,
subject: PostEntity,
},
},
{
name: 'post.owner',
rule: {
action: PermissionAction.OWNER,
subject: PostEntity,
conditions: (user) => ({
'author.id': user.id,
}),
},
},
{
name: 'comment.create',
rule: {
action: PermissionAction.CREATE,
subject: CommentEntity,
},
},
{
name: 'comment.owner',
rule: {
action: PermissionAction.OWNER,
subject: CommentEntity,
conditions: (user) => ({
'author.id': user.id,
}),
},
},
{
name: 'post.manage',
rule: {
action: PermissionAction.MANAGE,
subject: PostEntity,
},
},
{
name: 'tag.manage',
rule: {
action: PermissionAction.MANAGE,
subject: TagEntity,
},
},
{
name: 'category.manage',
rule: {
action: PermissionAction.MANAGE,
subject: CategoryEntity,
},
},
{
name: 'comment.manage',
rule: {
action: PermissionAction.MANAGE,
subject: CommentEntity,
},
},
]);
resolver.addRoles([
{
name: SystemRoles.USER,
permissions: [
'post.read',
'post.create',
'post.owner',
'comment.create',
'comment.owner',
],
},
{
name: 'content-manage',
label: '内容管理员',
description: '管理内容模块',
permissions: ['post.manage', 'category.manage', 'tag.manage', 'comment.manage'],
},
]);
}
}

View File

@ -13,5 +13,5 @@ export enum PermissionAction {
UPDATE = 'update',
DELETE = 'delete',
MANAGE = 'manage',
OWNER = 'onwer',
OWNER = 'owner',
}