add rbac module
This commit is contained in:
parent
9461fc53f3
commit
db5b553a93
@ -1,6 +1,7 @@
|
||||
import { DynamicModule, Module, ModuleMetadata } from '@nestjs/common';
|
||||
|
||||
import * as entities from '@/modules/content/entities';
|
||||
import { ContentRbac } from '@/modules/content/rbac';
|
||||
import * as repositories from '@/modules/content/repositories';
|
||||
import * as services from '@/modules/content/services';
|
||||
import { SearchService } from '@/modules/content/services';
|
||||
@ -23,6 +24,7 @@ export class ContentModule {
|
||||
static async forRoot(configure: Configure): Promise<DynamicModule> {
|
||||
const config = await configure.get<ContentConfig>('content', defauleContentConfig);
|
||||
const providers: ModuleMetadata['providers'] = [
|
||||
ContentRbac,
|
||||
...Object.values(services),
|
||||
...(await addSubscribers(configure, Object.values(subscribers))),
|
||||
{
|
||||
|
||||
97
src/modules/content/rbac.ts
Normal file
97
src/modules/content/rbac.ts
Normal file
@ -0,0 +1,97 @@
|
||||
import { Injectable, OnModuleInit } from '@nestjs/common';
|
||||
import { ModuleRef } from '@nestjs/core';
|
||||
|
||||
import { CategoryEntity, CommentEntity, PostEntity, TagEntity } from '@/modules/content/entities';
|
||||
import { PermissionAction, SystemRoles } from '@/modules/rbac/constants';
|
||||
import { RbacResolver } from '@/modules/rbac/rbac.resolver';
|
||||
|
||||
@Injectable()
|
||||
export class ContentRbac implements OnModuleInit {
|
||||
constructor(private ref: ModuleRef) {}
|
||||
onModuleInit() {
|
||||
const resolver = this.ref.get(RbacResolver, { strict: false });
|
||||
resolver.addPermissions([
|
||||
{
|
||||
name: 'post.create',
|
||||
rule: {
|
||||
action: PermissionAction.CREATE,
|
||||
subject: PostEntity,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: 'post.owner',
|
||||
rule: {
|
||||
action: PermissionAction.OWNER,
|
||||
subject: PostEntity,
|
||||
conditions: (user) => ({
|
||||
'author.id': user.id,
|
||||
}),
|
||||
},
|
||||
},
|
||||
{
|
||||
name: 'comment.create',
|
||||
rule: {
|
||||
action: PermissionAction.CREATE,
|
||||
subject: CommentEntity,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: 'comment.owner',
|
||||
rule: {
|
||||
action: PermissionAction.OWNER,
|
||||
subject: CommentEntity,
|
||||
conditions: (user) => ({
|
||||
'author.id': user.id,
|
||||
}),
|
||||
},
|
||||
},
|
||||
{
|
||||
name: 'post.manage',
|
||||
rule: {
|
||||
action: PermissionAction.MANAGE,
|
||||
subject: PostEntity,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: 'tag.manage',
|
||||
rule: {
|
||||
action: PermissionAction.MANAGE,
|
||||
subject: TagEntity,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: 'category.manage',
|
||||
rule: {
|
||||
action: PermissionAction.MANAGE,
|
||||
subject: CategoryEntity,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: 'comment.manage',
|
||||
rule: {
|
||||
action: PermissionAction.MANAGE,
|
||||
subject: CommentEntity,
|
||||
},
|
||||
},
|
||||
]);
|
||||
|
||||
resolver.addRoles([
|
||||
{
|
||||
name: SystemRoles.USER,
|
||||
permissions: [
|
||||
'post.read',
|
||||
'post.create',
|
||||
'post.owner',
|
||||
'comment.create',
|
||||
'comment.owner',
|
||||
],
|
||||
},
|
||||
{
|
||||
name: 'content-manage',
|
||||
label: '内容管理员',
|
||||
description: '管理内容模块',
|
||||
permissions: ['post.manage', 'category.manage', 'tag.manage', 'comment.manage'],
|
||||
},
|
||||
]);
|
||||
}
|
||||
}
|
||||
@ -13,5 +13,5 @@ export enum PermissionAction {
|
||||
UPDATE = 'update',
|
||||
DELETE = 'delete',
|
||||
MANAGE = 'manage',
|
||||
OWNER = 'onwer',
|
||||
OWNER = 'owner',
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user