feat: 实现 RBAC 权限系统和数据权限控制 (004-rbac-data-permission)
主要功能: - 实现完整的 RBAC 权限系统(账号、角色、权限的多对多关联) - 基于 owner_id + shop_id 的自动数据权限过滤 - 使用 PostgreSQL WITH RECURSIVE 查询下级账号 - Redis 缓存优化下级账号查询性能(30分钟过期) - 支持多租户数据隔离和层级权限管理 技术实现: - 新增 Account、Role、Permission 模型及关联关系表 - 实现 GORM Scopes 自动应用数据权限过滤 - 添加数据库迁移脚本(000002_rbac_data_permission、000003_add_owner_id_shop_id) - 完善错误码定义(1010-1027 为 RBAC 相关错误) - 重构 main.go 采用函数拆分提高可读性 测试覆盖: - 添加 Account、Role、Permission 的集成测试 - 添加数据权限过滤的单元测试和集成测试 - 添加下级账号查询和缓存的单元测试 - 添加 API 回归测试确保向后兼容 文档更新: - 更新 README.md 添加 RBAC 功能说明 - 更新 CLAUDE.md 添加技术栈和开发原则 - 添加 docs/004-rbac-data-permission/ 功能总结和使用指南 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
482
specs/004-rbac-data-permission/contracts/permission-api.yaml
Normal file
482
specs/004-rbac-data-permission/contracts/permission-api.yaml
Normal file
@@ -0,0 +1,482 @@
|
||||
openapi: 3.0.3
|
||||
info:
|
||||
title: Permission Management API
|
||||
description: RBAC 权限管理接口 - 支持权限的创建、查询、更新、删除,支持层级关系
|
||||
version: 1.0.0
|
||||
|
||||
servers:
|
||||
- url: http://localhost:8080/api/v1
|
||||
description: Development server
|
||||
|
||||
tags:
|
||||
- name: permissions
|
||||
description: 权限管理
|
||||
|
||||
paths:
|
||||
/permissions:
|
||||
post:
|
||||
summary: 创建权限
|
||||
description: 创建新权限,支持层级关系(通过 parent_id)
|
||||
tags:
|
||||
- permissions
|
||||
requestBody:
|
||||
required: true
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/CreatePermissionRequest'
|
||||
responses:
|
||||
'200':
|
||||
description: 创建成功
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
allOf:
|
||||
- $ref: '#/components/schemas/ApiResponse'
|
||||
- type: object
|
||||
properties:
|
||||
data:
|
||||
$ref: '#/components/schemas/PermissionResponse'
|
||||
'400':
|
||||
description: 请求参数错误
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/ApiResponse'
|
||||
'500':
|
||||
description: 服务器错误
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/ApiResponse'
|
||||
|
||||
get:
|
||||
summary: 查询权限列表
|
||||
description: 分页查询权限列表,支持按类型和父权限过滤
|
||||
tags:
|
||||
- permissions
|
||||
parameters:
|
||||
- name: page
|
||||
in: query
|
||||
description: 页码(从 1 开始)
|
||||
schema:
|
||||
type: integer
|
||||
default: 1
|
||||
minimum: 1
|
||||
- name: page_size
|
||||
in: query
|
||||
description: 每页大小
|
||||
schema:
|
||||
type: integer
|
||||
default: 20
|
||||
minimum: 1
|
||||
maximum: 100
|
||||
- name: perm_type
|
||||
in: query
|
||||
description: 权限类型过滤(1=菜单, 2=按钮)
|
||||
schema:
|
||||
type: integer
|
||||
enum: [1, 2]
|
||||
- name: parent_id
|
||||
in: query
|
||||
description: 父权限 ID 过滤(查询指定权限的子权限)
|
||||
schema:
|
||||
type: integer
|
||||
- name: status
|
||||
in: query
|
||||
description: 状态过滤(0=禁用, 1=启用)
|
||||
schema:
|
||||
type: integer
|
||||
enum: [0, 1]
|
||||
responses:
|
||||
'200':
|
||||
description: 查询成功
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
allOf:
|
||||
- $ref: '#/components/schemas/ApiResponse'
|
||||
- type: object
|
||||
properties:
|
||||
data:
|
||||
$ref: '#/components/schemas/ListPermissionsResponse'
|
||||
'400':
|
||||
description: 请求参数错误
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/ApiResponse'
|
||||
'500':
|
||||
description: 服务器错误
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/ApiResponse'
|
||||
|
||||
/permissions/{id}:
|
||||
get:
|
||||
summary: 查询权限详情
|
||||
description: 根据 ID 查询权限详情
|
||||
tags:
|
||||
- permissions
|
||||
parameters:
|
||||
- name: id
|
||||
in: path
|
||||
required: true
|
||||
description: 权限 ID
|
||||
schema:
|
||||
type: integer
|
||||
responses:
|
||||
'200':
|
||||
description: 查询成功
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
allOf:
|
||||
- $ref: '#/components/schemas/ApiResponse'
|
||||
- type: object
|
||||
properties:
|
||||
data:
|
||||
$ref: '#/components/schemas/PermissionResponse'
|
||||
'404':
|
||||
description: 权限不存在
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/ApiResponse'
|
||||
'500':
|
||||
description: 服务器错误
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/ApiResponse'
|
||||
|
||||
put:
|
||||
summary: 更新权限
|
||||
description: 更新权限信息
|
||||
tags:
|
||||
- permissions
|
||||
parameters:
|
||||
- name: id
|
||||
in: path
|
||||
required: true
|
||||
description: 权限 ID
|
||||
schema:
|
||||
type: integer
|
||||
requestBody:
|
||||
required: true
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/UpdatePermissionRequest'
|
||||
responses:
|
||||
'200':
|
||||
description: 更新成功
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
allOf:
|
||||
- $ref: '#/components/schemas/ApiResponse'
|
||||
- type: object
|
||||
properties:
|
||||
data:
|
||||
$ref: '#/components/schemas/PermissionResponse'
|
||||
'400':
|
||||
description: 请求参数错误
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/ApiResponse'
|
||||
'404':
|
||||
description: 权限不存在
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/ApiResponse'
|
||||
'500':
|
||||
description: 服务器错误
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/ApiResponse'
|
||||
|
||||
delete:
|
||||
summary: 删除权限
|
||||
description: 软删除权限,设置 deleted_at 字段
|
||||
tags:
|
||||
- permissions
|
||||
parameters:
|
||||
- name: id
|
||||
in: path
|
||||
required: true
|
||||
description: 权限 ID
|
||||
schema:
|
||||
type: integer
|
||||
responses:
|
||||
'200':
|
||||
description: 删除成功
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/ApiResponse'
|
||||
'404':
|
||||
description: 权限不存在
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/ApiResponse'
|
||||
'500':
|
||||
description: 服务器错误
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/ApiResponse'
|
||||
|
||||
/permissions/tree:
|
||||
get:
|
||||
summary: 查询权限树
|
||||
description: 查询完整的权限层级树结构(菜单和按钮的层级关系)
|
||||
tags:
|
||||
- permissions
|
||||
responses:
|
||||
'200':
|
||||
description: 查询成功
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
allOf:
|
||||
- $ref: '#/components/schemas/ApiResponse'
|
||||
- type: object
|
||||
properties:
|
||||
data:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/PermissionTreeNode'
|
||||
'500':
|
||||
description: 服务器错误
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/ApiResponse'
|
||||
|
||||
components:
|
||||
schemas:
|
||||
ApiResponse:
|
||||
type: object
|
||||
required:
|
||||
- code
|
||||
- message
|
||||
- timestamp
|
||||
properties:
|
||||
code:
|
||||
type: integer
|
||||
description: 错误码(0 表示成功,1xxx 表示客户端错误,2xxx 表示服务端错误)
|
||||
example: 0
|
||||
message:
|
||||
type: string
|
||||
description: 响应消息
|
||||
example: success
|
||||
data:
|
||||
type: object
|
||||
description: 响应数据
|
||||
timestamp:
|
||||
type: string
|
||||
format: date-time
|
||||
description: 响应时间戳(ISO 8601 格式)
|
||||
example: "2025-11-18T15:30:00Z"
|
||||
|
||||
CreatePermissionRequest:
|
||||
type: object
|
||||
required:
|
||||
- perm_name
|
||||
- perm_code
|
||||
- perm_type
|
||||
properties:
|
||||
perm_name:
|
||||
type: string
|
||||
maxLength: 50
|
||||
description: 权限名称
|
||||
example: 用户管理
|
||||
perm_code:
|
||||
type: string
|
||||
maxLength: 100
|
||||
pattern: '^[a-z]+:[a-z]+$'
|
||||
description: 权限编码(格式:module:action,如 user:create)
|
||||
example: user:create
|
||||
perm_type:
|
||||
type: integer
|
||||
enum: [1, 2]
|
||||
description: 权限类型(1=菜单, 2=按钮)
|
||||
example: 1
|
||||
url:
|
||||
type: string
|
||||
maxLength: 255
|
||||
description: URL 路径(菜单权限必填,按钮权限可选)
|
||||
example: /admin/users
|
||||
parent_id:
|
||||
type: integer
|
||||
nullable: true
|
||||
description: 上级权限 ID(顶级权限为 null)
|
||||
example: null
|
||||
sort:
|
||||
type: integer
|
||||
default: 0
|
||||
description: 排序序号(数字越小越靠前)
|
||||
example: 1
|
||||
status:
|
||||
type: integer
|
||||
enum: [0, 1]
|
||||
default: 1
|
||||
description: 状态(0=禁用, 1=启用)
|
||||
example: 1
|
||||
|
||||
UpdatePermissionRequest:
|
||||
type: object
|
||||
properties:
|
||||
perm_name:
|
||||
type: string
|
||||
maxLength: 50
|
||||
description: 权限名称(可选更新)
|
||||
example: 用户管理模块
|
||||
perm_code:
|
||||
type: string
|
||||
maxLength: 100
|
||||
pattern: '^[a-z]+:[a-z]+$'
|
||||
description: 权限编码(可选更新)
|
||||
example: user:manage
|
||||
url:
|
||||
type: string
|
||||
maxLength: 255
|
||||
description: URL 路径(可选更新)
|
||||
example: /admin/users/manage
|
||||
sort:
|
||||
type: integer
|
||||
description: 排序序号(可选更新)
|
||||
example: 2
|
||||
status:
|
||||
type: integer
|
||||
enum: [0, 1]
|
||||
description: 状态(可选更新)
|
||||
example: 0
|
||||
|
||||
PermissionResponse:
|
||||
type: object
|
||||
properties:
|
||||
id:
|
||||
type: integer
|
||||
description: 权限 ID
|
||||
example: 1
|
||||
perm_name:
|
||||
type: string
|
||||
description: 权限名称
|
||||
example: 用户管理
|
||||
perm_code:
|
||||
type: string
|
||||
description: 权限编码
|
||||
example: user:create
|
||||
perm_type:
|
||||
type: integer
|
||||
description: 权限类型(1=菜单, 2=按钮)
|
||||
example: 1
|
||||
url:
|
||||
type: string
|
||||
description: URL 路径
|
||||
example: /admin/users
|
||||
parent_id:
|
||||
type: integer
|
||||
nullable: true
|
||||
description: 上级权限 ID
|
||||
example: null
|
||||
sort:
|
||||
type: integer
|
||||
description: 排序序号
|
||||
example: 1
|
||||
status:
|
||||
type: integer
|
||||
description: 状态(0=禁用, 1=启用)
|
||||
example: 1
|
||||
creator:
|
||||
type: integer
|
||||
description: 创建人 ID
|
||||
example: 1
|
||||
updater:
|
||||
type: integer
|
||||
description: 更新人 ID
|
||||
example: 1
|
||||
created_at:
|
||||
type: string
|
||||
format: date-time
|
||||
description: 创建时间
|
||||
example: "2025-11-18T10:00:00Z"
|
||||
updated_at:
|
||||
type: string
|
||||
format: date-time
|
||||
description: 更新时间
|
||||
example: "2025-11-18T10:00:00Z"
|
||||
|
||||
ListPermissionsResponse:
|
||||
type: object
|
||||
properties:
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/PermissionResponse'
|
||||
total:
|
||||
type: integer
|
||||
description: 总记录数
|
||||
example: 80
|
||||
page:
|
||||
type: integer
|
||||
description: 当前页码
|
||||
example: 1
|
||||
page_size:
|
||||
type: integer
|
||||
description: 每页大小
|
||||
example: 20
|
||||
|
||||
PermissionTreeNode:
|
||||
type: object
|
||||
description: 权限树节点(包含子权限)
|
||||
properties:
|
||||
id:
|
||||
type: integer
|
||||
description: 权限 ID
|
||||
example: 1
|
||||
perm_name:
|
||||
type: string
|
||||
description: 权限名称
|
||||
example: 系统管理
|
||||
perm_code:
|
||||
type: string
|
||||
description: 权限编码
|
||||
example: system:manage
|
||||
perm_type:
|
||||
type: integer
|
||||
description: 权限类型(1=菜单, 2=按钮)
|
||||
example: 1
|
||||
url:
|
||||
type: string
|
||||
description: URL 路径
|
||||
example: /admin/system
|
||||
sort:
|
||||
type: integer
|
||||
description: 排序序号
|
||||
example: 1
|
||||
status:
|
||||
type: integer
|
||||
description: 状态(0=禁用, 1=启用)
|
||||
example: 1
|
||||
children:
|
||||
type: array
|
||||
description: 子权限列表
|
||||
items:
|
||||
$ref: '#/components/schemas/PermissionTreeNode'
|
||||
|
||||
securitySchemes:
|
||||
BearerAuth:
|
||||
type: http
|
||||
scheme: bearer
|
||||
bearerFormat: JWT
|
||||
|
||||
security:
|
||||
- BearerAuth: []
|
||||
Reference in New Issue
Block a user