登录权限返回修改

internal/model/dto/auth_dto.go

@@ -6,12 +6,24 @@ type LoginRequest struct {
 	Device   string `json:"device" validate:"omitempty,oneof=web h5 mobile"`
 }
 
+// MenuNode 菜单节点（树形结构）
+type MenuNode struct {
+	ID       uint       `json:"id" description:"权限ID"`
+	PermCode string     `json:"perm_code" description:"权限码"`
+	Name     string     `json:"name" description:"菜单名称"`
+	URL      string     `json:"url" description:"路由路径"`
+	Sort     int        `json:"sort" description:"排序值"`
+	Children []MenuNode `json:"children" description:"子菜单"`
+}
+
 type LoginResponse struct {
-	AccessToken  string   `json:"access_token"`
-	RefreshToken string   `json:"refresh_token"`
-	ExpiresIn    int64    `json:"expires_in"`
-	User         UserInfo `json:"user"`
-	Permissions  []string `json:"permissions"`
+	AccessToken  string     `json:"access_token"`
+	RefreshToken string     `json:"refresh_token"`
+	ExpiresIn    int64      `json:"expires_in"`
+	User         UserInfo   `json:"user"`
+	Permissions  []string   `json:"permissions" description:"所有权限码（向后兼容）"`
+	Menus        []MenuNode `json:"menus" description:"菜单树"`
+	Buttons      []string   `json:"buttons" description:"按钮权限码"`
 }
 
 type UserInfo struct {

internal/service/auth/classify_test.go

@@ -0,0 +1,186 @@
+package auth
+
+import (
+	"testing"
+
+	"github.com/break/junhong_cmp_fiber/internal/model"
+	"github.com/break/junhong_cmp_fiber/pkg/constants"
+	"github.com/stretchr/testify/assert"
+	"go.uber.org/zap"
+	"gorm.io/gorm"
+)
+
+func TestClassifyPermissions_PlatformFilter(t *testing.T) {
+	logger, _ := zap.NewDevelopment()
+	service := &Service{logger: logger}
+
+	permissions := []*model.Permission{
+		{
+			Model:    gorm.Model{ID: 1},
+			PermCode: "dashboard:menu",
+			PermName: "仪表盘",
+			PermType: constants.PermissionTypeMenu,
+			Platform: constants.PlatformAll,
+			Status:   constants.StatusEnabled,
+		},
+		{
+			Model:    gorm.Model{ID: 2},
+			PermCode: "user:menu",
+			PermName: "用户管理",
+			PermType: constants.PermissionTypeMenu,
+			Platform: constants.PlatformWeb,
+			Status:   constants.StatusEnabled,
+		},
+		{
+			Model:    gorm.Model{ID: 3},
+			PermCode: "mobile:menu",
+			PermName: "移动端菜单",
+			PermType: constants.PermissionTypeMenu,
+			Platform: constants.PlatformH5,
+			Status:   constants.StatusEnabled,
+		},
+	}
+
+	allCodes, menus, buttons, err := service.classifyPermissions(permissions, constants.PlatformWeb)
+
+	assert.NoError(t, err)
+	assert.Len(t, allCodes, 2)
+	assert.Contains(t, allCodes, "dashboard:menu")
+	assert.Contains(t, allCodes, "user:menu")
+	assert.NotContains(t, allCodes, "mobile:menu")
+	assert.Len(t, menus, 2)
+	assert.Empty(t, buttons)
+}
+
+func TestClassifyPermissions_MenuAndButton(t *testing.T) {
+	logger, _ := zap.NewDevelopment()
+	service := &Service{logger: logger}
+
+	permissions := []*model.Permission{
+		{
+			Model:    gorm.Model{ID: 1},
+			PermCode: "user:menu",
+			PermName: "用户管理",
+			PermType: constants.PermissionTypeMenu,
+			Platform: constants.PlatformAll,
+			Status:   constants.StatusEnabled,
+		},
+		{
+			Model:    gorm.Model{ID: 2},
+			PermCode: "user:create",
+			PermName: "创建用户",
+			PermType: constants.PermissionTypeButton,
+			Platform: constants.PlatformAll,
+			Status:   constants.StatusEnabled,
+		},
+		{
+			Model:    gorm.Model{ID: 3},
+			PermCode: "user:delete",
+			PermName: "删除用户",
+			PermType: constants.PermissionTypeButton,
+			Platform: constants.PlatformAll,
+			Status:   constants.StatusEnabled,
+		},
+	}
+
+	allCodes, menus, buttons, err := service.classifyPermissions(permissions, constants.PlatformWeb)
+
+	assert.NoError(t, err)
+	assert.Len(t, allCodes, 3)
+	assert.Len(t, menus, 1)
+	assert.Equal(t, "user:menu", menus[0].PermCode)
+	assert.Len(t, buttons, 2)
+	assert.Contains(t, buttons, "user:create")
+	assert.Contains(t, buttons, "user:delete")
+}
+
+func TestClassifyPermissions_AllPermissions(t *testing.T) {
+	logger, _ := zap.NewDevelopment()
+	service := &Service{logger: logger}
+
+	permissions := []*model.Permission{
+		{
+			Model:    gorm.Model{ID: 1},
+			PermCode: "menu1",
+			PermName: "菜单1",
+			PermType: constants.PermissionTypeMenu,
+			Platform: constants.PlatformAll,
+			Status:   constants.StatusEnabled,
+		},
+		{
+			Model:    gorm.Model{ID: 2},
+			PermCode: "button1",
+			PermName: "按钮1",
+			PermType: constants.PermissionTypeButton,
+			Platform: constants.PlatformAll,
+			Status:   constants.StatusEnabled,
+		},
+	}
+
+	allCodes, _, _, err := service.classifyPermissions(permissions, constants.PlatformWeb)
+
+	assert.NoError(t, err)
+	assert.Len(t, allCodes, 2)
+	assert.Contains(t, allCodes, "menu1")
+	assert.Contains(t, allCodes, "button1")
+}
+
+func TestClassifyPermissions_PlatformAll(t *testing.T) {
+	logger, _ := zap.NewDevelopment()
+	service := &Service{logger: logger}
+
+	permissions := []*model.Permission{
+		{
+			Model:    gorm.Model{ID: 1},
+			PermCode: "common:menu",
+			PermName: "通用菜单",
+			PermType: constants.PermissionTypeMenu,
+			Platform: constants.PlatformAll,
+			Status:   constants.StatusEnabled,
+		},
+	}
+
+	allCodesWeb, menusWeb, _, errWeb := service.classifyPermissions(permissions, constants.PlatformWeb)
+	allCodesH5, menusH5, _, errH5 := service.classifyPermissions(permissions, constants.PlatformH5)
+
+	assert.NoError(t, errWeb)
+	assert.NoError(t, errH5)
+	assert.Len(t, allCodesWeb, 1)
+	assert.Len(t, allCodesH5, 1)
+	assert.Len(t, menusWeb, 1)
+	assert.Len(t, menusH5, 1)
+	assert.Equal(t, "common:menu", menusWeb[0].PermCode)
+	assert.Equal(t, "common:menu", menusH5[0].PermCode)
+}
+
+func TestClassifyPermissions_DisabledPermissions(t *testing.T) {
+	logger, _ := zap.NewDevelopment()
+	service := &Service{logger: logger}
+
+	permissions := []*model.Permission{
+		{
+			Model:    gorm.Model{ID: 1},
+			PermCode: "enabled:menu",
+			PermName: "启用菜单",
+			PermType: constants.PermissionTypeMenu,
+			Platform: constants.PlatformAll,
+			Status:   constants.StatusEnabled,
+		},
+		{
+			Model:    gorm.Model{ID: 2},
+			PermCode: "disabled:menu",
+			PermName: "禁用菜单",
+			PermType: constants.PermissionTypeMenu,
+			Platform: constants.PlatformAll,
+			Status:   constants.StatusDisabled,
+		},
+	}
+
+	allCodes, menus, _, err := service.classifyPermissions(permissions, constants.PlatformWeb)
+
+	assert.NoError(t, err)
+	assert.Len(t, allCodes, 1)
+	assert.Contains(t, allCodes, "enabled:menu")
+	assert.NotContains(t, allCodes, "disabled:menu")
+	assert.Len(t, menus, 1)
+}

internal/service/auth/menu_tree_test.go

@@ -0,0 +1,126 @@
+package auth
+
+import (
+	"testing"
+
+	"github.com/break/junhong_cmp_fiber/internal/model"
+	"github.com/break/junhong_cmp_fiber/internal/model/dto"
+	"github.com/stretchr/testify/assert"
+	"go.uber.org/zap"
+	"gorm.io/gorm"
+)
+
+func TestBuildMenuTree_RootNodes(t *testing.T) {
+	logger, _ := zap.NewDevelopment()
+	service := &Service{logger: logger}
+
+	permissions := []*model.Permission{
+		{Model: gorm.Model{ID: 1}, PermCode: "user:menu", PermName: "用户管理", URL: "/users", Sort: 1, ParentID: nil},
+		{Model: gorm.Model{ID: 2}, PermCode: "order:menu", PermName: "订单管理", URL: "/orders", Sort: 2, ParentID: nil},
+		{Model: gorm.Model{ID: 3}, PermCode: "dashboard:menu", PermName: "仪表盘", URL: "/dashboard", Sort: 0, ParentID: nil},
+	}
+
+	result := service.buildMenuTree(permissions)
+
+	assert.Len(t, result, 3)
+	assert.Equal(t, "dashboard:menu", result[0].PermCode)
+	assert.Equal(t, "user:menu", result[1].PermCode)
+	assert.Equal(t, "order:menu", result[2].PermCode)
+	assert.Empty(t, result[0].Children)
+}
+
+func TestBuildMenuTree_MultiLevel(t *testing.T) {
+	logger, _ := zap.NewDevelopment()
+	service := &Service{logger: logger}
+
+	parentID1 := uint(1)
+	parentID2 := uint(3)
+
+	permissions := []*model.Permission{
+		{Model: gorm.Model{ID: 1}, PermCode: "user:menu", PermName: "用户管理", URL: "/users", Sort: 1, ParentID: nil},
+		{Model: gorm.Model{ID: 2}, PermCode: "user:list:menu", PermName: "用户列表", URL: "/users/list", Sort: 10, ParentID: &parentID1},
+		{Model: gorm.Model{ID: 3}, PermCode: "user:role:menu", PermName: "角色管理", URL: "/users/roles", Sort: 5, ParentID: &parentID1},
+		{Model: gorm.Model{ID: 4}, PermCode: "user:role:detail:menu", PermName: "角色详情", URL: "/users/roles/detail", Sort: 1, ParentID: &parentID2},
+	}
+
+	result := service.buildMenuTree(permissions)
+
+	assert.Len(t, result, 1)
+	assert.Equal(t, "user:menu", result[0].PermCode)
+	assert.Len(t, result[0].Children, 2)
+	assert.Equal(t, "user:role:menu", result[0].Children[0].PermCode)
+	assert.Equal(t, "user:list:menu", result[0].Children[1].PermCode)
+	assert.Len(t, result[0].Children[0].Children, 1)
+	assert.Equal(t, "user:role:detail:menu", result[0].Children[0].Children[0].PermCode)
+}
+
+func TestBuildMenuTree_OrphanNodes(t *testing.T) {
+	logger, _ := zap.NewDevelopment()
+	service := &Service{logger: logger}
+
+	nonExistentParentID := uint(999)
+
+	permissions := []*model.Permission{
+		{Model: gorm.Model{ID: 1}, PermCode: "user:menu", PermName: "用户管理", URL: "/users", Sort: 1, ParentID: nil},
+		{Model: gorm.Model{ID: 2}, PermCode: "orphan:menu", PermName: "孤儿菜单", URL: "/orphan", Sort: 0, ParentID: &nonExistentParentID},
+	}
+
+	result := service.buildMenuTree(permissions)
+
+	assert.Len(t, result, 2)
+	assert.Equal(t, "orphan:menu", result[0].PermCode)
+	assert.Equal(t, "user:menu", result[1].PermCode)
+	assert.Empty(t, result[0].Children)
+}
+
+func TestBuildMenuTree_Sorting(t *testing.T) {
+	logger, _ := zap.NewDevelopment()
+	service := &Service{logger: logger}
+
+	parentID := uint(1)
+
+	permissions := []*model.Permission{
+		{Model: gorm.Model{ID: 1}, PermCode: "user:menu", PermName: "用户管理", URL: "/users", Sort: 1, ParentID: nil},
+		{Model: gorm.Model{ID: 2}, PermCode: "user:list:menu", PermName: "用户列表", URL: "/users/list", Sort: 10, ParentID: &parentID},
+		{Model: gorm.Model{ID: 3}, PermCode: "user:role:menu", PermName: "角色管理", URL: "/users/roles", Sort: 5, ParentID: &parentID},
+		{Model: gorm.Model{ID: 4}, PermCode: "user:dept:menu", PermName: "部门管理", URL: "/users/depts", Sort: 8, ParentID: &parentID},
+	}
+
+	result := service.buildMenuTree(permissions)
+
+	assert.Len(t, result, 1)
+	assert.Len(t, result[0].Children, 3)
+	assert.Equal(t, "user:role:menu", result[0].Children[0].PermCode)
+	assert.Equal(t, 5, result[0].Children[0].Sort)
+	assert.Equal(t, "user:dept:menu", result[0].Children[1].PermCode)
+	assert.Equal(t, 8, result[0].Children[1].Sort)
+	assert.Equal(t, "user:list:menu", result[0].Children[2].PermCode)
+	assert.Equal(t, 10, result[0].Children[2].Sort)
+}
+
+func TestBuildMenuTree_EmptyInput(t *testing.T) {
+	logger, _ := zap.NewDevelopment()
+	service := &Service{logger: logger}
+
+	result := service.buildMenuTree([]*model.Permission{})
+
+	assert.NotNil(t, result)
+	assert.Empty(t, result)
+}
+
+func TestSortMenuNodes(t *testing.T) {
+	logger, _ := zap.NewDevelopment()
+	service := &Service{logger: logger}
+
+	nodes := []dto.MenuNode{
+		{ID: 3, PermCode: "c", Sort: 30, Children: []dto.MenuNode{}},
+		{ID: 1, PermCode: "a", Sort: 10, Children: []dto.MenuNode{}},
+		{ID: 2, PermCode: "b", Sort: 20, Children: []dto.MenuNode{}},
+	}
+
+	service.sortMenuNodes(nodes)
+
+	assert.Equal(t, "a", nodes[0].PermCode)
+	assert.Equal(t, "b", nodes[1].PermCode)
+	assert.Equal(t, "c", nodes[2].PermCode)
+}

internal/service/auth/service.go

@@ -2,6 +2,7 @@ package auth
 
 import (
 	"context"
+	"sort"
 
 	"github.com/break/junhong_cmp_fiber/internal/model"
 	"github.com/break/junhong_cmp_fiber/internal/model/dto"
@@ -92,10 +93,12 @@ func (s *Service) Login(ctx context.Context, req *dto.LoginRequest, clientIP str
 		return nil, err
 	}
 
-	permissions, err := s.getUserPermissions(ctx, account.ID)
+	permissions, menus, buttons, err := s.getUserPermissionsAndMenus(ctx, account.ID, account.UserType, device)
 	if err != nil {
 		s.logger.Error("查询用户权限失败", zap.Uint("user_id", account.ID), zap.Error(err))
 		permissions = []string{}
+		menus = []dto.MenuNode{}
+		buttons = []string{}
 	}
 
 	userInfo := s.buildUserInfo(account)
@@ -113,6 +116,8 @@ func (s *Service) Login(ctx context.Context, req *dto.LoginRequest, clientIP str
 		ExpiresIn:    int64(constants.DefaultAccessTokenTTL.Seconds()),
 		User:         userInfo,
 		Permissions:  permissions,
+		Menus:        menus,
+		Buttons:      buttons,
 	}, nil
 }
 
@@ -258,3 +263,135 @@ func (s *Service) getUserTypeName(userType int) string {
 		return "未知"
 	}
 }
+
+func (s *Service) getUserPermissionsAndMenus(ctx context.Context, userID uint, userType int, device string) ([]string, []dto.MenuNode, []string, error) {
+	if userType == constants.UserTypeSuperAdmin {
+		return s.getAllPermissionsForSuperAdmin(ctx, device)
+	}
+
+	accountRoles, err := s.accountRoleStore.GetByAccountID(ctx, userID)
+	if err != nil {
+		return nil, nil, nil, errors.Wrap(errors.CodeInternalError, err, "查询用户角色失败")
+	}
+
+	if len(accountRoles) == 0 {
+		return []string{}, []dto.MenuNode{}, []string{}, nil
+	}
+
+	roleIDs := make([]uint, 0, len(accountRoles))
+	for _, ar := range accountRoles {
+		roleIDs = append(roleIDs, ar.RoleID)
+	}
+
+	permIDs, err := s.rolePermStore.GetPermIDsByRoleIDs(ctx, roleIDs)
+	if err != nil {
+		return nil, nil, nil, errors.Wrap(errors.CodeInternalError, err, "查询角色权限失败")
+	}
+
+	if len(permIDs) == 0 {
+		return []string{}, []dto.MenuNode{}, []string{}, nil
+	}
+
+	permissions, err := s.permissionStore.GetByIDs(ctx, permIDs)
+	if err != nil {
+		return nil, nil, nil, errors.Wrap(errors.CodeInternalError, err, "查询权限详情失败")
+	}
+
+	return s.classifyPermissions(permissions, device)
+}
+
+func (s *Service) getAllPermissionsForSuperAdmin(ctx context.Context, device string) ([]string, []dto.MenuNode, []string, error) {
+	permissions, err := s.permissionStore.GetAll(ctx, nil)
+	if err != nil {
+		return nil, nil, nil, errors.Wrap(errors.CodeInternalError, err, "查询所有权限失败")
+	}
+
+	return s.classifyPermissions(permissions, device)
+}
+
+func (s *Service) classifyPermissions(permissions []*model.Permission, device string) ([]string, []dto.MenuNode, []string, error) {
+	var menuPerms []*model.Permission
+	var buttonCodes []string
+	var allCodes []string
+
+	for _, perm := range permissions {
+		if perm.Status != constants.StatusEnabled {
+			continue
+		}
+
+		if perm.Platform != constants.PlatformAll && perm.Platform != device {
+			continue
+		}
+
+		allCodes = append(allCodes, perm.PermCode)
+
+		if perm.PermType == constants.PermissionTypeMenu {
+			menuPerms = append(menuPerms, perm)
+		} else if perm.PermType == constants.PermissionTypeButton {
+			buttonCodes = append(buttonCodes, perm.PermCode)
+		}
+	}
+
+	menuTree := s.buildMenuTree(menuPerms)
+
+	return allCodes, menuTree, buttonCodes, nil
+}
+
+func (s *Service) buildMenuTree(permissions []*model.Permission) []dto.MenuNode {
+	if len(permissions) == 0 {
+		return []dto.MenuNode{}
+	}
+
+	permMap := make(map[uint]*model.Permission)
+	for _, p := range permissions {
+		permMap[p.ID] = p
+	}
+
+	var roots []dto.MenuNode
+	for _, p := range permissions {
+		if p.ParentID == nil || *p.ParentID == 0 {
+			roots = append(roots, s.buildNode(p, permMap))
+		} else if _, ok := permMap[*p.ParentID]; !ok {
+			s.logger.Warn("检测到孤儿节点",
+				zap.Uint("child_id", p.ID),
+				zap.String("perm_code", p.PermCode),
+				zap.Uint("parent_id", *p.ParentID),
+			)
+			roots = append(roots, s.buildNode(p, permMap))
+		}
+	}
+
+	s.sortMenuNodes(roots)
+	return roots
+}
+
+func (s *Service) buildNode(perm *model.Permission, permMap map[uint]*model.Permission) dto.MenuNode {
+	node := dto.MenuNode{
+		ID:       perm.ID,
+		PermCode: perm.PermCode,
+		Name:     perm.PermName,
+		URL:      perm.URL,
+		Sort:     perm.Sort,
+		Children: []dto.MenuNode{},
+	}
+
+	for _, p := range permMap {
+		if p.ParentID != nil && *p.ParentID == perm.ID {
+			node.Children = append(node.Children, s.buildNode(p, permMap))
+		}
+	}
+
+	return node
+}
+
+func (s *Service) sortMenuNodes(nodes []dto.MenuNode) {
+	sort.Slice(nodes, func(i, j int) bool {
+		return nodes[i].Sort < nodes[j].Sort
+	})
+
+	for i := range nodes {
+		if len(nodes[i].Children) > 0 {
+			s.sortMenuNodes(nodes[i].Children)
+		}
+	}
+}