resource

package
v0.0.0-...-5fc39c8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 22, 2025 License: Apache-2.0 Imports: 57 Imported by: 0

Documentation

Index

Constants

View Source 
const ArnSplit = authz.ArnSplit
View Source 
const SplitPolicyEffect = "&&"

Variables

This section is empty.

Functions

func DiffArrays 

func DiffArrays[T int | int64 | string | float32 | float64](a []T, b []T) ([]T, []T)

DiffArrays 查找两数组新增及删除的元素: a:新数组 b:旧数组

func GeneralMFASecret 

func GeneralMFASecret() string

GeneralMFASecret gen a secret for google authenticator

func MaskEmail 

func MaskEmail(email string) string

MaskEmail 邮箱脱敏处理

func RandomStr 

func RandomStr(n int) string

RandomStr generate random string,exclude 0,i,l

func RemoveDuplicateElement 

func RemoveDuplicateElement[T int | int64 | string | float32 | float64](arr []T) []T

RemoveDuplicateElement 去重

func RemoveSliceElement 

func RemoveSliceElement[T int | int64 | string | float32 | float64](a []T, el T) []T

RemoveSliceElement 移除数组指定元素

func SHA256 

func SHA256(s string) string

func SaltSecret 

func SaltSecret(ori, salt string) string

SaltSecret salt secret

func UpdateSliceElement 

func UpdateSliceElement[T int | int64 | string | float32 | float64](a []T, newEl T, oldEl T) []T

UpdateSliceElement 更新数组指定元素

Types

type JwtConfig 

type JwtConfig struct {
	SigningMethod string
	SigningKey    string
}

JwtConfig 用于JWT,在ko-proxy移除后, 应该删除

type Option 

type Option func(*Service)

func WithCfg 

func WithCfg(cnf *conf.AppConfiguration) Option

func WithClient 

func WithClient(client *ent.Client) Option

func WithKOSDK 

func WithKOSDK(sdk *api.SDK) Option

type PasswordPolicy 

type PasswordPolicy struct {
	// 密码最短长度,长度应在6-32位之间
	Length int32 `json:"length"`
	// 必须包含的元素,异或:1-小写字母,2-大写字母,4-数字,8-符号
	IncludeElement int32 `json:"includeElement"`
	// 最少包含的不同字符数,最多8个,0代表不限制
	IncludeChar int32 `json:"includeChar"`
	// 是否允许包含用户名
	AllowIncludeUserName bool `json:"allowIncludeUserName"`
	// 有效天数,最大1095天,0代表不过期
	InvalidDay int32 `json:"invalidDay"`
	// 过期后是否限制登录
	InvalidLoginLimit bool `json:"invalidLoginLimit"`
	// 一小时内密码错误最多尝试次数,最大32次,0代表不限次数
	Retry int32 `json:"retry"`
	// 密码错误多少次出现验证码,最大5次,0代表不出现验证码
	CaptchaTimes int32 `json:"captchaTimes"`
}

PasswordPolicy 密码策略

type Service 

type Service struct {
	Client *ent.Client
	KOSDK  *api.SDK
	// contains filtered or unexported fields
}

Service 企业目录服务管理

func NewService 

func NewService(opt ...Option) *Service

func (*Service) AllotOrganizationUser 

func (s *Service) AllotOrganizationUser(ctx context.Context, input ent.CreateOrgUserInput) error

AllotOrganizationUser 将用户加入组织目录

func (*Service) AppPolicyViewRoleAssigned 

func (s *Service) AppPolicyViewRoleAssigned(ctx context.Context, appRoleID int) ([]*ent.AppPolicyView, error)

func (*Service) AssignAppRolePolicy 

func (s *Service) AssignAppRolePolicy(ctx context.Context, appID int, roleID int, policyIDs []int) error

AssignAppRolePolicy 角色添加权限

func (*Service) AssignOrganizationApp 

func (s *Service) AssignOrganizationApp(ctx context.Context, orgID int, appID int) error

AssignOrganizationApp 分配应用到根组织下. 如: 新账户创建时, 根账户分配已有应用给子账户(需要验证根用户是否该应用权限,可在外层验证).

func (*Service) AssignOrganizationAppPolicy 

func (s *Service) AssignOrganizationAppPolicy(ctx context.Context, orgID int, appPolicyID int) error

func (*Service) AssignOrganizationAppRole 

func (s *Service) AssignOrganizationAppRole(ctx context.Context, orgID int, appRoleID int) error

func (*Service) AssignRoleUser 

func (s *Service) AssignRoleUser(ctx context.Context, input model.AssignRoleUserInput) error

AssignRoleUser is the resolver for the assignRoleUser field.

func (*Service) AutoGrantApp 

func (s *Service) AutoGrantApp(ctx context.Context, appCode string, orgID int, userID int) error

func (*Service) ChangePassword 

func (s *Service) ChangePassword(ctx context.Context, oldPwd, newPwd string) error

func (*Service) CheckPermission 

func (s *Service) CheckPermission(ctx context.Context, permission string) (bool, error)

func (*Service) CheckPermissionByJwt 

func (s *Service) CheckPermissionByJwt(ctx context.Context, jwtStr string, orgID int, action string, appCode string) (bool, error)

func (*Service) CheckPermissionByOrgIDAndUserID 

func (s *Service) CheckPermissionByOrgIDAndUserID(ctx context.Context, permission string, orgID int, userID int) (bool, error)

func (*Service) CreateApp 

func (s *Service) CreateApp(ctx context.Context, input ent.CreateAppInput) (*ent.App, error)

CreateApp 创建应用,默认创建的应用都为公开的,不需要审核

TODO 应用工作流

func (*Service) CreateAppActions 

func (s *Service) CreateAppActions(ctx context.Context, appID int, input []*ent.CreateAppActionInput) ([]*ent.AppAction, error)

CreateAppActions 创建应用权限

func (*Service) CreateAppMenus 

func (s *Service) CreateAppMenus(ctx context.Context, appID int, input []*ent.CreateAppMenuInput) ([]*ent.AppMenu, error)

CreateAppMenus 创建应用菜单,如果有route项,则相应创建action

func (*Service) CreateAppPolicy 

func (s *Service) CreateAppPolicy(ctx context.Context, appID int, appPolicyViewID *int, input ent.CreateAppPolicyInput) (*ent.AppPolicy, error)

CreateAppPolicy 创建应用策略.

该方法会检查应用策略的规则中的action是否以应用代码开头.

func (*Service) CreateAppPolicyView 

func (s *Service) CreateAppPolicyView(ctx context.Context, input ent.CreateAppPolicyViewInput) (*ent.AppPolicyView, error)

func (*Service) CreateOrganization 

func (s *Service) CreateOrganization(ctx context.Context, input ent.CreateOrgInput) (*ent.Org, error)

CreateOrganization 创建组织目录,基于根目录创建

func (*Service) CreateOrganizationAccount 

func (s *Service) CreateOrganizationAccount(ctx context.Context, orgId int, input ent.CreateUserInput) (*ent.User, error)

CreateOrganizationAccount 创建组织目录账户,进入账户激活流程

- 管理员账户才能创建下级组织目录的账户

func (*Service) CreateOrganizationPolicy 

func (s *Service) CreateOrganizationPolicy(ctx context.Context, input ent.CreateOrgPolicyInput) (*ent.OrgPolicy, error)

CreateOrganizationPolicy 创建组织策略,该策略属于租户组织

func (*Service) CreateOrganizationUser 

func (s *Service) CreateOrganizationUser(ctx context.Context, orgId int, input ent.CreateUserInput, ut user.UserType, orgUserType *orguser.UserType) (*ent.User, error)

CreateOrganizationUser 创建组织目录用户

TODO 新用户需要激活,如在国内,用户往往需要绑定手机或邮箱,然后通过邮件或短信激活.

func (*Service) CreateRole 

func (s *Service) CreateRole(ctx context.Context, input ent.CreateOrgRoleInput) (*ent.OrgRole, error)

CreateRole 创建角色或工作组

func (*Service) CreateRoot 

func (s *Service) CreateRoot(ctx context.Context, input ent.CreateOrgInput) (*ent.Org, error)

CreateRoot 创建组织root

func (*Service) CreateUserPassword 

func (s *Service) CreateUserPassword(ctx context.Context, input *ent.CreateUserPasswordInput) (pw *ent.UserPassword, err error)

func (*Service) CreateUserPasswordPolicy 

func (s *Service) CreateUserPasswordPolicy(ctx context.Context, orgID int, input ent.CreateUserPasswordPolicyInput) (*ent.UserPasswordPolicy, error)

func (*Service) DeleteAppAction 

func (s *Service) DeleteAppAction(ctx context.Context, actionID int) error

DeleteAppAction 删除action时,同步删除app_policy与org_policy引用的action

func (*Service) DeleteAppMenu 

func (s *Service) DeleteAppMenu(ctx context.Context, menuID int) error

DeleteAppMenu 删除应用菜单,删除关联的action

func (*Service) DeleteAppPolicy 

func (s *Service) DeleteAppPolicy(ctx context.Context, policyID int) error

DeleteAppPolicy 删除应用策略,该应用必须属于(创建者)该租户才可删除 当应用策略被删除时,原有引用该策略的都保持不变

func (*Service) DeleteAppPolicyView 

func (s *Service) DeleteAppPolicyView(ctx context.Context, appPolicyViewID int) (bool, error)

func (*Service) DeleteAppRole 

func (s *Service) DeleteAppRole(ctx context.Context, roleID int) error

func (*Service) DeleteOrganization 

func (s *Service) DeleteOrganization(ctx context.Context, id int) error

DeleteOrganization 删除组织目录

func (*Service) DeleteOrganizationPolicy 

func (s *Service) DeleteOrganizationPolicy(ctx context.Context, orgPolicyID int) error

func (*Service) DeleteOrganizationUser 

func (s *Service) DeleteOrganizationUser(ctx context.Context, userID int) error

DeleteOrganizationUser 删除本域下的用户,在用户没有被引用时,允许删除

func (*Service) DeleteRole 

func (s *Service) DeleteRole(ctx context.Context, roleID int) error

DeleteRole 删除角色或工作组

func (*Service) DeleteUserIdentity 

func (s *Service) DeleteUserIdentity(ctx context.Context, id int) (bool, error)

func (*Service) DeleteUserPasswordPolicy 

func (s *Service) DeleteUserPasswordPolicy(ctx context.Context) (bool, error)

func (*Service) DisableMFA 

func (s *Service) DisableMFA(ctx context.Context, userID int) error

func (*Service) EnableMFA 

func (s *Service) EnableMFA(ctx context.Context, userID int) (*model.Mfa, error)

EnableMFA 启用用户的MFA验证

func (*Service) EnableOrganization 

func (s *Service) EnableOrganization(ctx context.Context, input model.EnableDirectoryInput) (*ent.Org, error)

EnableOrganization 开启组织目录

func (*Service) GetOrg 

func (s *Service) GetOrg(ctx context.Context, orgID int) (*ent.Org, error)

func (*Service) GetOrgDomain 

func (s *Service) GetOrgDomain(ctx context.Context, orgID int) (string, error)

GetOrgDomain 获取组织域名.orgID为根组织.

func (*Service) GetOrgRoleUserIds 

func (s *Service) GetOrgRoleUserIds(ctx context.Context, orgRoleID int) ([]int, error)

GetOrgRoleUserIds 获取组织用户组/角色用户ids

func (*Service) GetRootOrgByUser 

func (s *Service) GetRootOrgByUser(ctx context.Context, uid int) (*ent.Org, error)

GetRootOrgByUser 获取用户的最顶级的根组织.在组织中,一个账户可能存在多个根组织.需要从context获取租户ID

func (*Service) GetTopOrg 

func (s *Service) GetTopOrg(ctx context.Context, orgID int) (*ent.Org, error)

func (*Service) GetUserApps 

func (s *Service) GetUserApps(ctx context.Context) ([]*ent.App, error)

func (*Service) GetUserMenus 

func (s *Service) GetUserMenus(ctx context.Context, appCode string) ([]*ent.AppMenu, error)

func (*Service) GetUserPermissions 

func (s *Service) GetUserPermissions(ctx context.Context, where *ent.AppActionWhereInput) ([]*ent.AppAction, error)

GetUserPermissions 获取用户的全部权限

func (*Service) GetUserPermissionsByUserID 

func (s *Service) GetUserPermissionsByUserID(ctx context.Context, userID int, tid int, where *ent.AppActionWhereInput) ([]*ent.AppAction, error)

func (*Service) Grant 

func (s *Service) Grant(ctx context.Context, input ent.CreatePermissionInput) (*ent.Permission, error)

Grant 给用户或角色授权.

此时先保证permission数据保存,如果cashbin操作失败,返回状态失败,再需要通过权限管理界面再次激活..

func (*Service) IsAllowRevokeAppPolicy 

func (s *Service) IsAllowRevokeAppPolicy(ctx context.Context, orgID int, appPolicyID int) (bool, error)

IsAllowRevokeAppPolicy 应用策略是否允许解除授权组织 如果授权组织的应用角色包含该策略,则该策略不允许单独解除授权

func (*Service) IsAllowRevokeOrgRole 

func (s *Service) IsAllowRevokeOrgRole(ctx context.Context, userID int, orgRoleID int) (bool, error)

func (*Service) IsAllowRevokePermission 

func (s *Service) IsAllowRevokePermission(ctx context.Context, p *ent.Permission) (bool, error)

func (*Service) IsRootOrg 

func (s *Service) IsRootOrg(ctx context.Context, orgID int) (bool, error)

IsRootOrg 判断组织是否root

func (*Service) MoveAppDictItem 

func (s *Service) MoveAppDictItem(ctx context.Context, sourceID int, targetID int, action model.TreeAction) error

func (*Service) MoveAppMenu 

func (s *Service) MoveAppMenu(ctx context.Context, src int, tar int, action model.TreeAction) (err error)

MoveAppMenu 移动菜单

func (*Service) MoveAppPolicyView 

func (s *Service) MoveAppPolicyView(ctx context.Context, src, tar int, action model.TreeAction) (err error)

MoveAppPolicyView 移动地区目录.

func (*Service) MoveCountry 

func (s *Service) MoveCountry(ctx context.Context, src, tar int, action model.ListAction) (err error)

MoveCountry 移动国家.

func (*Service) MoveOrganization 

func (s *Service) MoveOrganization(ctx context.Context, src, tar int, action model.TreeAction) (err error)

MoveOrganization 移动组织目录.

func (*Service) MoveRegion 

func (s *Service) MoveRegion(ctx context.Context, src, tar int, action model.TreeAction) (err error)

MoveRegion 移动地区目录.

func (*Service) OrgFileIdentities 

func (s *Service) OrgFileIdentities(ctx context.Context, tid int) ([]*ent.FileIdentity, error)

func (*Service) OrgPolicyView 

func (s *Service) OrgPolicyView(ctx context.Context, appCode string, orgID *int) ([]*model.AppPolicyViewOrgPolicy, error)

func (*Service) OrgPolicyViewOrgPolicies 

func (s *Service) OrgPolicyViewOrgPolicies(ctx context.Context, appCode string, orgID *int) ([]*model.AppPolicyViewOrgPolicy, error)

func (*Service) OrgPolicyViewRoleAssigned 

func (s *Service) OrgPolicyViewRoleAssigned(ctx context.Context, orgRoleID int, appCode string, orgID *int) ([]int, error)

func (*Service) OrgPolicyViewUserAssigned 

func (s *Service) OrgPolicyViewUserAssigned(ctx context.Context, userID int, appCode string, orgID *int) ([]int, error)

func (*Service) OrgPolicyViewUserRoleAssigned 

func (s *Service) OrgPolicyViewUserRoleAssigned(ctx context.Context, userID int, appCode string, orgID int) ([]int, error)

func (*Service) ParentDomain 

func (s *Service) ParentDomain(ctx context.Context, orgID int) (string, error)

func (*Service) RecoverOrgUser 

func (s *Service) RecoverOrgUser(ctx context.Context, userID int, userInput ent.UpdateUserInput, pwdKind userloginprofile.SetKind, pwdInput *ent.CreateUserPasswordInput, contact *ent.UpdateUserAddrInput) (*ent.User, error)

RecoverOrgUser 恢复删除用户

func (*Service) RemoveDuplicatesAppDictItems 

func (s *Service) RemoveDuplicatesAppDictItems(items []*ent.AppDictItem) []*ent.AppDictItem

func (*Service) RemoveOrganizationUser 

func (s *Service) RemoveOrganizationUser(ctx context.Context, orgID int, userID int) error

RemoveOrganizationUser 将用户从组织目录中移除.

func (*Service) ResetUserPasswordByEmail 

func (s *Service) ResetUserPasswordByEmail(ctx context.Context, userID int) error

func (*Service) Revoke 

func (s *Service) Revoke(ctx context.Context, orgID int, permissionID int) error

Revoke 撤销用户或角色的权限.

func (*Service) RevokeAppRolePolicy 

func (s *Service) RevokeAppRolePolicy(ctx context.Context, appID int, roleID int, policyIDs []int) error

RevokeAppRolePolicy 应用角色删除权限

func (*Service) RevokeImpl 

func (s *Service) RevokeImpl(ctx context.Context, orgID int, p *ent.Permission) error

func (*Service) RevokeOrganizationApp 

func (s *Service) RevokeOrganizationApp(ctx context.Context, orgID int, appID int) error

RevokeOrganizationApp 移除组织下的应用,同时物理删除授权信息与收回授权.

func (*Service) RevokeOrganizationAppPolicy 

func (s *Service) RevokeOrganizationAppPolicy(ctx context.Context, orgID int, appPolicyID int) error

func (*Service) RevokeOrganizationAppRole 

func (s *Service) RevokeOrganizationAppRole(ctx context.Context, orgID int, appRoleID int) error

func (*Service) RevokeRoleUser 

func (s *Service) RevokeRoleUser(ctx context.Context, roleID int, userID int) error

RevokeRoleUser is the resolver for the revokeRoleUser field.

func (*Service) SaveOrgUserPreference 

func (s *Service) SaveOrgUserPreference(ctx context.Context, input model.OrgUserPreferenceInput) (*ent.OrgUserPreference, error)

func (*Service) SendMFAToUserByEmail 

func (s *Service) SendMFAToUserByEmail(ctx context.Context, userID int) error

func (*Service) SyncAppRoleToOrg 

func (s *Service) SyncAppRoleToOrg(ctx context.Context, orgID int, appRoleID int) error

SyncAppRoleToOrg 同步应用角色到组织角色,需处理权限视图的策略,及添加的权限策略

func (*Service) UpdateApp 

func (s *Service) UpdateApp(ctx context.Context, appID int, input ent.UpdateAppInput) (*ent.App, error)

UpdateApp 更新应用

func (*Service) UpdateAppAction 

func (s *Service) UpdateAppAction(ctx context.Context, actionID int, input ent.UpdateAppActionInput) (*ent.AppAction, error)

UpdateAppAction 更新action时,同步更新app_policy与org_policy引用的action

func (*Service) UpdateAppMenu 

func (s *Service) UpdateAppMenu(ctx context.Context, menuID int, input ent.UpdateAppMenuInput) (*ent.AppMenu, error)

UpdateAppMenu 更新应用菜单,如果更新了route,则更新action

func (*Service) UpdateAppPolicy 

func (s *Service) UpdateAppPolicy(ctx context.Context, policyID int, input ent.UpdateAppPolicyInput) (*ent.AppPolicy, error)

UpdateAppPolicy 更新应用策略,该应用必须属于(创建者)该租户才可更新 当应用策略更新时,会被当前最新的策略模板,原有引用该策略的都更新

func (*Service) UpdateAppPolicyView 

func (s *Service) UpdateAppPolicyView(ctx context.Context, appPolicyViewID int, input ent.UpdateAppPolicyViewInput) (*ent.AppPolicyView, error)

func (*Service) UpdateAppRole 

func (s *Service) UpdateAppRole(ctx context.Context, roleID int, input ent.UpdateAppRoleInput) (*ent.AppRole, error)

func (*Service) UpdateLoginProfile 

func (s *Service) UpdateLoginProfile(ctx context.Context, userID int, input ent.UpdateUserLoginProfileInput) (*ent.UserLoginProfile, error)

func (*Service) UpdateOrganizationPolicy 

func (s *Service) UpdateOrganizationPolicy(ctx context.Context, orgPolicyID int, input ent.UpdateOrgPolicyInput) (*ent.OrgPolicy, error)

func (*Service) UpdatePermission 

func (s *Service) UpdatePermission(ctx context.Context, permissionID int, input ent.UpdatePermissionInput) (*ent.Permission, error)

UpdatePermission 更新权限的

func (*Service) UpdateRole 

func (s *Service) UpdateRole(ctx context.Context, roleID int, input ent.UpdateOrgRoleInput) (*ent.OrgRole, error)

UpdateRole 更新角色或工作组

func (*Service) UpdateUser 

func (s *Service) UpdateUser(ctx context.Context, userID int, input ent.UpdateUserInput, contact *ent.UpdateUserAddrInput) (*ent.User, error)

UpdateUser 更新用户信息,允许更新用户的email,phone,但这些信息需要通过验证被引入UserIdentity中才能生效.

func (*Service) UpdateUserPasswordPolicy 

func (s *Service) UpdateUserPasswordPolicy(ctx context.Context, orgID int, input ent.UpdateUserPasswordPolicyInput) (*ent.UserPasswordPolicy, error)

func (*Service) UserPasswordPolicy 

func (s *Service) UserPasswordPolicy(ctx context.Context) (*ent.UserPasswordPolicy, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.