feat: 增加 group.updateGroupRolePermission 和 group.getGroupUserPermission

Author: moonrailgun

jest.config.js

@@ -6,7 +6,7 @@ module.exports = {
   ],
   globals: {
     'ts-jest': {
-      tsConfig: 'tsconfig.json',
+      tsconfig: 'tsconfig.json',
     },
   },
 };

models/group/group.ts

@@ -8,6 +8,7 @@ import {
   Severity,
 } from '@typegoose/typegoose';
 import { Base, TimeStamps } from '@typegoose/typegoose/lib/defaultClasses';
+import _ from 'lodash';
 import { Types } from 'mongoose';
 import { BUILTIN_GROUP_PERM, NAME_REGEXP } from '../../lib/const';
 import { User } from '../user/user';
@@ -22,7 +23,7 @@ class GroupMember {
   @prop({
     type: () => String,
   })
-  role?: string[]; // 角色
+  roles?: string[]; // 角色
 
   @prop({
     ref: () => User,
@@ -74,7 +75,7 @@ export class GroupRole implements Base {
   @prop({
     type: () => String,
   })
-  permission: string[]; // 拥有的权限, 是一段字符串
+  permissions: string[]; // 拥有的权限, 是一段字符串
 }
 
 export class Group extends TimeStamps implements Base {
@@ -103,12 +104,7 @@ export class Group extends TimeStamps implements Base {
 
   @prop({
     type: () => GroupRole,
-    default: [
-      {
-        name: 'manager',
-        permission: [...Object.keys(BUILTIN_GROUP_PERM)],
-      },
-    ],
+    default: [],
   })
   roles?: GroupRole[];
 
@@ -153,7 +149,7 @@ export class Group extends TimeStamps implements Base {
       owner,
       members: [
         {
-          role: ['manager'],
+          roles: [],
           userId: owner,
         },
       ],
@@ -174,6 +170,66 @@ export class Group extends TimeStamps implements Base {
       'members.userId': userId,
     });
   }
+
+  /**
+   * 修改群组权限
+   */
+  static async updateGroupRolePermission(
+    this: ReturnModelType<typeof Group>,
+    groupId: string,
+    roleName: string,
+    permissions: string[],
+    operatorUserId: string
+  ): Promise<Group> {
+    const group = await this.findById(groupId);
+    if (!group) {
+      throw new Error('Not Found Group');
+    }
+
+    // 首先判断是否有修改权限的权限
+    if (String(group.owner) !== operatorUserId) {
+      throw new Error('No Permission');
+    }
+
+    const modifyRole = group.roles.find((role) => role.name === roleName);
+    if (!modifyRole) {
+      throw new Error('Not Found Role');
+    }
+
+    modifyRole.permissions = [...permissions];
+    await group.save();
+
+    return group;
+  }
+
+  /**
+   * 获取用户所有权限
+   */
+  static async getGroupUserPermission(
+    this: ReturnModelType<typeof Group>,
+    groupId: string,
+    userId: string
+  ): Promise<string[]> {
+    const group = await this.findById(groupId);
+    if (!group) {
+      throw new Error('Not Found Group');
+    }
+
+    const member = group.members.find(
+      (member) => String(member.userId) === userId
+    );
+    if (!member) {
+      throw new Error('Not Found Member');
+    }
+
+    const allRoles = member.roles;
+    const allRolesPermission = allRoles.map((roleName) => {
+      const p = group.roles.find((r) => r.name === roleName);
+
+      return p?.permissions ?? [];
+    });
+    return _.union(...allRolesPermission); // 权限取并集
+  }
 }
 
 export type GroupDocument = DocumentType<Group>;

services/base.ts

@@ -1,6 +1,7 @@
 import {
   ActionHandler,
   ActionSchema,
+  CallingOptions,
   Context,
   Service,
   ServiceBroker,
@@ -192,6 +193,17 @@ export abstract class TcService extends Service {
     return `notify:${this.serviceName}.${eventName}`;
   }
 
+  /**
+   * 本地调用操作，不经过外部转发
+   */
+  protected localCall(
+    actionName: string,
+    params?: {},
+    opts?: CallingOptions
+  ): Promise<any> {
+    return this.actions[actionName](params, opts);
+  }
+
   /**
    * 单播推送socket事件
    */

services/core/group/group.service.ts

@@ -116,6 +116,25 @@ class GroupService extends TcService {
         roleName: 'string',
       },
     });
+    this.registerAction(
+      'updateGroupRolePermission',
+      this.updateGroupRolePermission,
+      {
+        params: {
+          groupId: 'string',
+          roleName: 'string',
+          permissions: {
+            type: 'array',
+            items: 'string',
+          },
+        },
+      }
+    );
+    this.registerAction('getGroupUserPermission', this.getGroupUserPermission, {
+      params: {
+        groupId: 'string',
+      },
+    });
   }
 
   /**
@@ -593,11 +612,10 @@ class GroupService extends TcService {
       .exec();
 
     const json = await this.transformDocuments(ctx, {}, group);
-
     this.roomcastNotify(ctx, groupId, 'updateInfo', json);
-
     return json;
   }
+
   /**
    * 删除群组角色
    */
@@ -625,11 +643,53 @@ class GroupService extends TcService {
       .exec();
 
     const json = await this.transformDocuments(ctx, {}, group);
-
     this.roomcastNotify(ctx, groupId, 'updateInfo', json);
+    return json;
+  }
+
+  /**
+   * 更新群组角色权限
+   */
+  async updateGroupRolePermission(
+    ctx: TcContext<{
+      groupId: string;
+      roleName: string;
+      permissions: string[];
+    }>
+  ) {
+    const { groupId, roleName, permissions } = ctx.params;
+    const userId = ctx.meta.userId;
 
+    const group = await this.adapter.model.updateGroupRolePermission(
+      groupId,
+      roleName,
+      permissions,
+      userId
+    );
+
+    const json = await this.transformDocuments(ctx, {}, group);
+    this.roomcastNotify(ctx, groupId, 'updateInfo', json);
     return json;
   }
+
+  /**
+   * 获取群组成员权限
+   */
+  async getGroupUserPermission(
+    ctx: TcContext<{
+      groupId: string;
+    }>
+  ) {
+    const { groupId } = ctx.params;
+    const userId = ctx.meta.userId;
+
+    const permissions = await this.adapter.model.getGroupUserPermission(
+      groupId,
+      userId
+    );
+
+    return permissions;
+  }
 }
 
 export default GroupService;

test/integration/group/group.spec.ts

@@ -83,21 +83,7 @@ describe('Test "group" service', () => {
       const panels = res.panels;
       expect(panels[0].id).toHaveLength(24);
       expect(panels[1].id).toBe(panels[2].parentId);
-
-      // 将会创建默认权限组
-      expect(res.roles).toMatchObject([
-        {
-          permission: [
-            'displayChannel',
-            'manageChannel',
-            'manageRole',
-            'manageGroup',
-            'sendMessage',
-            'sendImage',
-          ],
-          name: 'manager',
-        },
-      ]);
+      expect(res.roles).toEqual([]);
     } finally {
       await service.adapter.model.findByIdAndRemove(res._id);
     }
@@ -129,7 +115,7 @@ describe('Test "group" service', () => {
       [...testGroup.members].map((v) => service.adapter.entityToObject(v))
     ).toEqual([
       {
-        role: ['manager'],
+        roles: [],
         userId,
       },
     ]);
@@ -151,11 +137,11 @@ describe('Test "group" service', () => {
     const newMembers = [...res.members];
     expect(newMembers).toEqual([
       {
-        role: ['manager'],
+        roles: [],
         userId,
       },
       {
-        role: [],
+        roles: [],
         userId: newMemberUserId,
       },
     ]);
@@ -301,7 +287,7 @@ describe('Test "group" service', () => {
         },
         {
           meta: {
-            userId,
+            userId: String(userId),
           },
         }
       );
@@ -335,13 +321,80 @@ describe('Test "group" service', () => {
         },
         {
           meta: {
-            userId,
+            userId: String(userId),
           },
         }
       );
 
       expect(res.roles.length).toBe(0);
       expect(res.roles).toEqual([]);
     });
+
+    test('Test "group.updateGroupRolePermission"', async () => {
+      const userId = new Types.ObjectId();
+      const role = createTestRole('TestRole', ['permission1', 'permission2']);
+      const role2 = createTestRole('TestRole2', ['permission1', 'permission2']);
+      const testGroup = await insertTestData(
+        createTestGroup(userId, {
+          roles: [role, role2],
+        })
+      );
+
+      const res: Group = await broker.call(
+        'group.updateGroupRolePermission',
+        {
+          groupId: String(testGroup.id),
+          roleName: 'TestRole',
+          permissions: ['foo'],
+        },
+        {
+          meta: {
+            userId: String(userId),
+          },
+        }
+      );
+
+      expect(res.roles.length).toBe(2);
+      expect(res.roles).toMatchObject([
+        {
+          name: 'TestRole',
+          permissions: ['foo'],
+        },
+        {
+          name: 'TestRole2',
+          permissions: ['permission1', 'permission2'],
+        },
+      ]);
+    });
+
+    test('Test "group.getGroupUserPermission"', async () => {
+      const userId = new Types.ObjectId();
+      const role1 = createTestRole('TestRole1', ['permission1', 'permission2']);
+      const role2 = createTestRole('TestRole2', ['permission2', 'permission3']);
+      const testGroup = await insertTestData(
+        createTestGroup(userId, {
+          members: [
+            {
+              userId,
+              roles: ['TestRole1', 'TestRole2'],
+            },
+          ],
+          roles: [role1, role2],
+        })
+      );
+
+      const res: string[] = await broker.call(
+        'group.getGroupUserPermission',
+        {
+          groupId: String(testGroup.id),
+        },
+        {
+          meta: {
+            userId: String(userId),
+          },
+        }
+      );
+      expect(res).toEqual(['permission1', 'permission2', 'permission3']);
+    });
   });
 });