From 45db4deb6b3f34d99397b8a3daa5384b1a21c412 Mon Sep 17 00:00:00 2001
From: aiden <allaher@icloud.com>
Date: Thu, 19 Oct 2023 15:33:45 +0800
Subject: [PATCH] feat: support checking permissions for group roles (#2422)

* fix(permission): fix CheckLoginPermission() logic

* style: fix code format

* feat: support settting roles for groups

* fix: fix field name

* style: format codes

---------

Co-authored-by: aidenlu <aiden_lu@wochacha.com>
---
 object/role.go               | 14 ++++++++++++--
 util/slice.go                | 16 ++++++++++++++++
 web/src/locales/zh/data.json |  6 ++++--
 3 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/object/role.go b/object/role.go
index 4db4a7fd..9f2c5c19 100644
--- a/object/role.go
+++ b/object/role.go
@@ -254,14 +254,24 @@ func (role *Role) GetId() string {
 
 func getRolesByUserInternal(userId string) ([]*Role, error) {
 	roles := []*Role{}
-	err := ormer.Engine.Where("users like ?", "%"+userId+"\"%").Find(&roles)
+	user, err := GetUser(userId)
+	if err != nil {
+		return roles, err
+	}
+
+	query := ormer.Engine.Where("role.users like ?", fmt.Sprintf("%%%s%%", userId))
+	for _, group := range user.Groups {
+		query = query.Or("role.groups like ?", fmt.Sprintf("%%%s%%", group))
+	}
+
+	err = query.Find(&roles)
 	if err != nil {
 		return roles, err
 	}
 
 	res := []*Role{}
 	for _, role := range roles {
-		if util.InSlice(role.Users, userId) {
+		if util.InSlice(role.Users, userId) || util.HaveIntersection(role.Groups, user.Groups) {
 			res = append(res, role)
 		}
 	}
diff --git a/util/slice.go b/util/slice.go
index ee2cc4b9..83add773 100644
--- a/util/slice.go
+++ b/util/slice.go
@@ -60,3 +60,19 @@ func ReturnAnyNotEmpty(strs ...string) string {
 	}
 	return ""
 }
+
+func HaveIntersection(arr1 []string, arr2 []string) bool {
+	elements := make(map[string]bool)
+
+	for _, str := range arr1 {
+		elements[str] = true
+	}
+
+	for _, str := range arr2 {
+		if elements[str] {
+			return true
+		}
+	}
+
+	return false
+}
diff --git a/web/src/locales/zh/data.json b/web/src/locales/zh/data.json
index 343e0496..30dbd06f 100644
--- a/web/src/locales/zh/data.json
+++ b/web/src/locales/zh/data.json
@@ -804,7 +804,9 @@
     "Sub roles": "包含角色",
     "Sub roles - Tooltip": "当前角色所包含的子角色",
     "Sub users": "包含用户",
-    "Sub users - Tooltip": "当前角色所包含的子用户"
+    "Sub users - Tooltip": "当前角色所包含的用户",
+    "Sub groups": "包含群组",
+    "Sub groups - Tooltip": "当前角色所包含的群组"
   },
   "signup": {
     "Accept": "阅读并接受",
@@ -1030,4 +1032,4 @@
     "New Webhook": "添加Webhook",
     "Value": "值"
   }
-}
+}
\ No newline at end of file