feat: support checking permissions for group roles (#2422)

* fix(permission): fix CheckLoginPermission() logic

* style: fix code format

* feat: support settting roles for groups

* fix: fix field name

* style: format codes

---------

Co-authored-by: aidenlu <aiden_lu@wochacha.com>

object/role.go

@@ -254,14 +254,24 @@ func (role *Role) GetId() string {
 
 func getRolesByUserInternal(userId string) ([]*Role, error) {
 	roles := []*Role{}
-	err := ormer.Engine.Where("users like ?", "%"+userId+"\"%").Find(&roles)
+	user, err := GetUser(userId)
+	if err != nil {
+		return roles, err
+	}
+
+	query := ormer.Engine.Where("role.users like ?", fmt.Sprintf("%%%s%%", userId))
+	for _, group := range user.Groups {
+		query = query.Or("role.groups like ?", fmt.Sprintf("%%%s%%", group))
+	}
+
+	err = query.Find(&roles)
 	if err != nil {
 		return roles, err
 	}
 
 	res := []*Role{}
 	for _, role := range roles {
-		if util.InSlice(role.Users, userId) {
+		if util.InSlice(role.Users, userId) || util.HaveIntersection(role.Groups, user.Groups) {
 			res = append(res, role)
 		}
 	}

util/slice.go

@@ -60,3 +60,19 @@ func ReturnAnyNotEmpty(strs ...string) string {
 	}
 	return ""
 }
+
+func HaveIntersection(arr1 []string, arr2 []string) bool {
+	elements := make(map[string]bool)
+
+	for _, str := range arr1 {
+		elements[str] = true
+	}
+
+	for _, str := range arr2 {
+		if elements[str] {
+			return true
+		}
+	}
+
+	return false
+}

web/src/locales/zh/data.json

@@ -804,7 +804,9 @@
     "Sub roles": "包含角色",
     "Sub roles - Tooltip": "当前角色所包含的子角色",
     "Sub users": "包含用户",
-    "Sub users - Tooltip": "当前角色所包含的子用户"
+    "Sub users - Tooltip": "当前角色所包含的用户",
+    "Sub groups": "包含群组",
+    "Sub groups - Tooltip": "当前角色所包含的群组"
   },
   "signup": {
     "Accept": "阅读并接受",
@@ -1030,4 +1032,4 @@
     "New Webhook": "添加Webhook",
     "Value": "值"
   }
-}
+}