feat: support groups in app login permissions (#2413)

* fix(permission): fix CheckLoginPermission() logic * style: fix code format --------- Co-authored-by: aidenlu <aiden_lu@wochacha.com>
2025-05-22 10:15:47 +08:00 · 2023-10-17 01:35:13 -05:00 · 2023-10-17 01:35:13 -05:00 · cbdeb91ee8
commit cbdeb91ee8
parent 2dd1dc582f
2 changed files with 16 additions and 1 deletions
--- a/object/check.go
+++ b/object/check.go
@ -370,7 +370,7 @@ func CheckLoginPermission(userId string, application *Application) (bool, error)
 			continue
 		}

-		if !permission.isUserHit(userId) {
+		if !permission.isUserHit(userId) && !permission.isRoleHit(userId) {
 			if permission.Effect == "Allow" {
 				allowPermissionCount += 1
 			} else {
--- a/object/permission.go
+++ b/object/permission.go
@ -434,6 +434,21 @@ func (p *Permission) isUserHit(name string) bool {
 	return false
 }

+func (p *Permission) isRoleHit(userId string) bool {
+	targetRoles, err := getRolesByUser(userId)
+	if err != nil {
+		return false
+	}
+	for _, role := range p.Roles {
+		for _, targetRole := range targetRoles {
+			if targetRole.GetId() == role {
+				return true
+			}
+		}
+	}
+	return false
+}
+
 func (p *Permission) isResourceHit(name string) bool {
 	for _, resource := range p.Resources {
 		if resource == "*" || resource == name {