feat: support groups in app login permissions (#2413)

* fix(permission): fix CheckLoginPermission() logic

* style: fix code format

---------

Co-authored-by: aidenlu <aiden_lu@wochacha.com>

object/check.go

@@ -370,7 +370,7 @@ func CheckLoginPermission(userId string, application *Application) (bool, error)
 			continue
 		}
 
-		if !permission.isUserHit(userId) {
+		if !permission.isUserHit(userId) && !permission.isRoleHit(userId) {
 			if permission.Effect == "Allow" {
 				allowPermissionCount += 1
 			} else {

object/permission.go

@@ -434,6 +434,21 @@ func (p *Permission) isUserHit(name string) bool {
 	return false
 }
 
+func (p *Permission) isRoleHit(userId string) bool {
+	targetRoles, err := getRolesByUser(userId)
+	if err != nil {
+		return false
+	}
+	for _, role := range p.Roles {
+		for _, targetRole := range targetRoles {
+			if targetRole.GetId() == role {
+				return true
+			}
+		}
+	}
+	return false
+}
+
 func (p *Permission) isResourceHit(name string) bool {
 	for _, resource := range p.Resources {
 		if resource == "*" || resource == name {