novalon/novalon-website
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 创建权限检查工具

Browse Source 
- 定义权限矩阵(admin/editor/viewer)
- 实现权限检查函数
- 实现权限要求函数
This commit is contained in:
张翔
2026-03-08 21:13:39 +08:00
parent 62e251c6f3
commit 96c96fe75d
2 changed files with 77 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/lib/auth/check-permission.ts
+39
View File
@@ -0,0 +1,39 @@
import { getServerSession } from 'next-auth';
import { authOptions } from '../auth';
import { hasPermission, Role, Resource, Action } from './permissions';
export async function checkPermission(
resource: Resource,
action: Action
): Promise<{ allowed: boolean; userId?: string; role?: Role }> {
const session = await getServerSession(authOptions);
if (!session || !session.user) {
return { allowed: false };
}
const userRole = session.user.role as Role;
const allowed = hasPermission(userRole, resource, action);
return {
allowed,
userId: session.user.id,
role: userRole,
};
}
export async function requirePermission(
resource: Resource,
action: Action
): Promise<{ userId: string; role: Role }> {
const result = await checkPermission(resource, action);
if (!result.allowed) {
throw new Error('无权限执行此操作');
}
return {
userId: result.userId!,
role: result.role!,
};
}
src/lib/auth/permissions.ts
+38
View File
@@ -0,0 +1,38 @@
export const PERMISSIONS = {
admin: {
content: ['create', 'read', 'update', 'delete', 'publish'],
config: ['read', 'update'],
users: ['create', 'read', 'update', 'delete'],
logs: ['read'],
},
editor: {
content: ['create', 'read', 'update', 'publish'],
config: ['read'],
users: [],
logs: ['read'],
},
viewer: {
content: ['read'],
config: ['read'],
users: [],
logs: [],
},
} as const;
export type Role = keyof typeof PERMISSIONS;
export type Resource = keyof typeof PERMISSIONS.admin;
export type Action = 'create' | 'read' | 'update' | 'delete' | 'publish';
export function hasPermission(
role: Role,
resource: Resource,
action: Action
): boolean {
const permissions = PERMISSIONS[role];
if (!permissions) return false;
const resourcePermissions = permissions[resource];
if (!resourcePermissions) return false;
return resourcePermissions.includes(action as never);
}