akmon/utils/permissionService.uts

// 权限服务：判断用户是否有某权限、获取用户权限列表等
// 可根据实际业务扩展

import supa from '../components/supadb/aksupainstance.uts'

export type PermissionCheckOptions = {
  userId: string;
  permissionCode: string;
  scopeType?: string;
  scopeId?: string;
}

/**
 * 检查用户是否拥有某个权限
 * @param options userId, permissionCode, scopeType, scopeId
 * @returns boolean
 */
export async function hasPermission(options: PermissionCheckOptions): Promise<boolean> {
  const { userId, permissionCode, scopeType, scopeId } = options
  // 优先查缓存（仅全局权限，不含scopeType/scopeId）
  if ((scopeType == null) && (scopeId == null) && Array.isArray(userPermissionCache[userId])) {
    return (userPermissionCache[userId] as Array<any>).includes(permissionCode)
  }
  // 查询用户角色-权限关系
  let query = supa
    .from('ak_user_roles')
    .select('id, role_id, scope_type, scope_id, ak_roles!inner(id, name)', null)
    .eq('user_id', userId)
  if (scopeType != null) query = query.eq('scope_type', scopeType)
  if (scopeId != null) query = query.eq('scope_id', scopeId)
  const result= await query.execute() 
   let data = result.data
   let error = result.error

  if (error != null || data == null) return false
  // 检查是否有对应权限
  let arr: any[] = []
  if (Array.isArray(data)) {
    arr = data
  }
  else{
    arr = new Array(data);
  } 
  for (let i = 0; i < arr.length; i++) {
    let ur = arr[i] as String
    let hasPerm = false
    // let perms = (typeof ur.get === "function") ? ur.get("ak_role_permissions") : ur["ak_role_permissions"];
    // if (perms != null) {
    //   for (let j = 0; j < perms.length; j++) {
    //     let rp = perms[j]
    //     if (rp.ak_permissions && rp.ak_permissions.code === permissionCode) {
    //       hasPerm = true
    //       break
    //     }
    //   }
    // }
    if (hasPerm) {
      // 如果是全局权限，写入缓存
      if (scopeType == null && scopeId == null) {
        // if (!Array.isArray(userPermissionCache[userId])) userPermissionCache[userId] = []
        // if (!(userPermissionCache[userId] as Array<any>).includes(permissionCode)) {
        //   (userPermissionCache[userId] as Array<any>).push(permissionCode)
        // }
      }
      return true
    }
  }
  return false
}

// 用户权限缓存（内存，key为userId）
let userPermissionCache = {}

export function clearCache(userId?: string) {
  if (userId) {
    delete userPermissionCache[userId]
  } else {
    for (const k in userPermissionCache) delete userPermissionCache[k]
  }
}

/**
 * 获取用户所有权限code列表
 * @param userId 用户ID
 * @returns string[]
 */
export async function getUserPermissions(userId: string): Promise<string[]> {
  if (Array.isArray(userPermissionCache[userId])) {
    return userPermissionCache[userId] as string[]
  }
  const result = await supa
    .from('ak_user_roles')
    .select('id, role_id, ak_roles!inner(id, name)', null)
    .eq('user_id', userId)
    .execute();
  let data = result["data"]
  let error = result["error"]
  if (error != null || data == null) return []
  let arr: any[] = []
  if (Array.isArray(data)) {
    arr = data
  }  else{
    arr = new Array(data);
  } 
  const codes = new Set<string>()
  for (let i = 0; i < arr.length; i++) {
    let ur = arr[i]
    // if (ur.ak_role_permissions) {
    //   for (let j = 0; j < ur.ak_role_permissions.length; j++) {
    //     let rp = ur.ak_role_permissions[j]
    //     if (rp.ak_permissions && rp.ak_permissions.code) {
    //       codes.add(rp.ak_permissions.code)
    //     }
    //   }
    // }
  }
  const resultArr = Array.from(codes)
  userPermissionCache[userId] = resultArr
  return resultArr
}

/**
 * 获取所有权限
 * @returns 权限对象数组
 */
export async function getAllPermissions(): Promise<any[]> {
  let result = await supa
    .from('ak_permissions')
    .select('*', null)
    .execute();
  let data = result["data"]
  let error = result["error"]
  if (error != null || data == null) return []
  let arr: any[] = []
  if (Array.isArray(data)) {
    arr = data
  }   else{
    arr = new Array(data);
  } 
  return arr
}