优化
This commit is contained in:
4
website/docs/contribution/dev/_category_.json
Normal file
4
website/docs/contribution/dev/_category_.json
Normal file
@@ -0,0 +1,4 @@
|
||||
{
|
||||
"label": "Development Documentation",
|
||||
"position": 2
|
||||
}
|
||||
76
website/docs/contribution/dev/role.md
Normal file
76
website/docs/contribution/dev/role.md
Normal file
@@ -0,0 +1,76 @@
|
||||
---
|
||||
sidebar_position: 1
|
||||
title: Identity Groups and Permissions
|
||||
---
|
||||
|
||||
Identity groups are a form of dividing user authority points in group management (RBAC).
|
||||
|
||||
An identity group is composed of a series of permission point switches, and a user may be composed of multiple identity groups. For example, identity group A has A permission, and identity group B has B permission. User C in group A and identity group B has permission A and permission B. In order to simplify the design of permissions, permission points are implemented through simple `true/false`
|
||||
|
||||
More about `RBAC` can be found in the related wiki: https://en.wikipedia.org/wiki/Role-based_access_control I won’t go into details here.
|
||||
|
||||
The following mainly talks about how to add/modify permission points in `Tailchat`
|
||||
|
||||
|
||||
## Built-in permissions
|
||||
|
||||
Permission points need to be declared on both the front-end and back-end at the same time. The front-end is responsible for the display of the front-end, and the back-end is responsible for the comprehensive permission verification. If there is no permission, the processing interface should directly throw an error.
|
||||
|
||||
### Frontend Management
|
||||
|
||||
The permission point list of the front end is maintained in `client/shared/utils/role-helper.ts`, including the permission point of the permission point, such as:
|
||||
|
||||
|
||||
```tsx
|
||||
export const PERMISSION = {
|
||||
/**
|
||||
* Non-plugin permission points are called core
|
||||
*/
|
||||
core: {
|
||||
message: 'core.message',
|
||||
},
|
||||
};
|
||||
```
|
||||
|
||||
And the display of the permission point on the management page:
|
||||
|
||||
```tsx
|
||||
export const getPermissionList = (): PermissionItemType[] => [
|
||||
{
|
||||
key: PERMISSION.core.message,
|
||||
title: t('Send Message'),
|
||||
desc: t('Allow members to send messages in text channel'),
|
||||
default: true,
|
||||
}
|
||||
];
|
||||
```
|
||||
|
||||
The way to use it is to obtain the permission points maintained under the group through hooks:
|
||||
|
||||
```tsx
|
||||
const [allowSendMessage] = useHasGroupPermission(groupId, [
|
||||
PERMISSION.core.message,
|
||||
]);
|
||||
```
|
||||
|
||||
The way of using arrays is convenient for some business logics that need to have multiple permission points.
|
||||
|
||||
|
||||
### Backend
|
||||
|
||||
The permission statement of the backend is maintained in `server/packages/sdk/src/services/lib/role.ts`, and the usage method is very simple. as follows:
|
||||
```ts
|
||||
const [hasPermission] = await call(ctx).checkUserPermissions(
|
||||
groupId,
|
||||
userId,
|
||||
[PERMISSION.core.message]
|
||||
);
|
||||
if (!hasPermission) {
|
||||
throw new NoPermissionError(t('no operation permission'));
|
||||
}
|
||||
```
|
||||
|
||||
|
||||
## Plugin permissions
|
||||
|
||||
TODO
|
||||
Reference in New Issue
Block a user