refactor: refactoring AuthorizationBackend (#287)

medcl · web-flow · commit 33da037dfddc · 2026-05-06T15:28:42.000+08:00
diff --git a/core/security/role_registry.go b/core/security/role_registry.go
@@ -181,6 +181,7 @@ func GetAllPermissionsForUser(user *UserSessionInfo) []PermissionKey {
 }
 
 func getPermissionKeysByUser(user *UserSessionInfo) ([]PermissionKey, error) {
+
 	ctx1 := context.Background()
 	if val, ok := user.GetStringArray(orm.TeamsIDKey); ok {
 		ctx1 = context.WithValue(ctx1, orm.TeamsIDKey, val)
@@ -191,7 +192,7 @@ func getPermissionKeysByUser(user *UserSessionInfo) ([]PermissionKey, error) {
 		p, ok := value.(AuthorizationBackend)
 		if ok {
 			hit = true
-			v := p.GetPermissionKeysByUserID(ctx1, user.UserID)
+			v := p.GetPermissionKeysByUserID(ctx1, user.Provider, user.UserID)
 			out = append(out, v...)
 		}
 		return true
diff --git a/core/security/service_registry.go b/core/security/service_registry.go
@@ -17,7 +17,7 @@ type AuthenticationBackend interface {
 }
 
 type AuthorizationBackend interface {
-	GetPermissionKeysByUserID(ctx context.Context, userID string) []PermissionKey
+	GetPermissionKeysByUserID(ctx context.Context, providerID, userID string) []PermissionKey
 	GetPermissionKeysByRoles(ctx context.Context, roles []string) []PermissionKey
 }
 
diff --git a/modules/security/account/profile.go b/modules/security/account/profile.go
@@ -12,7 +12,7 @@ import (
 )
 
 func init() {
-	api.HandleUIMethod(api.GET, "/account/profile", Profile, api.OptionLogin(), api.AllowOPTIONSS(), api.Feature(api.FeatureCORS))
+	api.HandleUIMethod(api.GET, "/account/profile", Profile, api.RequireLogin(), api.AllowOPTIONSS(), api.Feature(api.FeatureCORS))
 }
 
 func Profile(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
diff --git a/modules/security/oauth_client/provider/github/profile.go b/modules/security/oauth_client/provider/github/profile.go
@@ -53,6 +53,7 @@ func safeDereference(strPtr *string) string {
 }
 
 func (handler *ProfileAPI) GetProfile(ctx *orm.Context, appConfig *config.OAuthConfig, cfg *oauth2.Config, tkn *oauth2.Token) *security.UserExternalProfile {
+
 	//get user info
 	client := github.NewClient(cfg.Client(oauth2.NoContext, tkn))
 	user, res, err := client.Users.Get(oauth2.NoContext, "")
@@ -62,6 +63,7 @@ func (handler *ProfileAPI) GetProfile(ctx *orm.Context, appConfig *config.OAuthC
 	profile := security.UserExternalProfile{}
 	login := safeDereference(user.Login)
 	profile.ID = provider.GetExternalUserProfileID("github", login)
+	profile.SetOwnerID(login)
 	profile.AuthProvider = "github"
 	profile.Login = login
 	profile.Email = safeDereference(user.Email)
diff --git a/modules/security/oauth_client/provider/google/profile.go b/modules/security/oauth_client/provider/google/profile.go
@@ -75,6 +75,7 @@ func (handler *ProfileAPI) GetProfile(ctx *orm.Context, appConfig *config.OAuthC
 
 	profile := security.UserExternalProfile{}
 	profile.ID = provider.GetExternalUserProfileID("google", userInfo.Sub)
+	profile.SetOwnerID(userInfo.Sub)
 	profile.AuthProvider = "google"
 	profile.Login = userInfo.Sub
 	profile.Email = userInfo.Email
diff --git a/modules/security/rbac/role.go b/modules/security/rbac/role.go
@@ -194,7 +194,7 @@ func CreateRole(w http.ResponseWriter, req *http.Request, ps httprouter.Params)
 type SecurityBackendProvider struct {
 }
 
-func (provider *SecurityBackendProvider) GetPermissionKeysByUserID(ctx1 context.Context, userID string) []security.PermissionKey {
+func (provider *SecurityBackendProvider) GetPermissionKeysByUserID(ctx1 context.Context, providerID, userID string) []security.PermissionKey {
 	var allowedPermissions = []security.PermissionKey{}
 
 	//bypass managed mode

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ type AuthenticationBackend interface {`
`17`	`17`	`}`
`18`	`18`
`19`	`19`	`type AuthorizationBackend interface {`
`20`		`- GetPermissionKeysByUserID(ctx context.Context, userID string) []PermissionKey`
	`20`	`+ GetPermissionKeysByUserID(ctx context.Context, providerID, userID string) []PermissionKey`
`21`	`21`	`GetPermissionKeysByRoles(ctx context.Context, roles []string) []PermissionKey`
`22`	`22`	`}`
`23`	`23`
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ import (`
`12`	`12`	`)`
`13`	`13`
`14`	`14`	`func init() {`
`15`		`- api.HandleUIMethod(api.GET, "/account/profile", Profile, api.OptionLogin(), api.AllowOPTIONSS(), api.Feature(api.FeatureCORS))`
	`15`	`+ api.HandleUIMethod(api.GET, "/account/profile", Profile, api.RequireLogin(), api.AllowOPTIONSS(), api.Feature(api.FeatureCORS))`
`16`	`16`	`}`
`17`	`17`
`18`	`18`	`func Profile(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {`
Original file line number	Diff line number	Diff line change
`@@ -194,7 +194,7 @@ func CreateRole(w http.ResponseWriter, req *http.Request, ps httprouter.Params)`
`194`	`194`	`type SecurityBackendProvider struct {`
`195`	`195`	`}`
`196`	`196`
`197`		`-func (provider *SecurityBackendProvider) GetPermissionKeysByUserID(ctx1 context.Context, userID string) []security.PermissionKey {`
	`197`	`+func (provider *SecurityBackendProvider) GetPermissionKeysByUserID(ctx1 context.Context, providerID, userID string) []security.PermissionKey {`
`198`	`198`	`var allowedPermissions = []security.PermissionKey{}`
`199`	`199`
`200`	`200`	`//bypass managed mode`