fix: 修复权限映射的反向保存逻辑
问题:权限映射只在显示层面进行,但保存时还需要反向映射回数据库权限键 解决方案: 1. 分离显示权限和原始权限: - originalRoutePermissionsMap:存储未映射的原始权限(用于保存) - routePermissionsMap:存储映射后的权限(用于显示) - originalAllPermissions:存储所有原始权限的列表 2. 加载角色权限时: - 从API获取角色已分配的权限ID(原始ID) - 直接存储到 selectedPermissionIds - 不做任何映射转换 3. 显示权限列表时: - 从原始权限构建映射后的权限(合并相同的) - 用户看到的就是映射后的权限(如dify:dataset:manage) - 但勾选状态基于原始权限ID 4. 保存权限时: - 直接使用 selectedPermissionIds(原始ID) - 无需反向映射 验证方式: 1. 取消勾选 dify:dataset:manage → 数据库中4个bind权限被DENY → 接口返回403 2. 重新勾选 dify:dataset:manage → 数据库中4个bind权限被GRANT → 接口可访问
This commit is contained in:
@@ -945,12 +945,17 @@ export default function RolePermissions() {
|
||||
}
|
||||
};
|
||||
|
||||
// ==================== 权限状态管理 ====================
|
||||
// 存储原始的、未映射的权限(用于保存时)
|
||||
const [originalRoutePermissionsMap, setOriginalRoutePermissionsMap] = useState<Map<number, ApiPermission[]>>(new Map());
|
||||
const [originalAllPermissions, setOriginalAllPermissions] = useState<ApiPermission[]>([]);
|
||||
|
||||
// 选择角色
|
||||
const handleSelectRole = async (role: RoleInfo) => {
|
||||
setSelectedRole(role);
|
||||
|
||||
// 动态导入权限映射工具
|
||||
const { mapPermissions, mapPermissionKey, findDbPermissionKeys } = await import('~/utils/permission-mapper');
|
||||
const { mapPermissions } = await import('~/utils/permission-mapper');
|
||||
|
||||
// v3.0: 并行加载数据
|
||||
const [routesResult, rolePermissions, users] = await Promise.all([
|
||||
@@ -961,42 +966,49 @@ export default function RolePermissions() {
|
||||
|
||||
const { routes: routesWithPerms, selectedRouteIds: routeIds } = routesResult;
|
||||
|
||||
// 构建 routePermissionsMap:从返回的路由中提取每个路由的可用 permissions
|
||||
// 并应用权限键映射(dify:bind:* -> dify:dataset:*, dify:file:*)
|
||||
const permMap = new Map<number, ApiPermission[]>();
|
||||
const extractPermissions = (routes: RouteInfo[]) => {
|
||||
// 构建原始权限映射(未映射的,用于保存)
|
||||
const originalPermMap = new Map<number, ApiPermission[]>();
|
||||
// 存储所有原始权限的列表
|
||||
const allOriginalPerms: ApiPermission[] = [];
|
||||
const extractOriginalPermissions = (routes: RouteInfo[]) => {
|
||||
routes.forEach(route => {
|
||||
if (route.permissions && route.permissions.length > 0) {
|
||||
// 应用权限键映射
|
||||
const mappedPermissions = mapPermissions(route.permissions);
|
||||
permMap.set(route.id, mappedPermissions);
|
||||
originalPermMap.set(route.id, route.permissions);
|
||||
allOriginalPerms.push(...route.permissions);
|
||||
}
|
||||
if (route.children) {
|
||||
extractPermissions(route.children);
|
||||
extractOriginalPermissions(route.children);
|
||||
}
|
||||
});
|
||||
};
|
||||
extractPermissions(routesWithPerms);
|
||||
extractOriginalPermissions(routesWithPerms);
|
||||
|
||||
// 从 getRolePermissions 结果中提取已分配的权限ID
|
||||
// 需要将数据库权限键映射为实际权限键进行对比
|
||||
const assignedPermissionIds = rolePermissions.map(p => {
|
||||
// 查找该权限对应的所有数据库权限键
|
||||
const dbKeys = findDbPermissionKeys(p.permission_key);
|
||||
// 如果使用映射,找到对应的权限ID
|
||||
const mappedKey = mapPermissionKey(p.permission_key);
|
||||
// 存储原始权限
|
||||
setOriginalRoutePermissionsMap(originalPermMap);
|
||||
setOriginalAllPermissions(allOriginalPerms);
|
||||
|
||||
// 在 permMap 中查找对应权限的ID
|
||||
for (const [routeId, permissions] of permMap.entries()) {
|
||||
const foundPerm = permissions.find(perm => perm.permission_key === mappedKey);
|
||||
if (foundPerm) return foundPerm.id;
|
||||
}
|
||||
return p.permission_id;
|
||||
});
|
||||
// 构建映射后的权限映射(用于显示)
|
||||
const displayPermMap = new Map<number, ApiPermission[]>();
|
||||
const extractDisplayPermissions = (routes: RouteInfo[]) => {
|
||||
routes.forEach(route => {
|
||||
if (route.permissions && route.permissions.length > 0) {
|
||||
const mappedPermissions = mapPermissions(route.permissions);
|
||||
displayPermMap.set(route.id, mappedPermissions);
|
||||
}
|
||||
if (route.children) {
|
||||
extractDisplayPermissions(route.children);
|
||||
}
|
||||
});
|
||||
};
|
||||
extractDisplayPermissions(routesWithPerms);
|
||||
|
||||
setRoutePermissionsMap(permMap);
|
||||
// 从 getRolePermissions 结果中提取已分配的权限ID(原始ID)
|
||||
const assignedPermissionIds = rolePermissions.map(p => p.permission_id);
|
||||
|
||||
// 存储状态
|
||||
setRoutePermissionsMap(displayPermMap); // 用于显示
|
||||
setSelectedRouteIds(routeIds);
|
||||
setSelectedPermissionIds(assignedPermissionIds); // 使用映射后的权限ID
|
||||
setSelectedPermissionIds(assignedPermissionIds); // 使用原始权限ID
|
||||
setExpandedRouteIds([]); // 重置展开状态
|
||||
setRoleUsers(users);
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user