refactor(backend): migrate GetAuthorizedCommandIds to use V2 authorization system

2025-09-26 19:31:14 +08:00 · 2025-08-06 11:51:55 +08:00
parent 86cd91c5d7
commit 4cd3af9461
3 changed files with 15 additions and 19 deletions
--- a/backend/internal/api/controller/asset.go
+++ b/backend/internal/api/controller/asset.go
@@ -124,7 +124,9 @@ func (c *Controller) GetAssets(ctx *gin.Context) {

 	// Apply info mode settings
 	if info {
-		db = db.Select("id", "parent_id", "name", "ip", "protocols", "connectable", "authorization", "resource_id", "access_time_control", "asset_command_control", "web_config")
+		db = db.Select("id", "parent_id", "name", "ip", "protocols",
+			"connectable", "authorization", "resource_id", "access_time_control",
+			"asset_command_control", "web_config", "gateway_id")
 	}

 	doGet(ctx, false, db, config.RESOURCE_ASSET, assetPostHooks...)
--- a/backend/internal/api/controller/command.go
+++ b/backend/internal/api/controller/command.go
@@ -106,7 +106,7 @@ func (c *Controller) GetCommands(ctx *gin.Context) {
 	}

 	if info && !acl.IsAdmin(currentUser) {
-		commandIds, err := commandService.GetAuthorizedCommandIds(ctx, currentUser)
+		commandIds, err := commandService.GetAuthorizedCommandIds(ctx)
 		if err != nil {
 			handleRemoteErr(ctx, err)
 			return
--- a/backend/internal/service/command.go
+++ b/backend/internal/service/command.go
@@ -8,10 +8,8 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/samber/lo"
 	"github.com/spf13/cast"
-	"github.com/veops/oneterm/internal/acl"
 	"github.com/veops/oneterm/internal/model"
 	"github.com/veops/oneterm/internal/repository"
-	"github.com/veops/oneterm/pkg/config"
 	dbpkg "github.com/veops/oneterm/pkg/db"
 	"gorm.io/gorm"
 )
@@ -69,30 +67,26 @@ func (s *CommandService) BuildQuery(ctx *gin.Context) (*gorm.DB, error) {
 	return db, nil
 }

-// GetAuthorizedCommandIds gets command IDs that the user is authorized to access
-func (s *CommandService) GetAuthorizedCommandIds(ctx context.Context, currentUser interface{}) ([]int, error) {
-	user, ok := currentUser.(acl.Session)
-	if !ok {
-		return nil, fmt.Errorf("invalid user type")
-	}
-
-	rs, err := acl.GetRoleResources(ctx, user.GetRid(), config.RESOURCE_AUTHORIZATION)
+// GetAuthorizedCommandIds gets command IDs that the user is authorized to access using V2 authorization system
+func (s *CommandService) GetAuthorizedCommandIds(ctx *gin.Context) ([]int, error) {
+	// Use V2 authorization system to get authorized asset IDs
+	authV2Service := NewAuthorizationV2Service()
+	_, assetIds, _, err := authV2Service.GetAuthorizationScopeByACL(ctx)
 	if err != nil {
 		return nil, err
 	}

-	// Get asset IDs from authorization
-	sub := dbpkg.DB.
-		Model(&model.Authorization{}).
-		Select("DISTINCT asset_id").
-		Where("resource_id IN ?", lo.Map(rs, func(r *acl.Resource, _ int) int { return r.ResourceId }))
+	// No authorized assets means no authorized commands
+	if len(assetIds) == 0 {
+		return []int{}, nil
+	}

-	// Get command IDs from assets
+	// Get command IDs from authorized assets
 	cmdIds := make([]model.Slice[int], 0)
 	if err = dbpkg.DB.
 		Model(model.DefaultAsset).
 		Select("cmd_ids").
-		Where("id IN (?)", sub).
+		Where("id IN ?", assetIds).
 		Find(&cmdIds).
 		Error; err != nil {
 		return nil, err