zishuo/oneterm
1
0
Fork 0
mirror of https://github.com/veops/oneterm.git synced 2025-09-27 03:36:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

refactor(backend): simplify account authorization logic to use direct V2 scope filtering

Browse Source
This commit is contained in:
pycook
2025-08-06 11:41:33 +08:00
parent 3413c38808
commit 86cd91c5d7
2 changed files with 11 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
backend/internal/repository/account.go
View File

@@ -23,7 +23,6 @@ type AccountRepository interface {
AttachAssetCount(ctx context.Context, accounts []*model.Account) error
CheckAssetDependencies(ctx context.Context, id int) (string, error)
BuildQuery(ctx *gin.Context) *gorm.DB
FilterByAssetIds(db *gorm.DB, assetIds []int) *gorm.DB
GetAccountIdsByAuthorization(ctx context.Context, assetIds []int, authorizationIds []int) ([]int, error)
}
@@ -56,21 +55,6 @@ func (r *accountRepository) BuildQuery(ctx *gin.Context) *gorm.DB {
return db
}
// FilterByAssetIds filters accounts by related asset IDs
func (r *accountRepository) FilterByAssetIds(db *gorm.DB, assetIds []int) *gorm.DB {
if len(assetIds) == 0 {
return db.Where("0 = 1") // Return empty result if no asset IDs
}
// Query account IDs associated with specified assets
subQuery := dbpkg.DB.Model(&model.Authorization{}).
Select("account_id").
Where("asset_id IN ?", assetIds).
Group("account_id")
return db.Where("id IN (?)", subQuery)
}
// AttachAssetCount attaches asset count to accounts using V2 authorization system
func (r *accountRepository) AttachAssetCount(ctx context.Context, accounts []*model.Account) error {
// Get account IDs to filter

21
backend/internal/service/account.go
View File

@@ -70,11 +70,6 @@ func (s *AccountService) BuildQuery(ctx *gin.Context) *gorm.DB {
return s.repo.BuildQuery(ctx)
}
// FilterByAssetIds filters accounts by related asset IDs
func (s *AccountService) FilterByAssetIds(db *gorm.DB, assetIds []int) *gorm.DB {
return s.repo.FilterByAssetIds(db, assetIds)
}
// GetAccountIdsByAuthorization gets account IDs by authorization
func (s *AccountService) GetAccountIdsByAuthorization(ctx context.Context, assetIds []int, authorizationIds []int) ([]int, error) {
return s.repo.GetAccountIdsByAuthorization(ctx, assetIds, authorizationIds)
@@ -92,14 +87,20 @@ func (s *AccountService) BuildQueryWithAuthorization(ctx *gin.Context) (*gorm.DB
return db, nil
}
// Apply V2 authorization filter: get authorized asset IDs using V2 system
// Apply V2 authorization filter: get authorized account IDs using V2 system
authV2Service := NewAuthorizationV2Service()
_, assetIds, _, err := authV2Service.GetAuthorizationScopeByACL(ctx)
_, _, accountIds, err := authV2Service.GetAuthorizationScopeByACL(ctx)
if err != nil {
return nil, err
}
// Use the same filtering logic as before, but with V2 authorized assets
// This maintains the original logic: find accounts that can access the authorized assets
return s.FilterByAssetIds(db, assetIds), nil
// Filter by authorized account IDs at database level (much more efficient)
if len(accountIds) == 0 {
// No access to any accounts
db = db.Where("1 = 0") // Returns empty result set efficiently
} else {
db = db.Where("id IN ?", accountIds)
}
return db, nil
}