halo/ui/console-src/router/guards/permission.ts

import { rbacAnnotations } from "@/constants/annotations";
import { useRoleStore } from "@/stores/role";
import { useUserStore } from "@/stores/user";
import { hasPermission } from "@/utils/permission";
import type { Role } from "@halo-dev/api-client";
import type { RouteLocationNormalized, Router } from "vue-router";

export function setupPermissionGuard(router: Router) {
  router.beforeEach((to, _, next) => {
    const userStore = useUserStore();
    const roleStore = useRoleStore();

    if (isConsoleAccessDisallowed(userStore.currentRoles)) {
      window.location.href = "/uc";
      return;
    }

    if (checkRoutePermissions(to, roleStore.permissions.uiPermissions)) {
      next();
    } else {
      next({ name: "Forbidden" });
    }
  });
}

function isConsoleAccessDisallowed(currentRoles?: Role[]): boolean {
  return (
    currentRoles?.some(
      (role) =>
        role.metadata.annotations?.[rbacAnnotations.DISALLOW_ACCESS_CONSOLE] ===
        "true"
    ) || false
  );
}

function checkRoutePermissions(
  to: RouteLocationNormalized,
  uiPermissions: string[]
): boolean {
  const { meta } = to;
  if (meta?.permissions) {
    return hasPermission(
      Array.from(uiPermissions),
      meta.permissions as string[],
      true
    );
  }
  return true;
}
feat: add support to check access permissions for /console (#6775) #### What type of PR is this? /area ui /kind improvement /milestone 2.20.x #### What this PR does / why we need it: 支持检查是否有权限访问 /console。 #### Which issue(s) this PR fixes: Fixes #6773 #### Does this PR introduce a user-facing change? ```release-note None ``` 2024-10-07 09:38:51 +00:00			`import { rbacAnnotations } from "@/constants/annotations";`
feat: support permission judgment of interface elements and routes 2022-07-15 08:26:27 +00:00			`import { useRoleStore } from "@/stores/role";`
feat: add support to check access permissions for /console (#6775) #### What type of PR is this? /area ui /kind improvement /milestone 2.20.x #### What this PR does / why we need it: 支持检查是否有权限访问 /console。 #### Which issue(s) this PR fixes: Fixes #6773 #### Does this PR introduce a user-facing change? ```release-note None ``` 2024-10-07 09:38:51 +00:00			`import { useUserStore } from "@/stores/user";`
feat: support permission judgment of interface elements and routes 2022-07-15 08:26:27 +00:00			`import { hasPermission } from "@/utils/permission";`
feat: add support to check access permissions for /console (#6775) #### What type of PR is this? /area ui /kind improvement /milestone 2.20.x #### What this PR does / why we need it: 支持检查是否有权限访问 /console。 #### Which issue(s) this PR fixes: Fixes #6773 #### Does this PR introduce a user-facing change? ```release-note None ``` 2024-10-07 09:38:51 +00:00			`import type { Role } from "@halo-dev/api-client";`
			`import type { RouteLocationNormalized, Router } from "vue-router";`
feat: support permission judgment of interface elements and routes 2022-07-15 08:26:27 +00:00
			`export function setupPermissionGuard(router: Router) {`
refactor: remove login-related pages from UI project (#6712) #### What type of PR is this? /area ui /kind improvement /milestone 2.20.x #### What this PR does / why we need it: 移除 UI 项目中和登录、注册相关的页面和代码，后续将由后端统一提供：https://github.com/halo-dev/halo/pull/6488 相关 issue：https://github.com/halo-dev/halo/issues/5214 #### Which issue(s) this PR fixes: Fixes https://github.com/halo-dev/halo/issues/5214 #### Does this PR introduce a user-facing change? ```release-note None ``` 2024-09-28 10:19:41 +00:00			`router.beforeEach((to, _, next) => {`
feat: add support to check access permissions for /console (#6775) #### What type of PR is this? /area ui /kind improvement /milestone 2.20.x #### What this PR does / why we need it: 支持检查是否有权限访问 /console。 #### Which issue(s) this PR fixes: Fixes #6773 #### Does this PR introduce a user-facing change? ```release-note None ``` 2024-10-07 09:38:51 +00:00			`const userStore = useUserStore();`
feat: support permission judgment of interface elements and routes 2022-07-15 08:26:27 +00:00			`const roleStore = useRoleStore();`
feat: add support to check access permissions for /console (#6775) #### What type of PR is this? /area ui /kind improvement /milestone 2.20.x #### What this PR does / why we need it: 支持检查是否有权限访问 /console。 #### Which issue(s) this PR fixes: Fixes #6773 #### Does this PR introduce a user-facing change? ```release-note None ``` 2024-10-07 09:38:51 +00:00
			`if (isConsoleAccessDisallowed(userStore.currentRoles)) {`
			`window.location.href = "/uc";`
			`return;`
			`}`

			`if (checkRoutePermissions(to, roleStore.permissions.uiPermissions)) {`
			`next();`
			`} else {`
			`next({ name: "Forbidden" });`
feat: support permission judgment of interface elements and routes 2022-07-15 08:26:27 +00:00			`}`
			`});`
			`}`
feat: add support to check access permissions for /console (#6775) #### What type of PR is this? /area ui /kind improvement /milestone 2.20.x #### What this PR does / why we need it: 支持检查是否有权限访问 /console。 #### Which issue(s) this PR fixes: Fixes #6773 #### Does this PR introduce a user-facing change? ```release-note None ``` 2024-10-07 09:38:51 +00:00
			`function isConsoleAccessDisallowed(currentRoles?: Role[]): boolean {`
			`return (`
			`currentRoles?.some(`
			`(role) =>`
			`role.metadata.annotations?.[rbacAnnotations.DISALLOW_ACCESS_CONSOLE] ===`
			`"true"`
			`) \|\| false`
			`);`
			`}`

			`function checkRoutePermissions(`
			`to: RouteLocationNormalized,`
			`uiPermissions: string[]`
			`): boolean {`
			`const { meta } = to;`
			`if (meta?.permissions) {`
			`return hasPermission(`
			`Array.from(uiPermissions),`
			`meta.permissions as string[],`
			`true`
			`);`
			`}`
			`return true;`
			`}`