60 lines
1.9 KiB
Rust
60 lines
1.9 KiB
Rust
use crate::handlers::AppState;
|
||
use crate::middleware::TenantId;
|
||
use crate::middleware::auth::AuthContext;
|
||
use axum::extract::State;
|
||
use common_telemetry::{AppError, AppResponse};
|
||
use tracing::instrument;
|
||
|
||
#[utoipa::path(
|
||
get,
|
||
path = "/me/permissions",
|
||
tag = "Me",
|
||
security(
|
||
("bearer_auth" = [])
|
||
),
|
||
responses(
|
||
(status = 200, description = "当前用户权限列表", body = [String]),
|
||
(status = 401, description = "未认证"),
|
||
(status = 403, description = "无权限")
|
||
),
|
||
params(
|
||
("Authorization" = String, Header, description = "Bearer <access_token>(访问令牌)"),
|
||
("X-Tenant-ID" = String, Header, description = "租户 UUID(可选,若提供需与 Token 中 tenant_id 一致)")
|
||
)
|
||
)]
|
||
#[instrument(skip(state))]
|
||
/// 查询当前登录用户在当前租户下的权限编码列表。
|
||
///
|
||
/// 用途:
|
||
/// - 快速自查当前令牌是否携带期望的权限(便于联调与排障)。
|
||
///
|
||
/// 输入:
|
||
/// - Header `Authorization: Bearer <access_token>`(必填)
|
||
/// - Header `X-Tenant-ID`(可选;若提供需与 Token 中 tenant_id 一致,否则返回 403)
|
||
///
|
||
/// 输出:
|
||
/// - `200`:权限字符串数组(如 `user:read`)
|
||
///
|
||
/// 异常:
|
||
/// - `401`:未携带或无法解析访问令牌
|
||
/// - `403`:租户不匹配或无权访问
|
||
pub async fn my_permissions_handler(
|
||
TenantId(tenant_id): TenantId,
|
||
State(state): State<AppState>,
|
||
AuthContext {
|
||
tenant_id: auth_tenant_id,
|
||
user_id,
|
||
..
|
||
}: AuthContext,
|
||
) -> Result<AppResponse<Vec<String>>, AppError> {
|
||
if auth_tenant_id != tenant_id {
|
||
return Err(AppError::PermissionDenied("tenant:mismatch".into()));
|
||
}
|
||
|
||
let permissions = state
|
||
.authorization_service
|
||
.list_permissions_for_user(tenant_id, user_id)
|
||
.await?;
|
||
Ok(AppResponse::ok(permissions))
|
||
}
|