sa_token_core/permission/mod.rs
1// Author: 金书记
2//
3//! 权限验证模块
4
5use async_trait::async_trait;
6use crate::error::SaTokenResult;
7
8/// 权限检查器 | Permission Checker
9///
10/// 用于检查用户权限的 trait
11/// Trait for checking user permissions
12///
13/// # 使用示例 | Usage Example
14///
15/// ```rust,ignore
16/// use async_trait::async_trait;
17/// use sa_token_core::PermissionChecker;
18///
19/// struct MyPermissionChecker;
20///
21/// #[async_trait]
22/// impl PermissionChecker for MyPermissionChecker {
23/// async fn has_permission(&self, login_id: &str, permission: &str) -> SaTokenResult<bool> {
24/// // 从数据库查询权限 | Query permission from database
25/// Ok(true)
26/// }
27///
28/// async fn get_permissions(&self, login_id: &str) -> SaTokenResult<Vec<String>> {
29/// // 返回用户所有权限 | Return all user permissions
30/// Ok(vec!["read".to_string(), "write".to_string()])
31/// }
32/// }
33/// ```
34#[async_trait]
35pub trait PermissionChecker: Send + Sync {
36 /// 检查用户是否拥有指定权限 | Check if User Has Specific Permission
37 ///
38 /// # 参数 | Parameters
39 /// - `login_id`: 登录 ID | Login ID
40 /// - `permission`: 权限标识(如 "user:read", "admin:*")| Permission identifier (e.g., "user:read", "admin:*")
41 ///
42 /// # 返回 | Returns
43 /// - `Ok(true)`: 用户拥有该权限 | User has the permission
44 /// - `Ok(false)`: 用户没有该权限 | User doesn't have the permission
45 async fn has_permission(&self, login_id: &str, permission: &str) -> SaTokenResult<bool>;
46
47 /// 检查用户是否拥有所有指定权限(AND 逻辑)
48 /// Check if User Has All Specified Permissions (AND logic)
49 ///
50 /// # 参数 | Parameters
51 /// - `login_id`: 登录 ID | Login ID
52 /// - `permissions`: 权限列表 | Permission list
53 ///
54 /// # 返回 | Returns
55 /// 只有当用户拥有所有权限时才返回 true
56 /// Returns true only when user has all permissions
57 async fn has_all_permissions(&self, login_id: &str, permissions: &[&str]) -> SaTokenResult<bool> {
58 for permission in permissions {
59 if !self.has_permission(login_id, permission).await? {
60 return Ok(false);
61 }
62 }
63 Ok(true)
64 }
65
66 /// 检查用户是否拥有任一指定权限(OR 逻辑)
67 /// Check if User Has Any Specified Permission (OR logic)
68 ///
69 /// # 参数 | Parameters
70 /// - `login_id`: 登录 ID | Login ID
71 /// - `permissions`: 权限列表 | Permission list
72 ///
73 /// # 返回 | Returns
74 /// 只要用户拥有任一权限就返回 true
75 /// | Returns true if user has any of the permissions
76 async fn has_any_permission(&self, login_id: &str, permissions: &[&str]) -> SaTokenResult<bool> {
77 for permission in permissions {
78 if self.has_permission(login_id, permission).await? {
79 return Ok(true);
80 }
81 }
82 Ok(false)
83 }
84
85 /// 获取用户的所有权限列表 | Get All User Permissions
86 ///
87 /// # 参数 | Parameters
88 /// - `login_id`: 登录 ID | Login ID
89 ///
90 /// # 返回 | Returns
91 /// 用户的权限列表 | User's permission list
92 async fn get_permissions(&self, login_id: &str) -> SaTokenResult<Vec<String>>;
93}
94
95/// 角色检查器 | Role Checker
96///
97/// 用于检查用户角色的 trait
98/// | Trait for checking user roles
99#[async_trait]
100pub trait RoleChecker: Send + Sync {
101 /// 检查用户是否拥有指定角色 | Check if User Has Specific Role
102 ///
103 /// # 参数 | Parameters
104 /// - `login_id`: 登录 ID | Login ID
105 /// - `role`: 角色标识(如 "admin", "vip")| Role identifier (e.g., "admin", "vip")
106 ///
107 /// # 返回 | Returns
108 /// - `Ok(true)`: 用户拥有该角色 | User has the role
109 /// - `Ok(false)`: 用户没有该角色 | User doesn't have the role
110 async fn has_role(&self, login_id: &str, role: &str) -> SaTokenResult<bool>;
111
112 /// 检查用户是否拥有所有指定角色(AND 逻辑)
113 /// Check if User Has All Specified Roles (AND logic)
114 ///
115 /// # 参数 | Parameters
116 /// - `login_id`: 登录 ID | Login ID
117 /// - `roles`: 角色列表 | Role list
118 async fn has_all_roles(&self, login_id: &str, roles: &[&str]) -> SaTokenResult<bool> {
119 for role in roles {
120 if !self.has_role(login_id, role).await? {
121 return Ok(false);
122 }
123 }
124 Ok(true)
125 }
126
127 /// 检查用户是否拥有任一指定角色(OR 逻辑)
128 /// Check if User Has Any Specified Role (OR logic)
129 ///
130 /// # 参数 | Parameters
131 /// - `login_id`: 登录 ID | Login ID
132 /// - `roles`: 角色列表 | Role list
133 async fn has_any_role(&self, login_id: &str, roles: &[&str]) -> SaTokenResult<bool> {
134 for role in roles {
135 if self.has_role(login_id, role).await? {
136 return Ok(true);
137 }
138 }
139 Ok(false)
140 }
141
142 /// 获取用户的所有角色列表 | Get All User Roles
143 ///
144 /// # 参数 | Parameters
145 /// - `login_id`: 登录 ID | Login ID
146 ///
147 /// # 返回 | Returns
148 /// 用户的角色列表 | User's role list
149 async fn get_roles(&self, login_id: &str) -> SaTokenResult<Vec<String>>;
150}