新控制台初步完成查询当前用户角色可访问前端资源接口，以支持前端页面做权限控制

src/console/api.rs

@@ -124,6 +124,10 @@ pub fn app_config(config: &mut web::ServiceConfig) {
             .service(web::resource("/login/captcha").route(web::get().to(login_api::gen_captcha)))
             .service(web::resource("/login/logout").route(web::post().to(login_api::logout)))
             .service(web::resource("/user/info").route(web::get().to(user_api::get_user_info)))
+            .service(
+                web::resource("/user/web_resources")
+                    .route(web::get().to(user_api::get_user_web_resources)),
+            )
             .service(web::resource("/user/list").route(web::get().to(user_api::get_user_page_list)))
             .service(web::resource("/user/add").route(web::post().to(user_api::add_user)))
             .service(web::resource("/user/update").route(web::post().to(user_api::update_user)))

src/console/login_api.rs

@@ -73,7 +73,8 @@ pub async fn login(
             let session = Arc::new(UserSession {
                 username: user.username,
                 nickname: user.nickname.unwrap_or_default(),
-                ..Default::default()
+                roles: user.roles.unwrap_or_default(),
+                extend_infos: user.extend_info.unwrap_or_default(),
             });
             let cache_req = CacheManagerReq::Set {
                 key: CacheKey::new(CacheType::UserSession, token.clone()),

src/console/model/user_model.rs

@@ -11,6 +11,13 @@ pub struct UserInfo {
     pub nickname: Option<String>,
 }
 
+#[derive(Debug, Clone, Serialize, Default)]
+#[serde(rename_all = "camelCase")]
+pub struct UserPermissions {
+    pub resources: Vec<&'static str>,
+    pub from: &'static str,
+}
+
 #[derive(Debug, Clone, Serialize, Deserialize, Default)]
 #[serde(rename_all = "camelCase")]
 pub struct UpdateUserInfoParam {

src/console/user_api.rs

@@ -10,12 +10,13 @@ use serde::{Deserialize, Serialize};
 use crate::{
     common::{
         appdata::AppShareData,
+        constant::EMPTY_STR,
         model::{ApiResult, PageResult, UserSession},
     },
-    user::{model::UserDto, UserManagerReq, UserManagerResult},
+    user::{model::UserDto, permission::UserRole, UserManagerReq, UserManagerResult},
 };
 
-use super::model::user_model::{UpdateUserInfoParam, UserInfo, UserPageParams};
+use super::model::user_model::{UpdateUserInfoParam, UserInfo, UserPageParams, UserPermissions};
 
 #[derive(Debug, Deserialize, Serialize)]
 #[serde(rename_all = "camelCase")]
@@ -39,6 +40,29 @@ pub async fn get_user_info(req: HttpRequest) -> actix_web::Result<impl Responder
     }
 }
 
+///
+/// 获取用户权限资源列表
+/// 这里把取不到UserSession当成旧控制台，后继可以考虑单独实现一个接口
+pub async fn get_user_web_resources(req: HttpRequest) -> actix_web::Result<impl Responder> {
+    if let Some(session) = req.extensions().get::<Arc<UserSession>>() {
+        let resources = UserRole::get_web_resources_by_roles(
+            session.roles.iter().map(|e| e.as_str()).collect(),
+        );
+        let data = UserPermissions {
+            resources,
+            from: EMPTY_STR,
+        };
+        Ok(HttpResponse::Ok().json(ApiResult::success(Some(data))))
+    } else {
+        let resources = UserRole::OldConsole.get_web_resources();
+        let data = UserPermissions {
+            resources,
+            from: "OLD_CONSOLE",
+        };
+        Ok(HttpResponse::Ok().json(ApiResult::success(Some(data))))
+    }
+}
+
 pub async fn reset_password(
     req: HttpRequest,
     app: Data<Arc<AppShareData>>,

src/user/permission.rs

@@ -123,6 +123,7 @@ lazy_static::lazy_static! {
         R::Path("/nacos/v1/console/login/captcha",HTTP_METHOD_ALL),
         R::Path("/nacos/v1/console/namespaces",HTTP_METHOD_GET),
         R::Path("/nacos/v1/console/user/info",HTTP_METHOD_GET),
+        R::Path("/nacos/v1/console/user/web_resources",HTTP_METHOD_GET),
     ]);
 
     static ref M_CLUSTER_VISITOR: ModuleResource = ModuleResource::new(vec![
@@ -249,10 +250,12 @@ lazy_static::lazy_static! {
 
 }
 
+#[derive(Debug)]
 pub enum UserRole {
     Visitor,
     Developer,
     Manager,
+    OldConsole,
     None,
 }
 
@@ -271,6 +274,8 @@ impl UserRole {
             UserRole::Visitor => vec![R_VISITOR.as_ref()],
             UserRole::Developer => vec![R_DEVELOPER.as_ref()],
             UserRole::Manager => vec![R_MANAGER.as_ref()],
+            //旧控制台使用开发者权限
+            UserRole::OldConsole => vec![R_DEVELOPER.as_ref()],
             UserRole::None => vec![],
         }
     }
@@ -285,6 +290,7 @@ impl UserRole {
     }
 
     pub fn get_web_resources(&self) -> Vec<&'static str> {
+        log::info!("get_web_resources {:?}", &self);
         let resources = self.get_resources();
         if resources.len() == 1 {
             return resources
@@ -303,6 +309,23 @@ impl UserRole {
         }
         set.into_iter().map(|e| e).collect()
     }
+
+    pub fn get_web_resources_by_roles(role_values: Vec<&str>) -> Vec<&'static str> {
+        log::info!("get_web_resources_by_roles {:?}", &role_values);
+        let roles: Vec<Self> = role_values.into_iter().map(|e| Self::new(e)).collect();
+        if roles.len() == 1 {
+            return roles.first().unwrap().get_web_resources();
+        }
+        let mut set = HashSet::new();
+        for role in roles {
+            for resource in role.get_resources() {
+                for item in &resource.web_resources {
+                    set.insert(*item);
+                }
+            }
+        }
+        set.into_iter().map(|e| e).collect()
+    }
 }
 
 pub struct UserRoleHelper;