zhi/HarborForge.Cli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Align role commands with current backend API

Browse Source
This commit is contained in:
zhi
2026-03-21 15:06:57 +00:00
parent 57af1512d1
commit a01e602118
2 changed files with 232 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -70,6 +70,7 @@ Implemented:
- Output formatting (human-readable + `--json`) - Output formatting (human-readable + `--json`)
- `hf version`, `hf health`, `hf config` - `hf version`, `hf health`, `hf config`
- Auth token resolution (padded-cell + manual) - Auth token resolution (padded-cell + manual)
- Backend-aligned role/permission commands, including role-name lookup and permission-name↔id translation against current API routes
Planned: Planned:
- User, role, project, task, milestone, meeting, support, propose, monitor commands - User, role, project, task, milestone, meeting, support, propose, monitor commands

309
internal/commands/role.go
View File

@@ -11,31 +11,145 @@ import (
"git.hangman-lab.top/zhi/HarborForge.Cli/internal/output" "git.hangman-lab.top/zhi/HarborForge.Cli/internal/output"
) )
// roleResponse matches the backend RoleResponse schema. // roleResponse matches the backend role list schema.
type roleResponse struct { type roleResponse struct {
ID int `json:"id"` ID int `json:"id"`
Name string `json:"name"` Name string `json:"name"`
Description string `json:"description"` Description string `json:"description"`
IsGlobal bool `json:"is_global"` IsGlobal bool `json:"is_global"`
Permissions []string `json:"permissions"` PermissionIDs []int `json:"permission_ids"`
CreatedAt string `json:"created_at"` CreatedAt string `json:"created_at"`
} }
// permissionResponse matches the backend PermissionResponse schema. // roleDetailResponse matches the backend role detail schema.
type roleDetailResponse struct {
ID int `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
IsGlobal bool `json:"is_global"`
Permissions []permissionResponse `json:"permissions"`
CreatedAt string `json:"created_at"`
}
// permissionResponse matches the backend permission schema.
type permissionResponse struct { type permissionResponse struct {
ID int `json:"id"` ID int `json:"id"`
Codename string `json:"codename"` Name string `json:"name"`
Description string `json:"description"` Description string `json:"description"`
Category string `json:"category"`
}
func loadRoleClient(tokenFlag string) (*client.Client, error) {
token := ResolveToken(tokenFlag)
cfg, err := config.Load()
if err != nil {
return nil, fmt.Errorf("config error: %w", err)
}
return client.New(cfg.BaseURL, token), nil
}
func fetchRoles(c *client.Client) ([]roleResponse, error) {
data, err := c.Get("/roles")
if err != nil {
return nil, err
}
var roles []roleResponse
if err := json.Unmarshal(data, &roles); err != nil {
return nil, fmt.Errorf("cannot parse role list: %w", err)
}
return roles, nil
}
func fetchPermissions(c *client.Client) ([]permissionResponse, error) {
data, err := c.Get("/roles/permissions")
if err != nil {
return nil, err
}
var perms []permissionResponse
if err := json.Unmarshal(data, &perms); err != nil {
return nil, fmt.Errorf("cannot parse permission list: %w", err)
}
return perms, nil
}
func findRoleByName(c *client.Client, roleName string) (*roleResponse, error) {
roles, err := fetchRoles(c)
if err != nil {
return nil, err
}
for _, r := range roles {
if r.Name == roleName {
role := r
return &role, nil
}
}
return nil, fmt.Errorf("role not found: %s", roleName)
}
func fetchRoleDetailByName(c *client.Client, roleName string) (*roleDetailResponse, error) {
role, err := findRoleByName(c, roleName)
if err != nil {
return nil, err
}
data, err := c.Get(fmt.Sprintf("/roles/%d", role.ID))
if err != nil {
return nil, err
}
var detail roleDetailResponse
if err := json.Unmarshal(data, &detail); err != nil {
return nil, fmt.Errorf("cannot parse role detail: %w", err)
}
return &detail, nil
}
func resolvePermissionIDs(c *client.Client, names []string) ([]int, error) {
perms, err := fetchPermissions(c)
if err != nil {
return nil, err
}
byName := make(map[string]int, len(perms))
for _, p := range perms {
byName[p.Name] = p.ID
}
ids := make([]int, 0, len(names))
seen := map[int]struct{}{}
var missing []string
for _, name := range names {
id, ok := byName[name]
if !ok {
missing = append(missing, name)
continue
}
if _, exists := seen[id]; exists {
continue
}
seen[id] = struct{}{}
ids = append(ids, id)
}
if len(missing) > 0 {
return nil, fmt.Errorf("unknown permission(s): %s", strings.Join(missing, ", "))
}
return ids, nil
}
func replaceRolePermissions(c *client.Client, roleID int, permissionIDs []int) error {
payload := map[string]interface{}{
"permission_ids": permissionIDs,
}
body, err := json.Marshal(payload)
if err != nil {
return fmt.Errorf("cannot marshal payload: %w", err)
}
_, err = c.Post(fmt.Sprintf("/roles/%d/permissions", roleID), bytes.NewReader(body))
return err
} }
// RunRoleList implements `hf role list`. // RunRoleList implements `hf role list`.
func RunRoleList(tokenFlag string) { func RunRoleList(tokenFlag string) {
token := ResolveToken(tokenFlag) c, err := loadRoleClient(tokenFlag)
cfg, err := config.Load()
if err != nil { if err != nil {
output.Errorf("config error: %v", err) output.Errorf("%v", err)
} }
c := client.New(cfg.BaseURL, token)
data, err := c.Get("/roles") data, err := c.Get("/roles")
if err != nil { if err != nil {
output.Errorf("failed to list roles: %v", err) output.Errorf("failed to list roles: %v", err)
@@ -55,31 +169,37 @@ func RunRoleList(tokenFlag string) {
output.Errorf("cannot parse role list: %v", err) output.Errorf("cannot parse role list: %v", err)
} }
headers := []string{"NAME", "DESCRIPTION", "GLOBAL", "PERMISSIONS"} headers := []string{"NAME", "DESCRIPTION", "GLOBAL", "PERM IDS"}
var rows [][]string var rows [][]string
for _, r := range roles { for _, r := range roles {
global := "" global := ""
if r.IsGlobal { if r.IsGlobal {
global = "yes" global = "yes"
} }
perms := strings.Join(r.Permissions, ", ") permIDs := ""
if len(perms) > 60 { if len(r.PermissionIDs) > 0 {
perms = perms[:57] + "..." parts := make([]string, 0, len(r.PermissionIDs))
for _, id := range r.PermissionIDs {
parts = append(parts, fmt.Sprintf("%d", id))
} }
rows = append(rows, []string{r.Name, r.Description, global, perms}) permIDs = strings.Join(parts, ", ")
}
rows = append(rows, []string{r.Name, r.Description, global, permIDs})
} }
output.PrintTable(headers, rows) output.PrintTable(headers, rows)
} }
// RunRoleGet implements `hf role get <role-name>`. // RunRoleGet implements `hf role get <role-name>`.
func RunRoleGet(roleName, tokenFlag string) { func RunRoleGet(roleName, tokenFlag string) {
token := ResolveToken(tokenFlag) c, err := loadRoleClient(tokenFlag)
cfg, err := config.Load()
if err != nil { if err != nil {
output.Errorf("config error: %v", err) output.Errorf("%v", err)
} }
c := client.New(cfg.BaseURL, token) role, err := findRoleByName(c, roleName)
data, err := c.Get("/roles/" + roleName) if err != nil {
output.Errorf("failed to get role: %v", err)
}
data, err := c.Get(fmt.Sprintf("/roles/%d", role.ID))
if err != nil { if err != nil {
output.Errorf("failed to get role: %v", err) output.Errorf("failed to get role: %v", err)
} }
@@ -93,7 +213,7 @@ func RunRoleGet(roleName, tokenFlag string) {
return return
} }
var r roleResponse var r roleDetailResponse
if err := json.Unmarshal(data, &r); err != nil { if err := json.Unmarshal(data, &r); err != nil {
output.Errorf("cannot parse role: %v", err) output.Errorf("cannot parse role: %v", err)
} }
@@ -104,20 +224,26 @@ func RunRoleGet(roleName, tokenFlag string) {
} }
perms := "(none)" perms := "(none)"
if len(r.Permissions) > 0 { if len(r.Permissions) > 0 {
perms = strings.Join(r.Permissions, ", ") names := make([]string, 0, len(r.Permissions))
for _, p := range r.Permissions {
names = append(names, p.Name)
}
perms = strings.Join(names, ", ")
} }
output.PrintKeyValue( output.PrintKeyValue(
"name", r.Name, "name", r.Name,
"description", r.Description, "description", r.Description,
"global", global, "global", global,
"permissions", perms, "permissions", perms,
"created", r.CreatedAt,
) )
} }
// RunRoleCreate implements `hf role create`. // RunRoleCreate implements `hf role create`.
func RunRoleCreate(name, desc string, global bool, tokenFlag string) { func RunRoleCreate(name, desc string, global bool, tokenFlag string) {
token := ResolveToken(tokenFlag) c, err := loadRoleClient(tokenFlag)
if err != nil {
output.Errorf("%v", err)
}
if name == "" { if name == "" {
output.Error("usage: hf role create --name <role-name>") output.Error("usage: hf role create --name <role-name>")
} }
@@ -137,11 +263,6 @@ func RunRoleCreate(name, desc string, global bool, tokenFlag string) {
output.Errorf("cannot marshal payload: %v", err) output.Errorf("cannot marshal payload: %v", err)
} }
cfg, err := config.Load()
if err != nil {
output.Errorf("config error: %v", err)
}
c := client.New(cfg.BaseURL, token)
data, err := c.Post("/roles", bytes.NewReader(body)) data, err := c.Post("/roles", bytes.NewReader(body))
if err != nil { if err != nil {
output.Errorf("failed to create role: %v", err) output.Errorf("failed to create role: %v", err)
@@ -161,7 +282,14 @@ func RunRoleCreate(name, desc string, global bool, tokenFlag string) {
// RunRoleUpdate implements `hf role update <role-name>`. // RunRoleUpdate implements `hf role update <role-name>`.
func RunRoleUpdate(roleName string, args []string, tokenFlag string) { func RunRoleUpdate(roleName string, args []string, tokenFlag string) {
token := ResolveToken(tokenFlag) c, err := loadRoleClient(tokenFlag)
if err != nil {
output.Errorf("%v", err)
}
role, err := findRoleByName(c, roleName)
if err != nil {
output.Errorf("failed to update role: %v", err)
}
payload := make(map[string]interface{}) payload := make(map[string]interface{})
for i := 0; i < len(args); i++ { for i := 0; i < len(args); i++ {
@@ -186,12 +314,7 @@ func RunRoleUpdate(roleName string, args []string, tokenFlag string) {
output.Errorf("cannot marshal payload: %v", err) output.Errorf("cannot marshal payload: %v", err)
} }
cfg, err := config.Load() _, err = c.Patch(fmt.Sprintf("/roles/%d", role.ID), bytes.NewReader(body))
if err != nil {
output.Errorf("config error: %v", err)
}
c := client.New(cfg.BaseURL, token)
_, err = c.Patch("/roles/"+roleName, bytes.NewReader(body))
if err != nil { if err != nil {
output.Errorf("failed to update role: %v", err) output.Errorf("failed to update role: %v", err)
} }
@@ -201,13 +324,15 @@ func RunRoleUpdate(roleName string, args []string, tokenFlag string) {
// RunRoleDelete implements `hf role delete <role-name>`. // RunRoleDelete implements `hf role delete <role-name>`.
func RunRoleDelete(roleName, tokenFlag string) { func RunRoleDelete(roleName, tokenFlag string) {
token := ResolveToken(tokenFlag) c, err := loadRoleClient(tokenFlag)
cfg, err := config.Load()
if err != nil { if err != nil {
output.Errorf("config error: %v", err) output.Errorf("%v", err)
} }
c := client.New(cfg.BaseURL, token) role, err := findRoleByName(c, roleName)
_, err = c.Delete("/roles/" + roleName) if err != nil {
output.Errorf("failed to delete role: %v", err)
}
_, err = c.Delete(fmt.Sprintf("/roles/%d", role.ID))
if err != nil { if err != nil {
output.Errorf("failed to delete role: %v", err) output.Errorf("failed to delete role: %v", err)
} }
@@ -216,26 +341,22 @@ func RunRoleDelete(roleName, tokenFlag string) {
// RunRoleSetPermissions implements `hf role set-permissions <role-name> --permission <perm> [...]`. // RunRoleSetPermissions implements `hf role set-permissions <role-name> --permission <perm> [...]`.
func RunRoleSetPermissions(roleName string, permissions []string, tokenFlag string) { func RunRoleSetPermissions(roleName string, permissions []string, tokenFlag string) {
token := ResolveToken(tokenFlag) c, err := loadRoleClient(tokenFlag)
if err != nil {
output.Errorf("%v", err)
}
if len(permissions) == 0 { if len(permissions) == 0 {
output.Error("usage: hf role set-permissions <role-name> --permission <perm> [--permission <perm> ...]") output.Error("usage: hf role set-permissions <role-name> --permission <perm> [--permission <perm> ...]")
} }
role, err := findRoleByName(c, roleName)
payload := map[string]interface{}{
"permissions": permissions,
}
body, err := json.Marshal(payload)
if err != nil { if err != nil {
output.Errorf("cannot marshal payload: %v", err) output.Errorf("failed to set permissions: %v", err)
} }
permissionIDs, err := resolvePermissionIDs(c, permissions)
cfg, err := config.Load()
if err != nil { if err != nil {
output.Errorf("config error: %v", err) output.Errorf("failed to set permissions: %v", err)
} }
c := client.New(cfg.BaseURL, token) if err := replaceRolePermissions(c, role.ID, permissionIDs); err != nil {
_, err = c.Put("/roles/"+roleName+"/permissions", bytes.NewReader(body))
if err != nil {
output.Errorf("failed to set permissions: %v", err) output.Errorf("failed to set permissions: %v", err)
} }
@@ -244,69 +365,91 @@ func RunRoleSetPermissions(roleName string, permissions []string, tokenFlag stri
// RunRoleAddPermissions implements `hf role add-permissions <role-name> --permission <perm> [...]`. // RunRoleAddPermissions implements `hf role add-permissions <role-name> --permission <perm> [...]`.
func RunRoleAddPermissions(roleName string, permissions []string, tokenFlag string) { func RunRoleAddPermissions(roleName string, permissions []string, tokenFlag string) {
token := ResolveToken(tokenFlag) c, err := loadRoleClient(tokenFlag)
if err != nil {
output.Errorf("%v", err)
}
if len(permissions) == 0 { if len(permissions) == 0 {
output.Error("usage: hf role add-permissions <role-name> --permission <perm> [--permission <perm> ...]") output.Error("usage: hf role add-permissions <role-name> --permission <perm> [--permission <perm> ...]")
} }
role, err := findRoleByName(c, roleName)
payload := map[string]interface{}{
"permissions": permissions,
}
body, err := json.Marshal(payload)
if err != nil { if err != nil {
output.Errorf("cannot marshal payload: %v", err) output.Errorf("failed to add permissions: %v", err)
} }
detail, err := fetchRoleDetailByName(c, roleName)
cfg, err := config.Load()
if err != nil { if err != nil {
output.Errorf("config error: %v", err) output.Errorf("failed to add permissions: %v", err)
} }
c := client.New(cfg.BaseURL, token) currentIDs := make([]int, 0, len(detail.Permissions))
_, err = c.Post("/roles/"+roleName+"/permissions", bytes.NewReader(body)) seen := map[int]struct{}{}
for _, p := range detail.Permissions {
seen[p.ID] = struct{}{}
currentIDs = append(currentIDs, p.ID)
}
newIDs, err := resolvePermissionIDs(c, permissions)
if err != nil { if err != nil {
output.Errorf("failed to add permissions: %v", err) output.Errorf("failed to add permissions: %v", err)
} }
for _, id := range newIDs {
if _, ok := seen[id]; ok {
continue
}
seen[id] = struct{}{}
currentIDs = append(currentIDs, id)
}
if err := replaceRolePermissions(c, role.ID, currentIDs); err != nil {
output.Errorf("failed to add permissions: %v", err)
}
fmt.Printf("permissions added to role %s: %s\n", roleName, strings.Join(permissions, ", ")) fmt.Printf("permissions added to role %s: %s\n", roleName, strings.Join(permissions, ", "))
} }
// RunRoleRemovePermissions implements `hf role remove-permissions <role-name> --permission <perm> [...]`. // RunRoleRemovePermissions implements `hf role remove-permissions <role-name> --permission <perm> [...]`.
func RunRoleRemovePermissions(roleName string, permissions []string, tokenFlag string) { func RunRoleRemovePermissions(roleName string, permissions []string, tokenFlag string) {
token := ResolveToken(tokenFlag) c, err := loadRoleClient(tokenFlag)
if err != nil {
output.Errorf("%v", err)
}
if len(permissions) == 0 { if len(permissions) == 0 {
output.Error("usage: hf role remove-permissions <role-name> --permission <perm> [--permission <perm> ...]") output.Error("usage: hf role remove-permissions <role-name> --permission <perm> [--permission <perm> ...]")
} }
role, err := findRoleByName(c, roleName)
payload := map[string]interface{}{
"permissions": permissions,
}
body, err := json.Marshal(payload)
if err != nil { if err != nil {
output.Errorf("cannot marshal payload: %v", err) output.Errorf("failed to remove permissions: %v", err)
} }
detail, err := fetchRoleDetailByName(c, roleName)
cfg, err := config.Load()
if err != nil { if err != nil {
output.Errorf("config error: %v", err) output.Errorf("failed to remove permissions: %v", err)
} }
c := client.New(cfg.BaseURL, token) removeIDs, err := resolvePermissionIDs(c, permissions)
_, err = c.Do("DELETE", "/roles/"+roleName+"/permissions", bytes.NewReader(body))
if err != nil { if err != nil {
output.Errorf("failed to remove permissions: %v", err) output.Errorf("failed to remove permissions: %v", err)
} }
removeSet := map[int]struct{}{}
for _, id := range removeIDs {
removeSet[id] = struct{}{}
}
remaining := make([]int, 0, len(detail.Permissions))
for _, p := range detail.Permissions {
if _, ok := removeSet[p.ID]; ok {
continue
}
remaining = append(remaining, p.ID)
}
if err := replaceRolePermissions(c, role.ID, remaining); err != nil {
output.Errorf("failed to remove permissions: %v", err)
}
fmt.Printf("permissions removed from role %s: %s\n", roleName, strings.Join(permissions, ", ")) fmt.Printf("permissions removed from role %s: %s\n", roleName, strings.Join(permissions, ", "))
} }
// RunPermissionList implements `hf permission list`. // RunPermissionList implements `hf permission list`.
func RunPermissionList(tokenFlag string) { func RunPermissionList(tokenFlag string) {
token := ResolveToken(tokenFlag) c, err := loadRoleClient(tokenFlag)
cfg, err := config.Load()
if err != nil { if err != nil {
output.Errorf("config error: %v", err) output.Errorf("%v", err)
} }
c := client.New(cfg.BaseURL, token) data, err := c.Get("/roles/permissions")
data, err := c.Get("/permissions")
if err != nil { if err != nil {
output.Errorf("failed to list permissions: %v", err) output.Errorf("failed to list permissions: %v", err)
} }
@@ -325,10 +468,10 @@ func RunPermissionList(tokenFlag string) {
output.Errorf("cannot parse permission list: %v", err) output.Errorf("cannot parse permission list: %v", err)
} }
headers := []string{"CODENAME", "DESCRIPTION"} headers := []string{"ID", "NAME", "CATEGORY", "DESCRIPTION"}
var rows [][]string var rows [][]string
for _, p := range perms { for _, p := range perms {
rows = append(rows, []string{p.Codename, p.Description}) rows = append(rows, []string{fmt.Sprintf("%d", p.ID), p.Name, p.Category, p.Description})
} }
output.PrintTable(headers, rows) output.PrintTable(headers, rows)
} }