Support grant user role

cmd/init/casbin.go

@@ -9,7 +9,6 @@ func loadCasbinPolicies() {
  enforcer := casbin_agent.GetDefaultCasbinEnforcer()
 
  _, err := enforcer.AddGroupingPolicies([][]string{
- {`user:root`, `role:super`, `system`},
  {`role:super`, `role:admin`, `system`},
  })
  if err != nil {

cmd/init/main.go

@@ -2,12 +2,19 @@ package main
 
 import (
  "context"
+
+ user_service "github.com/oj-lab/oj-lab-platform/services/user"
 )
 
 func main() {
  ctx := context.Background()
  initDB()
  loadCasbinPolicies()
+ err := user_service.GrantUserRole(ctx, "root", "super", "system")
+ if err != nil {
+ panic(err)
+ }
+
  loadProblemPackages(ctx)
  println("init success")
 }

services/user/user.go

@@ -2,8 +2,10 @@ package user_service
 
 import (
  "context"
+ "fmt"
 
  user_model "github.com/oj-lab/oj-lab-platform/models/user"
+ casbin_agent "github.com/oj-lab/oj-lab-platform/modules/agent/casbin"
  gorm_agent "github.com/oj-lab/oj-lab-platform/modules/agent/gorm"
  auth_module "github.com/oj-lab/oj-lab-platform/modules/auth"
  log_module "github.com/oj-lab/oj-lab-platform/modules/log"
@@ -49,6 +51,29 @@ func UpdateUser(ctx context.Context, user user_model.User) error {
  auth_module.LoginSessionData{})
 }
 
+func GrantUserRole(ctx context.Context, account, role, domain string) error {
+ exist, err := CheckUserExist(ctx, account)
+ if err != nil {
+ return err
+ }
+ if !exist {
+ return fmt.Errorf("user not exist")
+ }
+
+ enforcer := casbin_agent.GetDefaultCasbinEnforcer()
+ account = casbin_agent.UserSubjectPrefix + account
+ role = casbin_agent.RoleSubjectPrefix + role
+ notDuplicated, err := enforcer.AddRoleForUserInDomain(account, role, domain)
+ if err != nil {
+ return err
+ }
+ if !notDuplicated {
+ return fmt.Errorf("role already granted")
+ }
+
+ return nil
+}
+
 func CheckUserExist(ctx context.Context, account string) (bool, error) {
  getOptions := user_model.GetUserOptions{
  AccountQuery: account,