---
--- Generated by EmmyLua(https://github.com/EmmyLua)
--- Created by admin.
--- DateTime: 2025/11/3 11:31
---

local RBAC = {}
RBAC.__index = RBAC

-- RBAC模型初始化
function RBAC.new()
    local self = setmetatable({}, RBAC)
    self.users = {}      -- 用户表: {user_id = {roles = {role1, role2}}}
    self.roles = {}      -- 角色表: {role_name = {permissions = {perm1, perm2}}}
    self.permissions = {} -- 权限表: {perm_name = {resource = "", action = ""}}
    return self
end

-- 添加权限
function RBAC:add_permission(perm_name, resource, action)
    self.permissions[perm_name] = {
        resource = resource,
        action = action
    }
end

-- 添加角色并分配权限
function RBAC:add_role(role_name, permissions)
    self.roles[role_name] = {
        permissions = permissions or {}
    }
end

-- 分配角色给用户
function RBAC:assign_role(user_id, role_name)
    if not self.users[user_id] then
        self.users[user_id] = {roles = {}}
    end
    table.insert(self.users[user_id].roles, role_name)
end

-- 检查用户权限
function RBAC:check_permission(user_id, resource, action)
    local user = self.users[user_id]
    if not user then return false end

    for _, role_name in ipairs(user.roles) do
        local role = self.roles[role_name]
        if role then
            for _, perm_name in ipairs(role.permissions) do
                local permission = self.permissions[perm_name]
                if permission and permission.resource == resource and permission.action == action then
                    return true
                end
            end
        end
    end
    return false
end

-- 获取用户所有权限
function RBAC:get_user_permissions(user_id)
    local user_permissions = {}
    local user = self.users[user_id]
    if not user then return user_permissions end

    for _, role_name in ipairs(user.roles) do
        local role = self.roles[role_name]
        if role then
            for _, perm_name in ipairs(role.permissions) do
                table.insert(user_permissions, self.permissions[perm_name])
            end
        end
    end
    return user_permissions
end

-- 添加角色
--_, err = permit.AddPolicy(roleName, roleId, action)

-- 赋予用户角色
--_, err = permit.AddRoleForUser(user, roleName)

-- 查看具有某角色的所有用户
--res, err = permit.GetUsersForRole(roleName)

-- 移除用户具有的角色
--_, err = permit.DeleteRoleForUser(user, roleName)

-- 移除角色，跟角色相关联的用户都被移除
--_, err = permit.DeleteRole(roleName)

return RBAC