/** * 角色权限管理路由 * @file role-permissions.js * @description 定义角色权限管理相关的API路由 */ const express = require('express'); const router = express.Router(); const rolePermissionController = require('../controllers/rolePermissionController'); const { verifyToken } = require('../middleware/auth'); const { requirePermission } = require('../middleware/permission'); // 公开API路由,不需要验证token const publicRoutes = express.Router(); router.use('/public', publicRoutes); // 公开获取角色列表 publicRoutes.get('/roles', rolePermissionController.getAllRoles); // 公开获取角色详情 publicRoutes.get('/roles/:id', rolePermissionController.getRoleById); // 公开获取菜单权限列表 publicRoutes.get('/menus', rolePermissionController.getAllMenuPermissions); // 公开获取角色菜单权限 publicRoutes.get('/roles/:roleId/menus', rolePermissionController.getRoleMenuPermissions); // 公开获取所有权限 publicRoutes.get('/permissions', rolePermissionController.getAllPermissions); // 公开获取权限模块列表 publicRoutes.get('/permissions/modules', rolePermissionController.getPermissionModules); // 公开获取角色功能权限 publicRoutes.get('/roles/:roleId/permissions', rolePermissionController.getRolePermissions); // 所有其他路由都需要认证 router.use(verifyToken); /** * @swagger * components: * schemas: * Role: * type: object * properties: * id: * type: integer * description: 角色ID * name: * type: string * description: 角色名称 * description: * type: string * description: 角色描述 * status: * type: boolean * description: 状态 * created_at: * type: string * format: date-time * description: 创建时间 * updated_at: * type: string * format: date-time * description: 更新时间 * menuPermissions: * type: array * items: * $ref: '#/components/schemas/MenuPermission' * description: 菜单权限列表 */ /** * @swagger * /api/role-permissions/roles: * get: * summary: 获取角色列表 * tags: [Role Permissions] * parameters: * - in: query * name: page * schema: * type: integer * default: 1 * description: 页码 * - in: query * name: pageSize * schema: * type: integer * default: 10 * description: 每页数量 * - in: query * name: search * schema: * type: string * description: 搜索关键词 * responses: * 200: * description: 成功获取角色列表 * content: * application/json: * schema: * type: object * properties: * success: * type: boolean * data: * type: object * properties: * list: * type: array * items: * $ref: '#/components/schemas/Role' * pagination: * type: object * properties: * current: * type: integer * pageSize: * type: integer * total: * type: integer * pages: * type: integer * message: * type: string */ router.get('/roles', requirePermission('role:view'), rolePermissionController.getAllRoles); /** * @swagger * /api/role-permissions/roles/{id}: * get: * summary: 获取角色详情 * tags: [Role Permissions] * parameters: * - in: path * name: id * required: true * schema: * type: integer * description: 角色ID * responses: * 200: * description: 成功获取角色详情 * 404: * description: 角色不存在 */ router.get('/roles/:id', requirePermission('role:view'), rolePermissionController.getRoleById); /** * @swagger * /api/role-permissions/roles: * post: * summary: 创建角色 * tags: [Role Permissions] * security: * - bearerAuth: [] * requestBody: * required: true * content: * application/json: * schema: * type: object * required: * - name * properties: * name: * type: string * description: 角色名称 * description: * type: string * description: 角色描述 * status: * type: boolean * description: 状态 * menuIds: * type: array * items: * type: integer * description: 菜单权限ID数组 * responses: * 201: * description: 角色创建成功 * 400: * description: 请求参数错误 */ router.post('/roles', requirePermission('role:create'), rolePermissionController.createRole); /** * @swagger * /api/role-permissions/roles/{id}: * put: * summary: 更新角色 * tags: [Role Permissions] * security: * - bearerAuth: [] * parameters: * - in: path * name: id * required: true * schema: * type: integer * description: 角色ID * requestBody: * required: true * content: * application/json: * schema: * type: object * properties: * name: * type: string * description: 角色名称 * description: * type: string * description: 角色描述 * status: * type: boolean * description: 状态 * menuIds: * type: array * items: * type: integer * description: 菜单权限ID数组 * responses: * 200: * description: 角色更新成功 * 404: * description: 角色不存在 */ router.put('/roles/:id', requirePermission('role:update'), rolePermissionController.updateRole); /** * @swagger * /api/role-permissions/roles/{id}: * delete: * summary: 删除角色 * tags: [Role Permissions] * security: * - bearerAuth: [] * parameters: * - in: path * name: id * required: true * schema: * type: integer * description: 角色ID * responses: * 200: * description: 角色删除成功 * 404: * description: 角色不存在 */ router.delete('/roles/:id', requirePermission('role:delete'), rolePermissionController.deleteRole); /** * @swagger * /api/role-permissions/menus: * get: * summary: 获取菜单权限列表 * tags: [Role Permissions] * security: * - bearerAuth: [] * responses: * 200: * description: 成功获取菜单权限列表 */ router.get('/menus', requirePermission('menu:view'), rolePermissionController.getAllMenuPermissions); /** * @swagger * /api/role-permissions/roles/{roleId}/menus: * get: * summary: 获取角色的菜单权限 * tags: [Role Permissions] * security: * - bearerAuth: [] * parameters: * - in: path * name: roleId * required: true * schema: * type: integer * description: 角色ID * responses: * 200: * description: 成功获取角色菜单权限 * 404: * description: 角色不存在 */ router.get('/roles/:roleId/menus', requirePermission('role:view'), rolePermissionController.getRoleMenuPermissions); /** * @swagger * /api/role-permissions/roles/{roleId}/menus: * post: * summary: 设置角色的菜单权限 * tags: [Role Permissions] * security: * - bearerAuth: [] * parameters: * - in: path * name: roleId * required: true * schema: * type: integer * description: 角色ID * requestBody: * required: true * content: * application/json: * schema: * type: object * properties: * menuIds: * type: array * items: * type: integer * description: 菜单权限ID数组 * responses: * 200: * description: 设置角色菜单权限成功 * 404: * description: 角色不存在 */ router.post('/roles/:roleId/menus', requirePermission('role:assign'), rolePermissionController.setRoleMenuPermissions); // 设置角色功能权限 router.post('/roles/:roleId/permissions', requirePermission('role:assign'), rolePermissionController.setRolePermissions); /** * @swagger * /api/role-permissions/roles/{id}/status: * put: * summary: 切换角色状态 * tags: [Role Permissions] * security: * - bearerAuth: [] * parameters: * - in: path * name: id * required: true * schema: * type: integer * description: 角色ID * requestBody: * required: true * content: * application/json: * schema: * type: object * required: * - status * properties: * status: * type: boolean * description: 角色状态 * responses: * 200: * description: 角色状态切换成功 * 404: * description: 角色不存在 */ router.put('/roles/:id/status', requirePermission('role:update'), rolePermissionController.toggleRoleStatus); module.exports = router;