29d0310f03
Add new frontend pages for the multi-tenant OCDP platform: - Charts page (/charts): Browse Harbor OCI registries to list Helm chart repositories and versions, with deploy modal to launch charts on selected clusters - Monitoring page (/monitoring): Display cluster metrics (CPU/Memory/GPU usage) and per-node details with resource utilization bars - Chart References page (/chart-references): CRUD for chart metadata references - Values Templates page (/templates): CRUD for Helm values templates with version history and rollback support - Sidebar: Add Charts navigation, update Storage and Templates links - api.ts: Add all API client functions (clusterApi, registryApi, instanceApi, monitoringApi, storageApi, chartReferenceApi, valuesTemplateApi, workspaceApi, userApi) with full TypeScript types Note: deploy flow and values template rollback not yet end-to-end tested.
83 lines
2.0 KiB
Go
83 lines
2.0 KiB
Go
package entity
|
||
|
||
import (
|
||
"time"
|
||
)
|
||
|
||
// UserRole 用户角色
|
||
type UserRole string
|
||
|
||
const (
|
||
RoleAdmin UserRole = "admin"
|
||
RoleUser UserRole = "user"
|
||
)
|
||
|
||
// User 用户领域实体
|
||
type User struct {
|
||
ID string
|
||
Username string
|
||
PasswordHash string
|
||
Email string
|
||
Role UserRole // 用户角色: admin, user
|
||
WorkspaceID string // 所属工作空间,admin 为空表示全局
|
||
IsActive bool // 账户是否激活
|
||
MustChangePassword bool // 首次登录必须修改密码
|
||
RevokedAfter time.Time // 全局 Token 撤销时间
|
||
CreatedAt time.Time
|
||
UpdatedAt time.Time
|
||
}
|
||
|
||
// NewUser 创建新用户
|
||
func NewUser(username, passwordHash, email string) *User {
|
||
now := time.Now()
|
||
return &User{
|
||
Username: username,
|
||
PasswordHash: passwordHash,
|
||
Email: email,
|
||
Role: RoleUser, // 默认普通用户
|
||
IsActive: true,
|
||
MustChangePassword: true, // 首次登录必须修改密码
|
||
RevokedAfter: time.Unix(0, 0), // 初始值:1970-01-01
|
||
CreatedAt: now,
|
||
UpdatedAt: now,
|
||
}
|
||
}
|
||
|
||
// IsAdmin 判断是否为管理员
|
||
func (u *User) IsAdmin() bool {
|
||
return u.Role == RoleAdmin
|
||
}
|
||
|
||
// CanAccessWorkspace 检查是否可以访问指定工作空间
|
||
func (u *User) CanAccessWorkspace(workspaceID string) bool {
|
||
if u.IsAdmin() {
|
||
return true // Admin 可以访问所有工作空间
|
||
}
|
||
return u.WorkspaceID == workspaceID
|
||
}
|
||
|
||
// UpdatePassword 更新密码(会触发全局登出)
|
||
func (u *User) UpdatePassword(newPasswordHash string) {
|
||
u.PasswordHash = newPasswordHash
|
||
u.RevokedAfter = time.Now() // 撤销所有旧 Token
|
||
u.UpdatedAt = time.Now()
|
||
}
|
||
|
||
// RevokeAllTokens 撤销所有 Token(强制全局登出)
|
||
func (u *User) RevokeAllTokens() {
|
||
u.RevokedAfter = time.Now()
|
||
u.UpdatedAt = time.Now()
|
||
}
|
||
|
||
// Validate 验证用户数据
|
||
func (u *User) Validate() error {
|
||
if u.Username == "" {
|
||
return ErrInvalidUsername
|
||
}
|
||
if u.PasswordHash == "" {
|
||
return ErrInvalidPassword
|
||
}
|
||
return nil
|
||
}
|
||
|