feat: enhance permission control and label management (#9215)

* 标签管理

* pr检查优化

* feat(role): Implement role management functionality

- Add role management routes in `server/router.go` for listing, getting, creating, updating, and deleting roles
- Introduce `initRoles()` in `internal/bootstrap/data/data.go` for initializing roles during bootstrap
- Create `internal/op/role.go` to handle role operations including caching and singleflight
- Implement role handler functions in `server/handles/role.go` for API responses
- Define database operations for roles in `internal/db/role.go`
- Extend `internal/db/db.go` for role model auto-migration
- Design `internal/model/role.go` to represent role structure with ID, name, description, base path, and permissions
- Initialize default roles (`admin` and `guest`) in `internal/bootstrap/data/role.go` during startup

* refactor(user roles): Support multiple roles for users

- Change the `Role` field type from `int` to `[]int` in `drivers/alist_v3/types.go` and `drivers/quqi/types.go`.
- Update the `Role` field in `internal/model/user.go` to use a new `Roles` type with JSON and database support.
- Modify `IsGuest` and `IsAdmin` methods to check for roles using `Contains` method.
- Update `GetUserByRole` method in `internal/db/user.go` to handle multiple roles.
- Add `roles.go` to define a new `Roles` type with JSON marshalling and scanning capabilities.
- Adjust code in `server/handles/user.go` to compare roles with `utils.SliceEqual`.
- Change role initialization for users in `internal/bootstrap/data/dev.go` and `internal/bootstrap/data/user.go`.
- Update `Role` handling in `server/handles/task.go`, `server/handles/ssologin.go`, and `server/handles/ldap_login.go`.

* feat(user/role): Add path limit check for user and role permissions

- Add new permission bit for checking path limits in `user.go`
- Implement `CheckPathLimit` method in `User` struct to validate path access
- Modify `JoinPath` method in `User` to enforce path limit checks
- Update `role.go` to include path limit logic in `Role` struct
- Document new permission bit in `Role` and `User` comments for clarity

* feat(permission): Add role-based permission handling

- Introduce `role_perm.go` for managing user permissions based on roles.
- Implement `HasPermission` and `MergeRolePermissions` functions.
- Update `webdav.go` to utilize role-based permissions instead of direct user checks.
- Modify `fsup.go` to integrate `CanAccessWithRoles` function.
- Refactor `fsread.go` to use `common.HasPermission` for permission validation.
- Adjust `fsmanage.go` for role-based access control checks.
- Enhance `ftp.go` and `sftp.go` to manage FTP access via roles.
- Update `fsbatch.go` to employ `MergeRolePermissions` for batch operations.
- Replace direct user permission checks with role-based permission handling across various modules.

* refactor(user): Replace integer role values with role IDs

- Change `GetAdmin()` and `GetGuest()` functions to retrieve role by name and use role ID.
- Add patch for version `v3.45.2` to convert legacy integer roles to role IDs.
- Update `dev.go` and `user.go` to use role IDs instead of integer values for roles.
- Remove redundant code in `role.go` related to guest role creation.
- Modify `ssologin.go` and `ldap_login.go` to set user roles to nil instead of using integer roles.
- Introduce `convert_roles.go` to handle conversion of legacy roles and ensure role existence in the database.

* feat(role_perm): implement support for multiple base paths for roles

- Modify role permission checks to support multiple base paths
- Update role creation and update functions to handle multiple base paths
- Add migration script to convert old base_path to base_paths
- Define new Paths type for handling multiple paths in the model
- Adjust role model to replace BasePath with BasePaths
- Update existing patches to handle roles with multiple base paths
- Update bootstrap data to reflect the new base_paths field

* feat(role): Restrict modifications to default roles (admin and guest)

- Add validation to prevent changes to "admin" and "guest" roles in `UpdateRole` and `DeleteRole` functions.
- Introduce `ErrChangeDefaultRole` error in `internal/errs/role.go` to standardize error messaging.
- Update role-related API handlers in `server/handles/role.go` to enforce the new restriction.
- Enhance comments in `internal/bootstrap/data/role.go` to clarify the significance of default roles.
- Ensure consistent error responses for unauthorized role modifications across the application.

* 🔄 **refactor(role): Enhance role permission handling**

- Replaced `BasePaths` with `PermissionPaths` in `Role` struct for better permission granularity.
- Introduced JSON serialization for `PermissionPaths` using `RawPermission` field in `Role` struct.
- Implemented `BeforeSave` and `AfterFind` GORM hooks for handling `PermissionPaths` serialization.
- Refactored permission calculation logic in `role_perm.go` to work with `PermissionPaths`.
- Updated role creation logic to initialize `PermissionPaths` for `admin` and `guest` roles.
- Removed deprecated `CheckPathLimit` method from `Role` struct.

* fix(model/user/role): update permission settings for admin and role

- Change `RawPermission` field in `role.go` to hide JSON representation
- Update `Permission` field in `user.go` to `0xFFFF` for full access
- Modify `PermissionScopes` in `role.go` to `0xFFFF` for enhanced permissions

* 🔒 feat(role-permissions): Enhance role-based access control

- Introduce `canReadPathByRole` function in `role_perm.go` to verify path access based on user roles
- Modify `CanAccessWithRoles` to include role-based path read check
- Add `RoleNames` and `Permissions` to `UserResp` struct in `auth.go` for enhanced user role and permission details
- Implement role details aggregation in `auth.go` to populate `RoleNames` and `Permissions`
- Update `User` struct in `user.go` to include `RolesDetail` for more detailed role information
- Enhance middleware in `auth.go` to load and verify detailed role information for users
- Move `guest` user initialization logic in `user.go` to improve code organization and avoid repetition

* 🔒 fix(permissions): Add permission checks for archive operations

- Add `MergeRolePermissions` and `HasPermission` checks to validate user access for reading archives
- Ensure users have `PermReadArchives` before proceeding with `GetNearestMeta` in specific archive paths
- Implement permission checks for decompress operations, requiring `PermDecompress` for source paths
- Return `PermissionDenied` errors with 403 status if user lacks necessary permissions

* 🔒 fix(server): Add permission check for offline download

- Add permission merging logic for user roles
- Check user has permission for offline download addition
- Return error response with "permission denied" if check fails

* ✨ feat(role-permission): Implement path-based role permission checks

- Add `CheckPathLimitWithRoles` function to validate access based on `PermPathLimit` permission.
- Integrate `CheckPathLimitWithRoles` in `offline_download` to enforce path-based access control.
- Apply `CheckPathLimitWithRoles` across file system management operations (e.g., creation, movement, deletion).
- Ensure `CheckPathLimitWithRoles` is invoked for batch operations and archive-related actions.
- Update error handling to return `PermissionDenied` if the path validation fails.
- Import `errs` package in `offline_download` for consistent error responses.

* ✨ feat(role-permission): Implement path-based role permission checks

- Add `CheckPathLimitWithRoles` function to validate access based on `PermPathLimit` permission.
- Integrate `CheckPathLimitWithRoles` in `offline_download` to enforce path-based access control.
- Apply `CheckPathLimitWithRoles` across file system management operations (e.g., creation, movement, deletion).
- Ensure `CheckPathLimitWithRoles` is invoked for batch operations and archive-related actions.
- Update error handling to return `PermissionDenied` if the path validation fails.
- Import `errs` package in `offline_download` for consistent error responses.

* ♻️ refactor(access-control): Update access control logic to use role-based checks

- Remove deprecated logic from `CanAccess` function in `check.go`, replacing it with `CanAccessWithRoles` for improved role-based access control.
- Modify calls in `search.go` to use `CanAccessWithRoles` for more precise handling of permissions.
- Update `fsread.go` to utilize `CanAccessWithRoles`, ensuring accurate access validation based on user roles.
- Simplify import statements in `check.go` by removing unused packages to clean up the codebase.

* ✨ feat(fs): Improve visibility logic for hidden files

- Import `server/common` package to handle permissions more robustly
- Update `whetherHide` function to use `MergeRolePermissions` for user-specific path permissions
- Replace direct user checks with `HasPermission` for `PermSeeHides`
- Enhance logic to ensure `nil` user cases are handled explicitly

* 标签管理

* feat(db/auth/user): Enhance role handling and clean permission paths

- Comment out role modification checks in `server/handles/user.go` to allow flexible role changes.
- Improve permission path handling in `server/handles/auth.go` by normalizing and deduplicating paths.
- Introduce `addedPaths` map in `CurrentUser` to prevent duplicate permissions.

* feat(storage/db): Implement role permissions path prefix update

- Add `UpdateRolePermissionsPathPrefix` function in `role.go` to update role permissions paths.
- Modify `storage.go` to call the new function when the mount path is renamed.
- Introduce path cleaning and prefix matching logic for accurate path updates.
- Ensure roles are updated only if their permission scopes are modified.
- Handle potential errors with informative messages during database operations.

* feat(role-migration): Implement role conversion and introduce NEWGENERAL role

- Add `NEWGENERAL` to the roles enumeration in `user.go`
- Create new file `convert_role.go` for migrating legacy roles to new model
- Implement `ConvertLegacyRoles` function to handle role conversion with permission scopes
- Add `convert_role.go` patch to `all.go` under version `v3.46.0`

* feat(role/auth): Add role retrieval by user ID and update path prefixes

- Add `GetRolesByUserID` function for efficient role retrieval by user ID
- Implement `UpdateUserBasePathPrefix` to update user base paths
- Modify `UpdateRolePermissionsPathPrefix` to return modified role IDs
- Update `auth.go` middleware to use the new role retrieval function
- Refresh role and user caches upon path prefix updates to maintain consistency

---------

Co-authored-by: Leslie-Xy <540049476@qq.com>

Author: okatu-loli

drivers/alist_v3/driver.go

@@ -56,7 +56,7 @@ func (d *AListV3) Init(ctx context.Context) error {
 	if err != nil {
 		return err
 	}
-	if resp.Data.Role == model.GUEST {
+	if utils.SliceContains(resp.Data.Role, model.GUEST) {
 		u := d.Address + "/api/public/settings"
 		res, err := base.RestyClient.R().Get(u)
 		if err != nil {

drivers/alist_v3/types.go

@@ -76,7 +76,7 @@ type MeResp struct {
 	Username   string `json:"username"`
 	Password   string `json:"password"`
 	BasePath   string `json:"base_path"`
-	Role       int    `json:"role"`
+	Role       []int  `json:"role"`
 	Disabled   bool   `json:"disabled"`
 	Permission int    `json:"permission"`
 	SsoId      string `json:"sso_id"`

drivers/quqi/types.go

@@ -83,7 +83,7 @@ type Group struct {
 	Type            int    `json:"type"`
 	Name            string `json:"name"`
 	IsAdministrator int    `json:"is_administrator"`
-	Role            int    `json:"role"`
+	Role            []int  `json:"role"`
 	Avatar          string `json:"avatar_url"`
 	IsStick         int    `json:"is_stick"`
 	Nickname        string `json:"nickname"`

internal/bootstrap/data/data.go

@@ -3,6 +3,7 @@ package data
 import "github.com/alist-org/alist/v3/cmd/flags"
 
 func InitData() {
+	initRoles()
 	initUser()
 	initSettings()
 	initTasks()

internal/bootstrap/data/dev.go

@@ -26,7 +26,7 @@ func initDevData() {
 		Username:   "Noah",
 		Password:   "hsu",
 		BasePath:   "/data",
-		Role:       0,
+		Role:       nil,
 		Permission: 512,
 	})
 	if err != nil {

internal/bootstrap/data/role.go

@@ -0,0 +1,52 @@
+package data
+
+// initRoles creates the default admin and guest roles if missing.
+// These roles are essential and must not be modified or removed.
+
+import (
+	"github.com/alist-org/alist/v3/internal/model"
+	"github.com/alist-org/alist/v3/internal/op"
+	"github.com/alist-org/alist/v3/pkg/utils"
+	"github.com/pkg/errors"
+	"gorm.io/gorm"
+)
+
+func initRoles() {
+	guestRole, err := op.GetRoleByName("guest")
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			guestRole = &model.Role{
+				ID:          uint(model.GUEST),
+				Name:        "guest",
+				Description: "Guest",
+				PermissionScopes: []model.PermissionEntry{
+					{Path: "/", Permission: 0},
+				},
+			}
+			if err := op.CreateRole(guestRole); err != nil {
+				utils.Log.Fatalf("[init role] Failed to create guest role: %v", err)
+			}
+		} else {
+			utils.Log.Fatalf("[init role] Failed to get guest role: %v", err)
+		}
+	}
+
+	_, err = op.GetRoleByName("admin")
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			adminRole := &model.Role{
+				ID:          uint(model.ADMIN),
+				Name:        "admin",
+				Description: "Administrator",
+				PermissionScopes: []model.PermissionEntry{
+					{Path: "/", Permission: 0xFFFF},
+				},
+			}
+			if err := op.CreateRole(adminRole); err != nil {
+				utils.Log.Fatalf("[init role] Failed to create admin role: %v", err)
+			}
+		} else {
+			utils.Log.Fatalf("[init role] Failed to get admin role: %v", err)
+		}
+	}
+}

internal/bootstrap/data/user.go

@@ -1,10 +1,10 @@
 package data
 
 import (
+	"github.com/alist-org/alist/v3/internal/db"
 	"os"
 
 	"github.com/alist-org/alist/v3/cmd/flags"
-	"github.com/alist-org/alist/v3/internal/db"
 	"github.com/alist-org/alist/v3/internal/model"
 	"github.com/alist-org/alist/v3/internal/op"
 	"github.com/alist-org/alist/v3/pkg/utils"
@@ -14,6 +14,28 @@ import (
 )
 
 func initUser() {
+	guest, err := op.GetGuest()
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			salt := random.String(16)
+			guestRole, _ := op.GetRoleByName("guest")
+			guest = &model.User{
+				Username:   "guest",
+				PwdHash:    model.TwoHashPwd("guest", salt),
+				Salt:       salt,
+				Role:       model.Roles{int(guestRole.ID)},
+				BasePath:   "/",
+				Permission: 0,
+				Disabled:   true,
+				Authn:      "[]",
+			}
+			if err := db.CreateUser(guest); err != nil {
+				utils.Log.Fatalf("[init user] Failed to create guest user: %v", err)
+			}
+		} else {
+			utils.Log.Fatalf("[init user] Failed to get guest user: %v", err)
+		}
+	}
 	admin, err := op.GetAdmin()
 	adminPassword := random.String(8)
 	envpass := os.Getenv("ALIST_ADMIN_PASSWORD")
@@ -25,15 +47,16 @@ func initUser() {
 	if err != nil {
 		if errors.Is(err, gorm.ErrRecordNotFound) {
 			salt := random.String(16)
+			adminRole, _ := op.GetRoleByName("admin")
 			admin = &model.User{
 				Username: "admin",
 				Salt:     salt,
 				PwdHash:  model.TwoHashPwd(adminPassword, salt),
-				Role:     model.ADMIN,
+				Role:     model.Roles{int(adminRole.ID)},
 				BasePath: "/",
 				Authn:    "[]",
 				// 0(can see hidden) - 7(can remove) & 12(can read archives) - 13(can decompress archives)
-				Permission: 0x30FF,
+				Permission: 0xFFFF,
 			}
 			if err := op.CreateUser(admin); err != nil {
 				panic(err)
@@ -44,25 +67,4 @@ func initUser() {
 			utils.Log.Fatalf("[init user] Failed to get admin user: %v", err)
 		}
 	}
-	guest, err := op.GetGuest()
-	if err != nil {
-		if errors.Is(err, gorm.ErrRecordNotFound) {
-			salt := random.String(16)
-			guest = &model.User{
-				Username:   "guest",
-				PwdHash:    model.TwoHashPwd("guest", salt),
-				Salt:       salt,
-				Role:       model.GUEST,
-				BasePath:   "/",
-				Permission: 0,
-				Disabled:   true,
-				Authn:      "[]",
-			}
-			if err := db.CreateUser(guest); err != nil {
-				utils.Log.Fatalf("[init user] Failed to create guest user: %v", err)
-			}
-		} else {
-			utils.Log.Fatalf("[init user] Failed to get guest user: %v", err)
-		}
-	}
 }

internal/bootstrap/patch/all.go

@@ -4,6 +4,7 @@ import (
 	"github.com/alist-org/alist/v3/internal/bootstrap/patch/v3_24_0"
 	"github.com/alist-org/alist/v3/internal/bootstrap/patch/v3_32_0"
 	"github.com/alist-org/alist/v3/internal/bootstrap/patch/v3_41_0"
+	"github.com/alist-org/alist/v3/internal/bootstrap/patch/v3_46_0"
 )
 
 type VersionPatches struct {
@@ -32,4 +33,10 @@ var UpgradePatches = []VersionPatches{
 			v3_41_0.GrantAdminPermissions,
 		},
 	},
+	{
+		Version: "v3.46.0",
+		Patches: []func(){
+			v3_46_0.ConvertLegacyRoles,
+		},
+	},
 }

internal/bootstrap/patch/v3_46_0/convert_role.go

@@ -0,0 +1,129 @@
+package v3_46_0
+
+import (
+	"errors"
+	"github.com/alist-org/alist/v3/internal/db"
+	"github.com/alist-org/alist/v3/internal/model"
+	"github.com/alist-org/alist/v3/internal/op"
+	"github.com/alist-org/alist/v3/pkg/utils"
+	"gorm.io/gorm"
+)
+
+// ConvertLegacyRoles migrates old integer role values to a new role model with permission scopes.
+func ConvertLegacyRoles() {
+	guestRole, err := op.GetRoleByName("guest")
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			guestRole = &model.Role{
+				ID:          uint(model.GUEST),
+				Name:        "guest",
+				Description: "Guest",
+				PermissionScopes: []model.PermissionEntry{
+					{
+						Path:       "/",
+						Permission: 0,
+					},
+				},
+			}
+			if err = op.CreateRole(guestRole); err != nil {
+				utils.Log.Errorf("[convert roles] failed to create guest role: %v", err)
+				return
+			}
+		} else {
+			utils.Log.Errorf("[convert roles] failed to get guest role: %v", err)
+			return
+		}
+	}
+
+	adminRole, err := op.GetRoleByName("admin")
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			adminRole = &model.Role{
+				ID:          uint(model.ADMIN),
+				Name:        "admin",
+				Description: "Administrator",
+				PermissionScopes: []model.PermissionEntry{
+					{
+						Path:       "/",
+						Permission: 0x33FF,
+					},
+				},
+			}
+			if err = op.CreateRole(adminRole); err != nil {
+				utils.Log.Errorf("[convert roles] failed to create admin role: %v", err)
+				return
+			}
+		} else {
+			utils.Log.Errorf("[convert roles] failed to get admin role: %v", err)
+			return
+		}
+	}
+
+	generalRole, err := op.GetRoleByName("general")
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			generalRole = &model.Role{
+				ID:          uint(model.NEWGENERAL),
+				Name:        "general",
+				Description: "General User",
+				PermissionScopes: []model.PermissionEntry{
+					{
+						Path:       "/",
+						Permission: 0,
+					},
+				},
+			}
+			if err = op.CreateRole(generalRole); err != nil {
+				utils.Log.Errorf("[convert roles] failed create general role: %v", err)
+				return
+			}
+		} else {
+			utils.Log.Errorf("[convert roles] failed get general role: %v", err)
+			return
+		}
+	}
+
+	users, _, err := op.GetUsers(1, -1)
+	if err != nil {
+		utils.Log.Errorf("[convert roles] failed to get users: %v", err)
+		return
+	}
+
+	for i := range users {
+		user := users[i]
+		if user.Role == nil {
+			continue
+		}
+		changed := false
+		var roles model.Roles
+		for _, r := range user.Role {
+			switch r {
+			case model.ADMIN:
+				roles = append(roles, int(adminRole.ID))
+				if int(adminRole.ID) != r {
+					changed = true
+				}
+			case model.GUEST:
+				roles = append(roles, int(guestRole.ID))
+				if int(guestRole.ID) != r {
+					changed = true
+				}
+			case model.GENERAL:
+				roles = append(roles, int(generalRole.ID))
+				if int(generalRole.ID) != r {
+					changed = true
+				}
+			default:
+				roles = append(roles, r)
+			}
+		}
+		if changed {
+			user.Role = roles
+			if err := db.UpdateUser(&user); err != nil {
+				utils.Log.Errorf("[convert roles] failed to update user %s: %v", user.Username, err)
+			}
+		}
+	}
+
+	utils.Log.Infof("[convert roles] completed role conversion for %d users", len(users))
+}

internal/db/db.go

@@ -12,7 +12,7 @@ var db *gorm.DB
 
 func Init(d *gorm.DB) {
 	db = d
-	err := AutoMigrate(new(model.Storage), new(model.User), new(model.Meta), new(model.SettingItem), new(model.SearchNode), new(model.TaskItem), new(model.SSHPublicKey))
+	err := AutoMigrate(new(model.Storage), new(model.User), new(model.Meta), new(model.SettingItem), new(model.SearchNode), new(model.TaskItem), new(model.SSHPublicKey), new(model.Role), new(model.Label), new(model.LabelFileBinDing), new(model.ObjFile))
 	if err != nil {
 		log.Fatalf("failed migrate database: %s", err.Error())
 	}