WiiCITMS/servers/hrPermissionTools.go

package servers

import (
	"WiiCITMS/process/hr"
	"context"
	"encoding/json"
	"fmt"

	"github.com/mark3labs/mcp-go/mcp"
	"github.com/mark3labs/mcp-go/server"
)

// HRPermissionTools 权限管理工具
var HRPermissionTools = []server.ServerTool{
	// 初始化系统权限
	{
		Tool: mcp.NewTool(
			"initSystemPermissions",
			mcp.WithDescription("初始化系统预定义权限"),
		),
		Handler: func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
			proc := hr.InitSystemPermissions()
			if proc.IsError() {
				return mcp.NewToolResultText(""), proc.Error
			}
			return mcp.NewToolResultText("初始化系统权限成功"), nil
		},
	},
	// 创建权限
	{
		Tool: mcp.NewTool(
			"createPermission",
			mcp.WithDescription("创建权限，在创建权限前应该先查询所需的权限是否已经存在，存在则不创建"),
			mcp.WithNumber("permissionId", mcp.Required(), mcp.Description("权限ID")),
			mcp.WithString("permissionName", mcp.Required(), mcp.Description("权限名称")),
			mcp.WithString("permissionCode", mcp.Required(), mcp.Description("权限代码")),
			mcp.WithString("description", mcp.Description("权限描述")),
			mcp.WithNumber("category", mcp.Description("权限分类")),
		),
		Handler: func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
			permId := request.GetInt("permissionId", 0)
			if permId <= 0 {
				return nil, fmt.Errorf("权限ID必须大于0")
			}

			name := request.GetString("permissionName", "")
			if name == "" {
				return nil, fmt.Errorf("权限名称不能为空")
			}

			code := request.GetString("permissionCode", "")
			if code == "" {
				return nil, fmt.Errorf("权限代码不能为空")
			}

			params := hr.CreatePermissionRequest{
				PermissionID:   permId,
				PermissionName: name,
				PermissionCode: code,
				Description:    request.GetString("description", ""),
				Category:       request.GetInt("category", 0),
			}

			perm, proc := hr.CreatePermission(params)
			if proc.IsError() {
				return mcp.NewToolResultText(""), proc.Error
			}

			repStr, err := json.Marshal(perm)
			if err != nil {
				return mcp.NewToolResultText(""), err
			}
			return mcp.NewToolResultText(string(repStr)), nil
		},
	},
	// 更新权限
	{
		Tool: mcp.NewTool(
			"updatePermission",
			mcp.WithDescription("更新权限"),
			mcp.WithString("permissionGuid", mcp.Required(), mcp.Description("权限GUID")),
			mcp.WithNumber("permissionId", mcp.Description("权限ID")),
			mcp.WithString("permissionName", mcp.Description("权限名称")),
			mcp.WithString("permissionCode", mcp.Description("权限代码")),
			mcp.WithString("description", mcp.Description("权限描述")),
			mcp.WithNumber("category", mcp.Description("权限分类")),
		),
		Handler: func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
			permGuid := request.GetString("permissionGuid", "")
			if permGuid == "" {
				return nil, fmt.Errorf("权限GUID不能为空")
			}

			params := hr.CreatePermissionRequest{
				PermissionID:   request.GetInt("permissionId", 0),
				PermissionName: request.GetString("permissionName", ""),
				PermissionCode: request.GetString("permissionCode", ""),
				Description:    request.GetString("description", ""),
				Category:       request.GetInt("category", 0),
			}

			perm, proc := hr.UpdatePermission(permGuid, params)
			if proc.IsError() {
				return mcp.NewToolResultText(""), proc.Error
			}

			repStr, err := json.Marshal(perm)
			if err != nil {
				return mcp.NewToolResultText(""), err
			}
			return mcp.NewToolResultText(string(repStr)), nil
		},
	},
	// 查询权限列表
	{
		Tool: mcp.NewTool(
			"queryPermissions",
			mcp.WithDescription("查询现在已经存在的权限列表"),
			mcp.WithString("permissionName", mcp.Description("权限名称，模糊查询")),
			mcp.WithString("permissionCode", mcp.Description("权限代码，精确查询")),
			mcp.WithNumber("category", mcp.Description("权限分类")),
			mcp.WithNumber("limit", mcp.Description("分页参数，每页数量")),
			mcp.WithNumber("offset", mcp.Description("分页参数，偏移量")),
		),
		Handler: func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
			params := hr.QueryPermissionRequest{
				PermissionName: request.GetString("permissionName", ""),
				PermissionCode: request.GetString("permissionCode", ""),
				Category:       request.GetInt("category", 0),
				Limit:          request.GetInt("limit", 20),
				Offset:         request.GetInt("offset", 0),
			}

			perms, proc := hr.QueryPermissions(params)
			if proc.IsError() {
				return mcp.NewToolResultText(""), proc.Error
			}

			repStr, err := json.Marshal(perms)
			if err != nil {
				return mcp.NewToolResultText(""), err
			}
			return mcp.NewToolResultText(string(repStr)), nil
		},
	},
	// 获取权限详情
	{
		Tool: mcp.NewTool(
			"getPermission",
			mcp.WithDescription("获取权限详情"),
			mcp.WithString("permissionGuid", mcp.Required(), mcp.Description("权限GUID")),
		),
		Handler: func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
			permGuid := request.GetString("permissionGuid", "")
			if permGuid == "" {
				return nil, fmt.Errorf("权限GUID不能为空")
			}

			perm, proc := hr.GetPermissionByID(permGuid)
			if proc.IsError() {
				return mcp.NewToolResultText(""), proc.Error
			}

			repStr, err := json.Marshal(perm)
			if err != nil {
				return mcp.NewToolResultText(""), err
			}
			return mcp.NewToolResultText(string(repStr)), nil
		},
	},
	// 删除权限
	{
		Tool: mcp.NewTool(
			"deletePermission",
			mcp.WithDescription("删除权限"),
			mcp.WithString("permissionGuid", mcp.Required(), mcp.Description("权限GUID")),
		),
		Handler: func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
			permGuid := request.GetString("permissionGuid", "")
			if permGuid == "" {
				return nil, fmt.Errorf("权限GUID不能为空")
			}

			proc := hr.DeletePermission(permGuid)
			if proc.IsError() {
				return mcp.NewToolResultText(""), proc.Error
			}

			return mcp.NewToolResultText("删除权限成功"), nil
		},
	},
	// 为岗位分配权限
	{
		Tool: mcp.NewTool(
			"assignPermissionToPosition",
			mcp.WithDescription("为岗位分配权限"),
			mcp.WithString("positionGuid", mcp.Required(), mcp.Description("岗位GUID")),
			mcp.WithString("permissionGuid", mcp.Required(), mcp.Description("权限GUID")),
			mcp.WithNumber("grantType", mcp.Description("授权类型：0-直接授权，1-继承授权")),
		),
		Handler: func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
			posGuid := request.GetString("positionGuid", "")
			if posGuid == "" {
				return nil, fmt.Errorf("岗位GUID不能为空")
			}

			permGuid := request.GetString("permissionGuid", "")
			if permGuid == "" {
				return nil, fmt.Errorf("权限GUID不能为空")
			}

			params := hr.PositionPermissionRequest{
				PositionGuid:   posGuid,
				PermissionGuid: permGuid,
				GrantType:      request.GetInt("grantType", 0),
			}

			relation, proc := hr.AssignPermissionToPosition(params)
			if proc.IsError() {
				return mcp.NewToolResultText(""), proc.Error
			}

			repStr, err := json.Marshal(relation)
			if err != nil {
				return mcp.NewToolResultText(""), err
			}
			return mcp.NewToolResultText(string(repStr)), nil
		},
	},
	// 从岗位中移除权限
	{
		Tool: mcp.NewTool(
			"removePermissionFromPosition",
			mcp.WithDescription("从岗位中移除权限"),
			mcp.WithString("relationGuid", mcp.Required(), mcp.Description("关系GUID")),
		),
		Handler: func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
			relGuid := request.GetString("relationGuid", "")
			if relGuid == "" {
				return nil, fmt.Errorf("关系GUID不能为空")
			}

			proc := hr.RemovePermissionFromPosition(relGuid)
			if proc.IsError() {
				return mcp.NewToolResultText(""), proc.Error
			}

			return mcp.NewToolResultText("移除权限成功"), nil
		},
	},
	// 查询岗位的权限列表
	{
		Tool: mcp.NewTool(
			"queryPositionPermissions",
			mcp.WithDescription("查询岗位的权限列表"),
			mcp.WithString("positionGuid", mcp.Required(), mcp.Description("岗位GUID")),
		),
		Handler: func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
			posGuid := request.GetString("positionGuid", "")
			if posGuid == "" {
				return nil, fmt.Errorf("岗位GUID不能为空")
			}

			perms, proc := hr.QueryPositionPermissions(posGuid)
			if proc.IsError() {
				return mcp.NewToolResultText(""), proc.Error
			}

			repStr, err := json.Marshal(perms)
			if err != nil {
				return mcp.NewToolResultText(""), err
			}
			return mcp.NewToolResultText(string(repStr)), nil
		},
	},
	// 检查岗位是否拥有特定权限
	{
		Tool: mcp.NewTool(
			"hasPermission",
			mcp.WithDescription("检查岗位是否拥有特定权限"),
			mcp.WithString("positionGuid", mcp.Required(), mcp.Description("岗位GUID")),
			mcp.WithNumber("permissionId", mcp.Required(), mcp.Description("权限ID")),
		),
		Handler: func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
			posGuid := request.GetString("positionGuid", "")
			if posGuid == "" {
				return nil, fmt.Errorf("岗位GUID不能为空")
			}

			permId := request.GetInt("permissionId", 0)
			if permId <= 0 {
				return nil, fmt.Errorf("权限ID必须大于0")
			}

			hasPermission, proc := hr.HasPermission(posGuid, permId)
			if proc.IsError() {
				return mcp.NewToolResultText(""), proc.Error
			}

			result := map[string]bool{
				"hasPermission": hasPermission,
			}

			repStr, err := json.Marshal(result)
			if err != nil {
				return mcp.NewToolResultText(""), err
			}
			return mcp.NewToolResultText(string(repStr)), nil
		},
	},
	// 检查员工是否拥有特定权限
	{
		Tool: mcp.NewTool(
			"checkStaffPermission",
			mcp.WithDescription("检查员工是否拥有特定权限"),
			mcp.WithString("staffGuid", mcp.Required(), mcp.Description("员工GUID")),
			mcp.WithNumber("permissionId", mcp.Required(), mcp.Description("权限ID")),
			mcp.WithString("organizationGuid", mcp.Description("相关组织GUID（可选）")),
		),
		Handler: func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
			staffGuid := request.GetString("staffGuid", "")
			if staffGuid == "" {
				return nil, fmt.Errorf("员工GUID不能为空")
			}

			permId := request.GetInt("permissionId", 0)
			if permId <= 0 {
				return nil, fmt.Errorf("权限ID必须大于0")
			}

			params := hr.CheckPermissionRequest{
				StaffGuid:        staffGuid,
				PermissionID:     permId,
				OrganizationGuid: request.GetString("organizationGuid", ""),
			}

			hasPermission, proc := hr.CheckStaffPermission(params)
			if proc.IsError() {
				return mcp.NewToolResultText(""), proc.Error
			}

			result := map[string]bool{
				"hasPermission": hasPermission,
			}

			repStr, err := json.Marshal(result)
			if err != nil {
				return mcp.NewToolResultText(""), err
			}
			return mcp.NewToolResultText(string(repStr)), nil
		},
	},
	// 获取员工的所有权限
	{
		Tool: mcp.NewTool(
			"getPermissionsByStaff",
			mcp.WithDescription("获取员工的所有权限"),
			mcp.WithString("staffGuid", mcp.Required(), mcp.Description("员工GUID")),
		),
		Handler: func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
			staffGuid := request.GetString("staffGuid", "")
			if staffGuid == "" {
				return nil, fmt.Errorf("员工GUID不能为空")
			}

			perms, proc := hr.GetPermissionsByStaff(staffGuid)
			if proc.IsError() {
				return mcp.NewToolResultText(""), proc.Error
			}

			repStr, err := json.Marshal(perms)
			if err != nil {
				return mcp.NewToolResultText(""), err
			}
			return mcp.NewToolResultText(string(repStr)), nil
		},
	},
	// 检查员工是否是系统管理员
	{
		Tool: mcp.NewTool(
			"isSystemAdmin",
			mcp.WithDescription("检查员工是否是系统管理员"),
			mcp.WithString("staffGuid", mcp.Required(), mcp.Description("员工GUID")),
		),
		Handler: func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
			staffGuid := request.GetString("staffGuid", "")
			if staffGuid == "" {
				return nil, fmt.Errorf("员工GUID不能为空")
			}

			isAdmin, proc := hr.IsSystemAdmin(staffGuid)
			if proc.IsError() {
				return mcp.NewToolResultText(""), proc.Error
			}

			result := map[string]bool{
				"isSystemAdmin": isAdmin,
			}

			repStr, err := json.Marshal(result)
			if err != nil {
				return mcp.NewToolResultText(""), err
			}
			return mcp.NewToolResultText(string(repStr)), nil
		},
	},
}