{ "openapi": "3.0.3", "info": { "title": "OpenAPI 接口 - 资源权限校验", "version": "1.0.0", "description": "OpenAPI 接口相关接口文档" }, "paths": { "/openapi/permissions/resource-check": { "post": { "summary": "资源权限校验", "description": "基于登录令牌校验指定系统下用户是否拥有访问某接口所需的资源与权限。支持通过 X-Site header 切换站点。", "parameters": [ { "name": "Authorization", "in": "header", "required": true, "schema": { "type": "string" }, "description": "登录接口返回的访问令牌,格式为 Bearer TOKEN", "example": "Bearer {token}" }, { "name": "X-Site", "in": "header", "required": false, "schema": { "type": "string" }, "description": "站点标识。用于切换站点和对应的数据库上下文。如果用户有多个可用站点,可通过此 header 切换。" } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "type": "object", "properties": { "systemCode": { "type": "string", "description": "string|必填,目标系统编码" }, "apiName": { "type": "string", "description": "string|必填,接口标识(可使用资源 code、name、title 或 URL)" }, "requiredPermissions": { "type": "string", "description": "string[]|选填,需要同时具备的权限编码数组" } }, "required": [ "systemCode", "apiName" ] } } } }, "responses": { "200": { "description": "成功响应", "content": { "application/json": { "example": { "success": { "code": "0000", "message": "资源权限校验成功", "data": { "accessGranted": true, "user": { "id": "BAKj1wKp7etrmSAT", "phone": "13800138000", "type": "user" }, "system": { "code": "AUTH", "name": "权限管理系统" }, "resource": { "code": "API_CUSTOMER_DELETE", "url": "/api/customers/:id", "type": "api" }, "checkedPermissions": [ "CUSTOMER_DELETE" ] } }, "failure": { "code": "1502", "message": "缺少必要权限: CUSTOMER_DELETE", "data": null } } } } } } } } } }