npm - @ai-partner-x/aiko-boot-cli - Versions diffs - 0.1.4 → 0.1.5 - Mend

@ai-partner-x/aiko-boot-cli 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (441) hide show

package/templates/api-system/examples/security/complete/entity/user.entity.ts ADDED Viewed

@@ -0,0 +1,46 @@
+import { Entity, TableId, TableField, Column } from '@ai-partner-x/aiko-boot-starter-orm';
+@Entity({ tableName: 'users' })
+export class User {
+  @TableId()
+  id!: number;
+  @TableField()
+  @Column()
+  username!: string;
+  @TableField()
+  @Column()
+  email!: string;
+  @TableField()
+  @Column()
+  password!: string;
+  @TableField()
+  @Column()
+  enabled!: boolean;
+  @TableField()
+  @Column()
+  provider!: string;
+  @TableField()
+  @Column()
+  providerId!: string;
+  @TableField()
+  @Column()
+  avatar!: string;
+  @TableField()
+  @Column()
+  createdAt!: Date;
+  @TableField()
+  @Column()
+  updatedAt!: Date;
+  roles?: Role[];
+  permissions?: Permission[];
+}

package/templates/api-system/examples/security/complete/init.sql ADDED Viewed

@@ -0,0 +1,81 @@
+-- 创建用户表
+CREATE TABLE IF NOT EXISTS users (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  username TEXT NOT NULL UNIQUE,
+  email TEXT NOT NULL UNIQUE,
+  password TEXT NOT NULL,
+  enabled INTEGER DEFAULT 1,
+  provider TEXT DEFAULT 'local',
+  providerId TEXT DEFAULT '',
+  avatar TEXT DEFAULT '',
+  createdAt DATETIME DEFAULT CURRENT_TIMESTAMP,
+  updatedAt DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+-- 创建角色表
+CREATE TABLE IF NOT EXISTS roles (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  name TEXT NOT NULL UNIQUE,
+  description TEXT,
+  createdAt DATETIME DEFAULT CURRENT_TIMESTAMP,
+  updatedAt DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+-- 创建权限表
+CREATE TABLE IF NOT EXISTS permissions (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  name TEXT NOT NULL UNIQUE,
+  description TEXT,
+  resource TEXT NOT NULL,
+  action TEXT NOT NULL,
+  createdAt DATETIME DEFAULT CURRENT_TIMESTAMP,
+  updatedAt DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+-- 创建用户角色关联表
+CREATE TABLE IF NOT EXISTS user_roles (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  userId INTEGER NOT NULL,
+  roleId INTEGER NOT NULL,
+  createdAt DATETIME DEFAULT CURRENT_TIMESTAMP,
+  FOREIGN KEY (userId) REFERENCES users(id) ON DELETE CASCADE,
+  FOREIGN KEY (roleId) REFERENCES roles(id) ON DELETE CASCADE,
+  UNIQUE(userId, roleId)
+);
+-- 创建角色权限关联表
+CREATE TABLE IF NOT EXISTS role_permissions (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  roleId INTEGER NOT NULL,
+  permissionId INTEGER NOT NULL,
+  createdAt DATETIME DEFAULT CURRENT_TIMESTAMP,
+  FOREIGN KEY (roleId) REFERENCES roles(id) ON DELETE CASCADE,
+  FOREIGN KEY (permissionId) REFERENCES permissions(id) ON DELETE CASCADE,
+  UNIQUE(roleId, permissionId)
+);
+-- 创建 OAuth 账户表
+CREATE TABLE IF NOT EXISTS oauth_accounts (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  userId INTEGER NOT NULL,
+  provider TEXT NOT NULL,
+  providerId TEXT NOT NULL,
+  accessToken TEXT NOT NULL,
+  refreshToken TEXT DEFAULT '',
+  expiresAt DATETIME,
+  createdAt DATETIME DEFAULT CURRENT_TIMESTAMP,
+  updatedAt DATETIME DEFAULT CURRENT_TIMESTAMP,
+  FOREIGN KEY (userId) REFERENCES users(id) ON DELETE CASCADE,
+  UNIQUE(provider, providerId)
+);
+-- 创建索引
+CREATE INDEX IF NOT EXISTS idx_users_username ON users(username);
+CREATE INDEX IF NOT EXISTS idx_users_email ON users(email);
+CREATE INDEX IF NOT EXISTS idx_users_provider ON users(provider, providerId);
+CREATE INDEX IF NOT EXISTS idx_user_roles_userId ON user_roles(userId);
+CREATE INDEX IF NOT EXISTS idx_user_roles_roleId ON user_roles(roleId);
+CREATE INDEX IF NOT EXISTS idx_role_permissions_roleId ON role_permissions(roleId);
+CREATE INDEX IF NOT EXISTS idx_role_permissions_permissionId ON role_permissions(permissionId);
+CREATE INDEX IF NOT EXISTS idx_oauth_accounts_userId ON oauth_accounts(userId);
+CREATE INDEX IF NOT EXISTS idx_oauth_accounts_provider ON oauth_accounts(provider, providerId);

package/templates/api-system/examples/security/complete/middleware/auth.interceptor.ts ADDED Viewed

@@ -0,0 +1,39 @@
+import { Injectable, Singleton, Autowired } from '@ai-partner-x/aiko-boot';
+import { SecurityContext } from '@ai-partner-x/aiko-boot-starter-security';
+import { JwtStrategy } from '@ai-partner-x/aiko-boot-starter-security';
+import { SessionStrategy } from '@ai-partner-x/aiko-boot-starter-security';
+import type { Request, Response, NextFunction } from 'express';
+@Injectable()
+@Singleton()
+export class AuthInterceptor {
+  @Autowired()
+  private jwtStrategy!: JwtStrategy;
+  @Autowired()
+  private sessionStrategy!: SessionStrategy;
+  async intercept(req: Request, res: Response, next: NextFunction): Promise<void> {
+    const securityContext = SecurityContext.getInstance();
+    try {
+      let user = null;
+      if (req.headers.authorization && req.headers.authorization.startsWith('Bearer ')) {
+        const token = req.headers.authorization.substring(7);
+        user = await this.jwtStrategy.validate(token);
+      } else if (req.session && req.session.userId) {
+        user = await this.sessionStrategy.authenticate(req);
+      }
+      if (user) {
+        securityContext.setCurrentUser(user);
+      }
+      next();
+    } catch (error) {
+      console.error('Auth error:', error);
+      res.status(401).json({ error: '未授权' });
+    }
+  }
+}

package/templates/api-system/examples/security/complete/middleware/index.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { AuthInterceptor } from './auth.interceptor.js';
2	+ export { PermissionInterceptor } from './permission.interceptor.js';

package/templates/api-system/examples/security/complete/middleware/permission.interceptor.ts ADDED Viewed

@@ -0,0 +1,61 @@
+import { Injectable, Singleton, Autowired } from '@ai-partner-x/aiko-boot';
+import { SecurityContext } from '@ai-partner-x/aiko-boot-starter-security';
+import { PermissionService } from '../service/permission.service.js';
+import { PermissionExpressionParser } from '@ai-partner-x/aiko-boot-starter-security';
+import type { Request, Response, NextFunction } from 'express';
+@Injectable()
+@Singleton()
+export class PermissionInterceptor {
+  @Autowired()
+  private permissionService!: PermissionService;
+  private parser = new PermissionExpressionParser();
+  async intercept(req: Request, res: Response, next: NextFunction): Promise<void> {
+    const securityContext = SecurityContext.getInstance();
+    const currentUser = securityContext.getCurrentUser();
+    if (!currentUser) {
+      return res.status(401).json({ error: '未授权' });
+    }
+    const permissionExpression = this.getPermissionExpression(req);
+    if (permissionExpression) {
+      const hasPermission = await this.parser.evaluate(
+        permissionExpression,
+        currentUser,
+        this.permissionService
+      );
+      if (!hasPermission) {
+        return res.status(403).json({ error: '禁止访问' });
+      }
+    }
+    next();
+  }
+  private getPermissionExpression(req: Request): string | null {
+    const route = req.route;
+    if (!route) {
+      return null;
+    }
+    const metadata = Reflect.getMetadata('aiko-boot:preAuthorize', route);
+    if (metadata) {
+      return metadata as string;
+    }
+    const rolesMetadata = Reflect.getMetadata('aiko-boot:roles', route);
+    if (rolesMetadata && Array.isArray(rolesMetadata)) {
+      const roles = rolesMetadata as string[];
+      if (roles.length > 0) {
+        return `hasAnyRole('${roles.join("','")}')`;
+      }
+    }
+    return null;
+  }
+}

package/templates/api-system/examples/security/complete/package.json ADDED Viewed

@@ -0,0 +1,54 @@
+{
+    "name": "security-complete-example",
+    "version": "1.0.0",
+    "description": "Aiko Boot Starter Security 完整配置和集成示例",
+    "main": "app.ts",
+    "scripts": {
+        "start": "node --loader ts-node/esm app.ts",
+        "dev": "nodemon --exec node --loader ts-node/esm app.ts",
+        "build": "tsc",
+        "test": "pnpm jest",
+        "test:unit": "pnpm jest --config=tests/jest.config.js --testPathPattern=unit",
+        "test:integration": "pnpm jest --config=tests/jest.config.js --testPathPattern=integration",
+        "test:coverage": "pnpm jest --config=tests/jest.config.js --coverage",
+        "test:all": "node tests/run-all-tests.js",
+        "test:report": "node tests/generate-report.js",
+        "lint": "eslint . --ext .ts",
+        "format": "prettier --write \"**/*.ts\""
+    },
+    "dependencies": {
+        "@ai-partner-x/aiko-boot": "workspace:*",
+        "@ai-partner-x/aiko-boot-starter-security": "workspace:*",
+        "@ai-partner-x/aiko-boot-starter-orm": "workspace:*",
+        "@ai-partner-x/aiko-boot-starter-validation": "workspace:*",
+        "@ai-partner-x/aiko-boot-starter-web": "workspace:*",
+        "bcrypt": "^5.1.0",
+        "axios": "^1.6.0",
+        "express": "^4.18.2",
+        "express-session": "^1.17.3",
+        "better-sqlite3": "^9.2.0"
+    },
+    "devDependencies": {
+        "@types/bcrypt": "^5.0.0",
+        "@types/express": "^4.17.21",
+        "@types/express-session": "^1.17.10",
+        "@types/better-sqlite3": "^7.6.8",
+        "@types/node": "^20.10.0",
+        "@types/supertest": "^6.0.2",
+        "typescript": "^5.3.0",
+        "ts-node": "^10.9.2",
+        "nodemon": "^3.0.2",
+        "jest": "^29.7.0",
+        "@types/jest": "^29.5.11",
+        "ts-jest": "^29.1.1",
+        "supertest": "^6.3.3",
+        "eslint": "^8.55.0",
+        "@typescript-eslint/eslint-plugin": "^6.15.0",
+        "@typescript-eslint/parser": "^6.15.0",
+        "prettier": "^3.1.1"
+    },
+    "type": "module",
+    "engines": {
+        "node": ">=18.0.0"
+    }
+}

package/templates/api-system/examples/security/complete/seed.sql ADDED Viewed

@@ -0,0 +1,42 @@
+-- 插入基础权限
+INSERT INTO permissions (name, description, resource, action) VALUES
+('user:create', '创建用户', 'user', 'create'),
+('user:update', '更新用户', 'user', 'update'),
+('user:delete', '删除用户', 'user', 'delete'),
+('user:view', '查看用户', 'user', 'view'),
+('role:create', '创建角色', 'role', 'create'),
+('role:update', '更新角色', 'role', 'update'),
+('role:delete', '删除角色', 'role', 'delete'),
+('role:view', '查看角色', 'role', 'view'),
+('permission:create', '创建权限', 'permission', 'create'),
+('permission:update', '更新权限', 'permission', 'update'),
+('permission:delete', '删除权限', 'permission', 'delete'),
+('permission:view', '查看权限', 'permission', 'view');
+-- 插入基础角色
+INSERT INTO roles (name, description) VALUES
+('ADMIN', '管理员角色，拥有所有权限'),
+('USER', '普通用户角色'),
+('GUEST', '访客角色');
+-- 为管理员角色分配所有权限
+INSERT INTO role_permissions (roleId, permissionId)
+SELECT 1, id FROM permissions;
+-- 为普通用户角色分配部分权限
+INSERT INTO role_permissions (roleId, permissionId)
+SELECT 2, id FROM permissions WHERE name IN ('user:view', 'role:view', 'permission:view');
+-- 创建管理员用户 (密码: Admin123!)
+INSERT INTO users (username, email, password, enabled, provider, providerId, avatar)
+VALUES ('admin', 'admin@example.com', '$2b$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy', 1, 'local', '', '');
+-- 为管理员分配角色
+INSERT INTO user_roles (userId, roleId) VALUES (1, 1);
+-- 创建测试用户 (密码: User123!)
+INSERT INTO users (username, email, password, enabled, provider, providerId, avatar)
+VALUES ('user', 'user@example.com', '$2b$10$X7WfWfWfWfWfWfWfWfWfWeIjZAgcfl7p92ldGxad68LJZdL17lhWy', 1, 'local', '', '');
+-- 为测试用户分配角色
+INSERT INTO user_roles (userId, roleId) VALUES (2, 2);

package/templates/api-system/examples/security/complete/service/auth.service.ts ADDED Viewed

@@ -0,0 +1,41 @@
+import { Service, Autowired } from '@ai-partner-x/aiko-boot';
+import { AuthService as SecurityAuthService } from '@ai-partner-x/aiko-boot-starter-security';
+import { UserService } from './user.service.js';
+import { OAuthService } from './oauth.service.js';
+import type { RegisterDto } from '../dto/register.dto.js';
+@Service()
+export class AuthService {
+    @Autowired()
+    private securityAuthService!: SecurityAuthService;
+    @Autowired()
+    private userService!: UserService;
+    @Autowired()
+    private oauthService!: OAuthService;
+    async login(username: string, password: string) {
+        return this.securityAuthService.login({ username, password });
+    }
+    async register(userData: RegisterDto) {
+        return this.securityAuthService.register(userData);
+    }
+    async refreshToken(refreshToken: string) {
+        return this.securityAuthService.refreshToken(refreshToken);
+    }
+    async logout(token: string) {
+        return this.securityAuthService.logout(token);
+    }
+    async changePassword(userId: number, oldPassword: string, newPassword: string) {
+        return this.securityAuthService.changePassword(userId, oldPassword, newPassword);
+    }
+    async handleOAuthCallback(profile: any, tokens: any): Promise<any> {
+        return this.oauthService.handleOAuthCallback(profile, tokens);
+    }
+}

package/templates/api-system/examples/security/complete/service/index.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export { AuthService } from './auth.service.js';
+export { UserService } from './user.service.js';
+export { RoleService } from './role.service.js';
+export { PermissionService } from './permission.service.js';
+export { OAuthService } from './oauth.service.js';

package/templates/api-system/examples/security/complete/service/oauth.service.ts ADDED Viewed

@@ -0,0 +1,82 @@
+import { Service, Autowired } from '@ai-partner-x/aiko-boot';
+import { Mapper, BaseMapper } from '@ai-partner-x/aiko-boot-starter-orm';
+import { User } from '../entity/user.entity.js';
+import { OAuthAccount } from '../entity/oauth-account.entity.js';
+import type { OAuthProfileDto } from '../dto/oauth-profile.dto.js';
+@Service()
+export class OAuthService {
+  @Autowired()
+  private userMapper!: BaseMapper<User>;
+  @Autowired()
+  private oauthAccountMapper!: BaseMapper<OAuthAccount>;
+  async findOrCreateUser(profile: OAuthProfileDto): Promise<User> {
+    let user = await this.findByProvider(profile.provider, profile.providerId);
+    if (!user) {
+      user = await this.createUser(profile);
+    }
+    return user;
+  }
+  async findByProvider(provider: string, providerId: string): Promise<User | null> {
+    const accounts = await this.oauthAccountMapper.selectList({
+      where: { provider, providerId }
+    });
+    if (accounts.length === 0) {
+      return null;
+    }
+    const account = accounts[0];
+    return this.userMapper.selectById(account.userId);
+  }
+  async createUser(profile: OAuthProfileDto): Promise<User> {
+    const user = {
+      username: profile.username,
+      email: profile.email,
+      provider: profile.provider,
+      providerId: profile.providerId,
+      avatar: profile.avatar || '',
+      enabled: true,
+      createdAt: new Date(),
+      updatedAt: new Date(),
+    };
+    const userId = await this.userMapper.insert(user);
+    return this.userMapper.selectById(userId) as Promise<User>;
+  }
+  async saveOAuthAccount(userId: number, profile: OAuthProfileDto, tokens: any): Promise<void> {
+    const account = {
+      userId,
+      provider: profile.provider,
+      providerId: profile.providerId,
+      accessToken: tokens.access_token,
+      refreshToken: tokens.refresh_token || '',
+      expiresAt: tokens.expires_at ? new Date(tokens.expires_at * 1000) : new Date(Date.now() + 3600000),
+      createdAt: new Date(),
+    };
+    await this.oauthAccountMapper.insert(account);
+  }
+  async updateOAuthTokens(userId: number, provider: string, tokens: any): Promise<void> {
+    const accounts = await this.oauthAccountMapper.selectList({
+      where: { userId, provider }
+    });
+    if (accounts.length > 0) {
+      const account = accounts[0];
+      await this.oauthAccountMapper.updateById(account.id, {
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token || account.refreshToken,
+        expiresAt: tokens.expires_at ? new Date(tokens.expires_at * 1000) : account.expiresAt,
+      });
+    }
+  }
+}

package/templates/api-system/examples/security/complete/service/permission.service.ts ADDED Viewed

@@ -0,0 +1,113 @@
+import { Service, Autowired } from '@ai-partner-x/aiko-boot';
+import { Mapper, BaseMapper } from '@ai-partner-x/aiko-boot-starter-orm';
+import { Permission } from '../entity/permission.entity.js';
+import { Role } from '../entity/role.entity.js';
+import { User } from '../entity/user.entity.js';
+import { RolePermission } from '../entity/role-permission.entity.js';
+import { UserRole } from '../entity/user-role.entity.js';
+@Service()
+export class PermissionService {
+  @Autowired()
+  private permissionMapper!: BaseMapper<Permission>;
+  @Autowired()
+  private roleMapper!: BaseMapper<Role>;
+  @Autowired()
+  private userMapper!: BaseMapper<User>;
+  @Autowired()
+  private rolePermissionMapper!: BaseMapper<RolePermission>;
+  @Autowired()
+  private userRoleMapper!: BaseMapper<UserRole>;
+  async getUserPermissions(userId: number): Promise<Permission[]> {
+    const user = await this.userMapper.selectById(userId);
+    if (!user) {
+      return [];
+    }
+    const userRoles = await this.userRoleMapper.selectList({
+      where: { userId }
+    });
+    const permissions: Permission[] = [];
+    for (const userRole of userRoles) {
+      const rolePermissions = await this.rolePermissionMapper.selectList({
+        where: { roleId: userRole.roleId }
+      });
+      for (const rp of rolePermissions) {
+        const permission = await this.permissionMapper.selectById(rp.permissionId);
+        if (permission && !permissions.find(p => p.id === permission.id)) {
+          permissions.push(permission);
+        }
+      }
+    }
+    return permissions;
+  }
+  async getRolePermissions(roleId: number): Promise<Permission[]> {
+    const rolePermissions = await this.rolePermissionMapper.selectList({
+      where: { roleId }
+    });
+    const permissions: Permission[] = [];
+    for (const rp of rolePermissions) {
+      const permission = await this.permissionMapper.selectById(rp.permissionId);
+      if (permission) {
+        permissions.push(permission);
+      }
+    }
+    return permissions;
+  }
+  async hasPermission(userId: number, permissionName: string): Promise<boolean> {
+    const permissions = await this.getUserPermissions(userId);
+    return permissions.some(p => p.name === permissionName);
+  }
+  async hasAnyPermission(userId: number, permissionNames: string[]): Promise<boolean> {
+    const permissions = await this.getUserPermissions(userId);
+    return permissionNames.some(name => permissions.some(p => p.name === name));
+  }
+  async hasAllPermissions(userId: number, permissionNames: string[]): Promise<boolean> {
+    const permissions = await this.getUserPermissions(userId);
+    return permissionNames.every(name => permissions.some(p => p.name === name));
+  }
+  async findById(id: number): Promise<Permission | null> {
+    return this.permissionMapper.selectById(id);
+  }
+  async findAll(): Promise<Permission[]> {
+    return this.permissionMapper.selectList({});
+  }
+  async create(permissionData: Partial<Permission>): Promise<Permission> {
+    const permission = {
+      ...permissionData,
+      createdAt: new Date(),
+      updatedAt: new Date(),
+    };
+    const id = await this.permissionMapper.insert(permission);
+    return this.permissionMapper.selectById(id) as Promise<Permission>;
+  }
+  async update(id: number, permissionData: Partial<Permission>): Promise<Permission> {
+    await this.permissionMapper.updateById(id, {
+      ...permissionData,
+      updatedAt: new Date(),
+    });
+    return this.permissionMapper.selectById(id) as Promise<Permission>;
+  }
+  async delete(id: number): Promise<boolean> {
+    return this.permissionMapper.deleteById(id) > 0;
+  }
+}

package/templates/api-system/examples/security/complete/service/role.service.ts ADDED Viewed

@@ -0,0 +1,85 @@
+import { Service, Autowired } from '@ai-partner-x/aiko-boot';
+import { Mapper, BaseMapper } from '@ai-partner-x/aiko-boot-starter-orm';
+import { Role } from '../entity/role.entity.js';
+import { Permission } from '../entity/permission.entity.js';
+import { RolePermission } from '../entity/role-permission.entity.js';
+import { PermissionService } from './permission.service.js';
+@Service()
+export class RoleService {
+  @Autowired()
+  private roleMapper!: BaseMapper<Role>;
+  @Autowired()
+  private rolePermissionMapper!: BaseMapper<RolePermission>;
+  @Autowired()
+  private permissionService!: PermissionService;
+  async findById(id: number): Promise<Role | null> {
+    const role = await this.roleMapper.selectById(id);
+    if (!role) {
+      return null;
+    }
+    role.permissions = await this.permissionService.getRolePermissions(id);
+    return role;
+  }
+  async findAll(): Promise<Role[]> {
+    const roles = await this.roleMapper.selectList({});
+    for (const role of roles) {
+      role.permissions = await this.permissionService.getRolePermissions(role.id);
+    }
+    return roles;
+  }
+  async create(roleData: Partial<Role>): Promise<Role> {
+    const role = {
+      ...roleData,
+      createdAt: new Date(),
+      updatedAt: new Date(),
+    };
+    const id = await this.roleMapper.insert(role);
+    return this.roleMapper.selectById(id) as Promise<Role>;
+  }
+  async update(id: number, roleData: Partial<Role>): Promise<Role> {
+    await this.roleMapper.updateById(id, {
+      ...roleData,
+      updatedAt: new Date(),
+    });
+    return this.roleMapper.selectById(id) as Promise<Role>;
+  }
+  async delete(id: number): Promise<boolean> {
+    await this.rolePermissionMapper.selectList({
+      where: { roleId: id }
+    }).then(rolePermissions => {
+      for (const rp of rolePermissions) {
+        this.rolePermissionMapper.deleteById(rp.id);
+      }
+    });
+    return this.roleMapper.deleteById(id) > 0;
+  }
+  async assignPermissionToRole(roleId: number, permissionId: number): Promise<void> {
+    const rolePermission = {
+      roleId,
+      permissionId,
+      createdAt: new Date(),
+    };
+    await this.rolePermissionMapper.insert(rolePermission);
+  }
+  async removePermissionFromRole(roleId: number, permissionId: number): Promise<void> {
+    const rolePermissions = await this.rolePermissionMapper.selectList({
+      where: { roleId, permissionId }
+    });
+    for (const rp of rolePermissions) {
+      await this.rolePermissionMapper.deleteById(rp.id);
+    }
+  }
+}