From 5b1317d51534e4718eb20dfe4849e97b74f89746 Mon Sep 17 00:00:00 2001
From: yumoqing <yumoqing@icloud.com>
Date: Fri, 20 Mar 2026 21:11:41 +0800
Subject: [PATCH] buggfix

---
 rbac/check_perm.py | 17 -----------------
 rbac/init.py       |  5 +++--
 rbac/userperm.py   | 11 +++++++++++
 3 files changed, 14 insertions(+), 19 deletions(-)

diff --git a/rbac/check_perm.py b/rbac/check_perm.py
index 074f404..49db0f8 100644
--- a/rbac/check_perm.py
+++ b/rbac/check_perm.py
@@ -28,23 +28,6 @@ async def sor_get_org_users(sor, orgid):
 		return recs
 	return []
 
-async def get_user_roles(userid):
-	sql = "select b.orgtypeid, concat(b.orgtypeid, '.', b.name) as name from userrole a, role b where a.userid=${userid}$ and a.roleid = b.id"
-	db = DBPools()
-	roles = []
-	dbname = get_dbname()
-	async with db.sqlorContext(dbname) as sor:
-		recs = await sor.sqlExe(sql, {'userid':userid})
-		if len(recs) < 1:
-			return roles
-		orgtypes = []
-		for r in recs:
-			if r.orgtypeid not in orgtypes:
-				orgtypes.append(r.orgtypeid)
-				roles.append(r.orgtypeid + '.*')
-			roles.append(r.name)
-	return roles
-
 async def create_org(sor, ns, orgtypes=[]):
 	await sor.C('organization', ns)
 	if orgtypes == []:
diff --git a/rbac/init.py b/rbac/init.py
index ad164cd..174f4e0 100644
--- a/rbac/init.py
+++ b/rbac/init.py
@@ -3,11 +3,11 @@ from ahserver.serverenv import ServerEnv
 from .orgs import (
 	get_platform_providers
 )
+from .userperm import UserPermissions
 from rbac.check_perm import (
 	objcheckperm, 
 	get_org_users,
 	sor_get_org_users,
-	get_user_roles, 
 	checkUserPassword, 
 	register_user, 
 	register_auth_method, 
@@ -26,10 +26,11 @@ async def sor_get_owner_orgid(sor, orgid):
 def load_rbac():
 	AuthAPI.checkUserPermission = objcheckperm
 	env = ServerEnv()
+	env.userpermissions = UserPermissions()
 	env.create_org = create_org
 	env.get_platform_providers = get_platform_providers
 	env.create_user = create_user
-	env.get_user_roles = get_user_roles
+	env.get_user_roles = userpermsissions.get_user_roles
 	env.check_user_password = checkUserPassword
 	env.register_user = register_user
 	env.set_role_perm = set_role_perm
diff --git a/rbac/userperm.py b/rbac/userperm.py
index 2f78f35..8e55ec4 100644
--- a/rbac/userperm.py
+++ b/rbac/userperm.py
@@ -12,6 +12,17 @@ class UserPermisions:
 		self.rp_caches = None
 		self.ur_caches = {}
 	
+	async def get_user_roles(self, userid):
+		if userid is None:
+			return ['anonymous', 'any']
+		roles = self.ur_caches.get(userid)
+		if roles:
+			return roles
+		async with get_sor_context(ServerEnv(), 'rbac') as sor:
+			await self.get_userroles(sor, userid)
+			return self.ur_caches.get(userid)
+		return None
+
 	async def load_roleperms(self, sor):
 		self.rp_caches = {}
 		sql_all =  """select c.orgtypeid, c.name, b.path