Files
larksuite-cli/shortcuts/base/base_role_create.go
2026-06-02 17:30:10 +08:00

70 lines
2.2 KiB
Go

// Copyright (c) 2026 Lark Technologies Pte. Ltd.
// SPDX-License-Identifier: MIT
package base
import (
"context"
"encoding/json"
"fmt"
"net/http"
"strings"
larkcore "github.com/larksuite/oapi-sdk-go/v3/core"
"github.com/larksuite/cli/internal/validate"
"github.com/larksuite/cli/shortcuts/common"
)
var BaseRoleCreate = common.Shortcut{
Service: "base",
Command: "+role-create",
Description: "Create a custom role in a Base",
Risk: "write",
Scopes: []string{"base:role:create"},
AuthTypes: []string{"user", "bot"},
Flags: []common.Flag{
{Name: "base-token", Desc: "base token", Required: true},
{Name: "json", Desc: "role config JSON; read lark-base-role-guide.md and role-config.md before constructing permissions", Required: true},
},
Tips: []string{
"Requires advanced permissions to be enabled and the caller to be a Base admin.",
"Use lark-base-role-guide.md as the entry guide and role-config.md as the role permission JSON SSOT.",
"Create supports custom_role only.",
},
Validate: func(ctx context.Context, runtime *common.RuntimeContext) error {
if strings.TrimSpace(runtime.Str("base-token")) == "" {
return common.FlagErrorf("--base-token must not be blank")
}
var body map[string]any
if err := json.Unmarshal([]byte(runtime.Str("json")), &body); err != nil {
return common.FlagErrorf("--json must be valid JSON: %v", err)
}
return nil
},
DryRun: func(ctx context.Context, runtime *common.RuntimeContext) *common.DryRunAPI {
var body map[string]any
json.Unmarshal([]byte(runtime.Str("json")), &body)
return common.NewDryRunAPI().
POST("/open-apis/base/v3/bases/:base_token/roles").
Body(body).
Set("base_token", runtime.Str("base-token"))
},
Execute: func(ctx context.Context, runtime *common.RuntimeContext) error {
baseToken := runtime.Str("base-token")
var body map[string]any
json.Unmarshal([]byte(runtime.Str("json")), &body)
apiResp, err := runtime.DoAPI(&larkcore.ApiReq{
HttpMethod: http.MethodPost,
ApiPath: fmt.Sprintf("/open-apis/base/v3/bases/%s/roles", validate.EncodePathSegment(baseToken)),
Body: body,
})
if err != nil {
return err
}
return handleRoleResponse(runtime, apiResp.RawBody, "create role failed")
},
}