fix 优化数据权限接入方法

internal/app/system/logic/middleware/middleware.go

@@ -68,7 +68,7 @@ func (s *sMiddleware) Auth(r *ghttp.Request) {
 	//获取登陆用户id
 	adminId := service.Context().GetUserId(ctx)
 	url := gstr.TrimLeft(r.Request.URL.Path, "/")
-	/*if r.Method != "GET" && adminId != 1 && url!="api/v1/system/login" {
+	/*if r.Method != "GET" && adminId != 1 && url != "api/v1/system/login" {
 		libResponse.FailJson(true, r, "对不起！演示系统，不能删改数据！")
 	}*/
 	//获取无需验证权限的用户id
@@ -174,7 +174,7 @@ func (s *sMiddleware) checkAuth(ctx context.Context, adminId uint64, menuId uint
 		roleIdsMap.Iterator(func(k interface{}, v interface{}) bool {
 			b, err = enforcer.Enforce(gconv.String(v), gconv.String(menuId), "All")
 			liberr.ErrIsNil(ctx, err)
-			return b
+			return !b
 		})
 		if !b {
 			liberr.ErrIsNil(ctx, errors.New("没有权限"))

internal/app/system/logic/sysUser/sys_user.go

@@ -12,6 +12,7 @@ import (
 	"fmt"
 	"github.com/gogf/gf/v2/container/garray"
 	"github.com/gogf/gf/v2/encoding/gurl"
+	"github.com/gogf/gf/v2/net/ghttp"
 	"reflect"
 
 	"github.com/gogf/gf/v2/container/gset"
@@ -892,6 +893,7 @@ func (s *sSysUser) GetUsers(ctx context.Context, ids []int) (users []*model.SysU
 }
 
 // GetDataWhere 获取数据权限判断条件
+// Deprecated : 此方法已废弃，请使用更简单的GetAuthWhere方法
 func (s *sSysUser) GetDataWhere(ctx context.Context, userInfo *model.ContextUser, entityData interface{}, menuId uint) (where g.Map, err error) {
 	whereJustMe := g.Map{} //本人数据权限
 	t := reflect.TypeOf(entityData)
@@ -961,6 +963,107 @@ func (s *sSysUser) GetDataWhere(ctx context.Context, userInfo *model.ContextUser
 	return
 }
 
+func (s *sSysUser) GetAuthWhere(ctx context.Context, m *gdb.Model, userInfo *model.ContextUser, field ...string) *gdb.Model {
+	var (
+		//当前请求api接口对应的菜单
+		url    = gstr.TrimLeft(ghttp.RequestFromCtx(ctx).Request.URL.Path, "/")
+		menuId uint
+		err    error
+		nm     *gdb.Model
+	)
+	//获取菜单ID
+	menuId, err = service.SysAuthRule().GetIdByName(ctx, url)
+	if err != nil {
+		g.Log().Error(ctx, err)
+		return m
+	}
+	nm, err = s.GetAuthDataWhere(ctx, m, userInfo, menuId, field...)
+	if err != nil {
+		g.Log().Error(ctx, err)
+		return m
+	}
+	return nm
+}
+
+// GetAuthDataWhere 获取数据权限判断条件
+func (s *sSysUser) GetAuthDataWhere(ctx context.Context, m *gdb.Model, userInfo *model.ContextUser, menuId uint, field ...string) (nm *gdb.Model, err error) {
+	whereJustMe := g.Map{} //本人数据权限
+	createdUserField := "created_by"
+	//表别名
+	tableAlias := ""
+	if len(field) > 0 && field[0] != "" {
+		tableAlias = field[0]
+	}
+	if len(field) > 1 && field[1] != "" {
+		createdUserField = field[1]
+	}
+
+	if tableAlias != "" {
+		createdUserField = tableAlias + "." + createdUserField
+	}
+	err = g.Try(ctx, func(ctx context.Context) {
+		//若存在用户id的字段，则生成判断数据权限的条件
+		//1、获取当前用户所属角色Ids
+		var (
+			roleIds   []uint
+			scope     []*model.ScopeAuthData
+			deptIdArr = gset.New()
+			allScope  = false
+		)
+		roleIds, err = s.GetAdminRoleIds(ctx, userInfo.Id)
+		liberr.ErrIsNil(ctx, err)
+		scope, err = service.SysRole().GetRoleMenuScope(ctx, roleIds, menuId)
+		liberr.ErrIsNil(ctx, err)
+		if scope == nil {
+			//角色未设置数据权限，默认仅本人数据权限
+			whereJustMe = g.Map{createdUserField: userInfo.Id}
+		} else {
+			//2获取角色对应数据权限
+			for _, sv := range scope {
+				switch sv.DataScope {
+				case 1: //全部数据权限
+					allScope = true
+					goto endLoop
+				case 2: //自定数据权限
+					deptIdArr.Add(gconv.Interfaces(sv.DeptIds)...)
+				case 3: //本部门数据权限
+					deptIdArr.Add(gconv.Int64(userInfo.DeptId))
+				case 4: //本部门及以下数据权限
+					deptIdArr.Add(gconv.Int64(userInfo.DeptId))
+					//获取正常状态部门数据
+					deptList := ([]*entity.SysDept)(nil)
+					deptList, err = service.SysDept().GetList(ctx, &system.DeptSearchReq{Status: "1"})
+					liberr.ErrIsNil(ctx, err)
+					var dList g.List
+					for _, d := range deptList {
+						m := g.Map{
+							"id":    d.DeptId,
+							"pid":   d.ParentId,
+							"label": d.DeptName,
+						}
+						dList = append(dList, m)
+					}
+					l := libUtils.FindSonByParentId(dList, userInfo.DeptId, "pid", "id")
+					for _, li := range l {
+						deptIdArr.Add(gconv.Int64(li["id"]))
+					}
+				case 5: //仅本人数据权限
+					whereJustMe = g.Map{createdUserField: userInfo.Id}
+				}
+			}
+		}
+	endLoop:
+		if !allScope && deptIdArr.Size() > 0 {
+			nm = m.WhereIn(createdUserField, dao.SysUser.Ctx(ctx).Fields(dao.SysUser.Columns().Id).
+				WhereIn(dao.SysUser.Columns().DeptId, deptIdArr.Slice()))
+		} else if !allScope && len(whereJustMe) > 0 {
+			nm = m.Where(whereJustMe)
+		}
+
+	})
+	return
+}
+
 // HasAccessByDataWhere 判断用户是否有数据权限
 func (s *sSysUser) HasAccessByDataWhere(ctx context.Context, where g.Map, uid interface{}) bool {
 	err := g.Try(ctx, func(ctx context.Context) {

internal/app/system/service/sys_user.go

@@ -27,10 +27,10 @@ type (
 		GetUserByPhone(ctx context.Context, phone string) (user *model.LoginUserRes, err error)
 		GetUserById(ctx context.Context, id uint64) (user *model.LoginUserRes, err error)
 		LoginLog(ctx context.Context, params *model.LoginLogParams)
-		UpdateLoginInfo(ctx context.Context, id uint64, ip string,openId ...string) (err error)
+		UpdateLoginInfo(ctx context.Context, id uint64, ip string, openId ...string) (err error)
 		GetAdminRules(ctx context.Context, userId uint64) (menuList []*model.UserMenus, permissions []string, err error)
 		GetAdminRole(ctx context.Context, userId uint64, allRoleList []*entity.SysRole) (roles []*entity.SysRole, err error)
-		GetAdminRoleIds(ctx context.Context, userId uint64,includeChildren ...bool) (roleIds []uint, err error)
+		GetAdminRoleIds(ctx context.Context, userId uint64, includeChildren ...bool) (roleIds []uint, err error)
 		GetAllMenus(ctx context.Context) (menus []*model.UserMenus, err error)
 		GetAdminMenusIdsByRoleIds(ctx context.Context, roleIds []uint) (menuIds *garray.Array, err error)
 		GetAdminMenusByRoleIds(ctx context.Context, roleIds []uint) (menus []*model.UserMenus, err error)
@@ -52,11 +52,14 @@ type (
 		ChangeUserStatus(ctx context.Context, req *system.UserStatusReq) (err error)
 		Delete(ctx context.Context, ids []int) (err error)
 		GetUsers(ctx context.Context, ids []int) (users []*model.SysUserSimpleRes, err error)
-		GetDataWhere(ctx context.Context, userInfo *model.ContextUser, entityData interface{},menuId uint) (where g.Map, err error)
+		// Deprecated : 此方法已废弃，请使用更简单的GetAuthWhere方法
+		GetDataWhere(ctx context.Context, userInfo *model.ContextUser, entityData interface{}, menuId uint) (where g.Map, err error)
 		HasAccessByDataWhere(ctx context.Context, where g.Map, uid interface{}) bool
 		AccessRule(ctx context.Context, userId uint64, rule string) bool
 		GetUserSelector(ctx context.Context, req *system.UserSelectorReq) (total interface{}, userList []*model.SysUserSimpleRes, err error)
-		GetUsersByRoleId(ctx context.Context,roleId uint)(users []*model.SysUserRoleDeptRes,err error)
+		GetUsersByRoleId(ctx context.Context, roleId uint) (users []*model.SysUserRoleDeptRes, err error)
+		GetAuthWhere(ctx context.Context, m *gdb.Model, userInfo *model.ContextUser, field ...string)  *gdb.Model
+		GetAuthDataWhere(ctx context.Context, m *gdb.Model, userInfo *model.ContextUser, menuId uint, field ...string) (nm *gdb.Model, err error)
 	}
 )