From b0393ee76a11efcba25d1f9dae4f92c477e6b9c1 Mon Sep 17 00:00:00 2001 From: yxh Date: Thu, 4 May 2023 12:01:08 +0800 Subject: [PATCH] =?UTF-8?q?fix=20=E4=BF=AE=E5=A4=8D=E8=A7=92=E8=89=B2?= =?UTF-8?q?=E6=93=8D=E4=BD=9C=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- api/v1/system/sys_role.go | 1 + internal/app/system/logic/sysRole/sys_role.go | 16 +++++++++++++++- internal/app/system/logic/sysUser/sys_user.go | 13 +++++++++---- 3 files changed, 25 insertions(+), 5 deletions(-) diff --git a/api/v1/system/sys_role.go b/api/v1/system/sys_role.go index 3788f05..455e720 100644 --- a/api/v1/system/sys_role.go +++ b/api/v1/system/sys_role.go @@ -45,6 +45,7 @@ type RoleAddReq struct { ListOrder uint `p:"listOrder" ` Remark string `p:"remark" ` MenuIds []uint `p:"menuIds"` + CreatedBy uint64 } type RoleAddRes struct { diff --git a/internal/app/system/logic/sysRole/sys_role.go b/internal/app/system/logic/sysRole/sys_role.go index eaeaae7..bb8f885 100644 --- a/internal/app/system/logic/sysRole/sys_role.go +++ b/internal/app/system/logic/sysRole/sys_role.go @@ -127,6 +127,7 @@ func (s *sSysRole) DelRoleRule(ctx context.Context, roleId int64) (err error) { func (s *sSysRole) AddRole(ctx context.Context, req *system.RoleAddReq) (err error) { err = g.DB().Transaction(ctx, func(ctx context.Context, tx gdb.TX) error { err = g.Try(ctx, func(ctx context.Context) { + req.CreatedBy = service.Context().GetUserId(ctx) roleId, e := dao.SysRole.Ctx(ctx).TX(tx).InsertAndGetId(req) liberr.ErrIsNil(ctx, e, "添加角色失败") //过滤ruleIds 把没有权限的过滤掉 @@ -170,12 +171,25 @@ func (s *sSysRole) GetFilteredNamedPolicy(ctx context.Context, id uint) (gpSlice } func (s *sSysRole) hasManageAccess(ctx context.Context, roleId uint) bool { - if !service.SysUser().IsSupperAdmin(ctx, service.Context().GetUserId(ctx)) { + currentUserId:=service.Context().GetUserId(ctx) + if !service.SysUser().IsSupperAdmin(ctx, currentUserId) { var ( roleIds []uint hasAccess bool err error + list []*entity.SysRole ) + list,err = s.GetRoleList(ctx) + if err != nil { + g.Log().Error(ctx, err) + return false + } + for _,v:=range list{ + //判断是否当前用户所建角色 + if roleId==v.Id && v.CreatedBy==currentUserId{ + return true + } + } roleIds, err = service.SysUser().GetAdminRoleIds(ctx, service.Context().GetUserId(ctx)) if err != nil { g.Log().Error(ctx, err) diff --git a/internal/app/system/logic/sysUser/sys_user.go b/internal/app/system/logic/sysUser/sys_user.go index 8a53aac..f283522 100644 --- a/internal/app/system/logic/sysUser/sys_user.go +++ b/internal/app/system/logic/sysUser/sys_user.go @@ -522,8 +522,11 @@ func (s *sSysUser) Add(ctx context.Context, req *system.UserAddReq) (err error) IsAdmin: req.IsAdmin, }) liberr.ErrIsNil(ctx, e, "添加用户失败") - req.RoleIds, err = s.filterRoleIds(ctx, req.RoleIds, service.Context().GetUserId(ctx)) - liberr.ErrIsNil(ctx, err) + //不是超管过滤提交角色数据 + if !service.SysUser().IsSupperAdmin(ctx,service.Context().GetUserId(ctx)){ + req.RoleIds, err = s.filterRoleIds(ctx, req.RoleIds, service.Context().GetUserId(ctx)) + liberr.ErrIsNil(ctx, err) + } e = s.addUserRole(ctx, req.RoleIds, userId) liberr.ErrIsNil(ctx, e, "设置用户权限失败") e = s.AddUserPost(ctx, tx, req.PostIds, userId) @@ -552,8 +555,10 @@ func (s *sSysUser) Edit(ctx context.Context, req *system.UserEditReq) (err error IsAdmin: req.IsAdmin, }) liberr.ErrIsNil(ctx, err, "修改用户信息失败") - req.RoleIds, err = s.filterRoleIds(ctx, req.RoleIds, service.Context().GetUserId(ctx)) - liberr.ErrIsNil(ctx, err) + if !service.SysUser().IsSupperAdmin(ctx,service.Context().GetUserId(ctx)){ + req.RoleIds, err = s.filterRoleIds(ctx, req.RoleIds, service.Context().GetUserId(ctx)) + liberr.ErrIsNil(ctx, err) + } //设置用户所属角色信息 err = s.EditUserRole(ctx, req.RoleIds, req.UserId) liberr.ErrIsNil(ctx, err, "设置用户权限失败")