fix 修复角色操作权限

2023-05-04 12:01:08 +08:00 · 2023-05-04 12:01:08 +08:00 · b0393ee76a
commit b0393ee76a
parent dfb50e4ca2
3 changed files with 25 additions and 5 deletions
--- a/api/v1/system/sys_role.go
+++ b/api/v1/system/sys_role.go
@ -45,6 +45,7 @@ type RoleAddReq struct {
 	ListOrder uint   `p:"listOrder" `
 	Remark    string `p:"remark"    `
 	MenuIds   []uint `p:"menuIds"`
+	CreatedBy uint64
 }

 type RoleAddRes struct {
--- a/internal/app/system/logic/sysRole/sys_role.go
+++ b/internal/app/system/logic/sysRole/sys_role.go
@ -127,6 +127,7 @@ func (s *sSysRole) DelRoleRule(ctx context.Context, roleId int64) (err error) {
 func (s *sSysRole) AddRole(ctx context.Context, req *system.RoleAddReq) (err error) {
 	err = g.DB().Transaction(ctx, func(ctx context.Context, tx gdb.TX) error {
 		err = g.Try(ctx, func(ctx context.Context) {
+			req.CreatedBy = service.Context().GetUserId(ctx)
 			roleId, e := dao.SysRole.Ctx(ctx).TX(tx).InsertAndGetId(req)
 			liberr.ErrIsNil(ctx, e, "添加角色失败")
 			//过滤ruleIds 把没有权限的过滤掉
@ -170,12 +171,25 @@ func (s *sSysRole) GetFilteredNamedPolicy(ctx context.Context, id uint) (gpSlice
 }

 func (s *sSysRole) hasManageAccess(ctx context.Context, roleId uint) bool {
-	if !service.SysUser().IsSupperAdmin(ctx, service.Context().GetUserId(ctx)) {
+	currentUserId:=service.Context().GetUserId(ctx)
+	if !service.SysUser().IsSupperAdmin(ctx, currentUserId) {
 		var (
 			roleIds   []uint
 			hasAccess bool
 			err       error
+			list []*entity.SysRole
 		)
+		list,err = s.GetRoleList(ctx)
+		if err != nil {
+			g.Log().Error(ctx, err)
+			return false
+		}
+		for _,v:=range list{
+			//判断是否当前用户所建角色
+			if roleId==v.Id && v.CreatedBy==currentUserId{
+				return true
+			}
+		}
 		roleIds, err = service.SysUser().GetAdminRoleIds(ctx, service.Context().GetUserId(ctx))
 		if err != nil {
 			g.Log().Error(ctx, err)
--- a/internal/app/system/logic/sysUser/sys_user.go
+++ b/internal/app/system/logic/sysUser/sys_user.go
@ -522,8 +522,11 @@ func (s *sSysUser) Add(ctx context.Context, req *system.UserAddReq) (err error)
 				IsAdmin:      req.IsAdmin,
 			})
 			liberr.ErrIsNil(ctx, e, "添加用户失败")
+			//不是超管过滤提交角色数据
+			if !service.SysUser().IsSupperAdmin(ctx,service.Context().GetUserId(ctx)){
 				req.RoleIds, err = s.filterRoleIds(ctx, req.RoleIds, service.Context().GetUserId(ctx))
 				liberr.ErrIsNil(ctx, err)
+			}
 			e = s.addUserRole(ctx, req.RoleIds, userId)
 			liberr.ErrIsNil(ctx, e, "设置用户权限失败")
 			e = s.AddUserPost(ctx, tx, req.PostIds, userId)
@ -552,8 +555,10 @@ func (s *sSysUser) Edit(ctx context.Context, req *system.UserEditReq) (err error
 				IsAdmin:      req.IsAdmin,
 			})
 			liberr.ErrIsNil(ctx, err, "修改用户信息失败")
+			if !service.SysUser().IsSupperAdmin(ctx,service.Context().GetUserId(ctx)){
 				req.RoleIds, err = s.filterRoleIds(ctx, req.RoleIds, service.Context().GetUserId(ctx))
 				liberr.ErrIsNil(ctx, err)
+			}
 			//设置用户所属角色信息
 			err = s.EditUserRole(ctx, req.RoleIds, req.UserId)
 			liberr.ErrIsNil(ctx, err, "设置用户权限失败")