fix 完善用户操作权限

api/v1/system/sys_role.go

@@ -8,6 +8,7 @@
 package system
 
 import (
+	"github.com/gogf/gf/v2/container/garray"
 	"github.com/gogf/gf/v2/frame/g"
 	commonApi "github.com/tiger1103/gfast/v3/api/v1/common"
 	"github.com/tiger1103/gfast/v3/internal/app/system/model"
@@ -32,8 +33,9 @@ type RoleGetParamsReq struct {
 }
 
 type RoleGetParamsRes struct {
-	g.Meta `mime:"application/json"`
+	g.Meta      `mime:"application/json"`
-	Menu   []*model.SysAuthRuleInfoRes `json:"menu"`
+	Menu        []*model.SysAuthRuleInfoRes `json:"menu"`
+	AccessMenus *garray.Array               `json:"accessMenus"`
 }
 
 type RoleAddReq struct {
@@ -50,7 +52,8 @@ type RoleAddRes struct {
 
 type RoleGetReq struct {
 	g.Meta `path:"/role/get" tags:"角色管理" method:"get" summary:"获取角色信息"`
-	Id     uint `p:"id" v:"required#角色id不能为空""`
+	commonApi.Author
+	Id uint `p:"id" v:"required#角色id不能为空""`
 }
 
 type RoleGetRes struct {
@@ -60,7 +63,8 @@ type RoleGetRes struct {
 }
 
 type RoleEditReq struct {
-	g.Meta    `path:"/role/edit" tags:"角色管理" method:"put" summary:"修改角色"`
+	g.Meta `path:"/role/edit" tags:"角色管理" method:"put" summary:"修改角色"`
+	commonApi.Author
 	Id        int64  `p:"id" v:"required#角色id必须"`
 	Name      string `p:"name" v:"required#角色名称不能为空"`
 	Status    uint   `p:"status"    `

api/v1/system/sys_user.go

@@ -41,9 +41,10 @@ type UserGetParamsReq struct {
 }
 
 type UserGetParamsRes struct {
-	g.Meta   `mime:"application/json"`
+	g.Meta     `mime:"application/json"`
-	RoleList []*entity.SysRole `json:"roleList"`
+	RoleList   []*entity.SysRole `json:"roleList"`
-	Posts    []*entity.SysPost `json:"posts"`
+	Posts      []*entity.SysPost `json:"posts"`
+	RoleAccess []uint            `json:"roleAccess"`
 }
 
 // SetUserReq 添加修改用户公用请求字段
@@ -54,7 +55,7 @@ type SetUserReq struct {
 	Mobile   string  `p:"mobile" v:"required|phone#手机号不能为空|手机号格式错误"`
 	PostIds  []int64 `p:"postIds"`
 	Remark   string  `p:"remark"`
-	RoleIds  []int64 `p:"roleIds"`
+	RoleIds  []uint  `p:"roleIds"`
 	Sex      int     `p:"sex"`
 	Status   uint    `p:"status"`
 	IsAdmin  int     `p:"isAdmin"` // 是否后台管理员 1 是  0   否

internal/app/system/controller/sys_role.go

@@ -29,6 +29,14 @@ func (c *roleController) List(ctx context.Context, req *system.RoleListReq) (res
 func (c *roleController) GetParams(ctx context.Context, req *system.RoleGetParamsReq) (res *system.RoleGetParamsRes, err error) {
 	res = new(system.RoleGetParamsRes)
 	res.Menu, err = service.SysAuthRule().GetMenuList(ctx)
+	if err != nil {
+		return
+	}
+	roleIds, err := service.SysUser().GetAdminRoleIds(ctx, service.Context().GetUserId(ctx))
+	if err != nil {
+		return
+	}
+	res.AccessMenus, err = service.SysUser().GetAdminMenusIdsByRoleIds(ctx, roleIds)
 	return
 }
 

internal/app/system/controller/sys_user.go

@@ -55,6 +55,32 @@ func (c *userController) GetParams(ctx context.Context, req *system.UserGetParam
 		return
 	}
 	res.Posts, err = service.SysPost().GetUsedPost(ctx)
+	if err != nil {
+		return
+	}
+	userId := service.Context().GetUserId(ctx)
+	res.RoleAccess, err = service.SysUser().GetAdminRoleIds(ctx, userId)
+	if err != nil {
+		return
+	}
+	//判断是否超管
+	if service.SysUser().IsSupperAdmin(ctx, userId) {
+		//自己创建的角色可以被授权
+		for _, v := range res.RoleList {
+			res.RoleAccess = append(res.RoleAccess, v.Id)
+		}
+	} else {
+		res.RoleAccess, err = service.SysUser().GetAdminRoleIds(ctx, userId)
+		if err != nil {
+			return
+		}
+		//自己创建的角色可以被授权
+		for _, v := range res.RoleList {
+			if v.CreatedBy == userId {
+				res.RoleAccess = append(res.RoleAccess, v.Id)
+			}
+		}
+	}
 	return
 }
 

internal/app/system/dao/internal/sys_role.go

@@ -27,6 +27,7 @@ type SysRoleColumns struct {
 	DataScope string // 数据范围（1：全部数据权限 2：自定数据权限 3：本部门数据权限 4：本部门及以下数据权限）
 	CreatedAt string // 创建时间
 	UpdatedAt string // 更新时间
+	CreatedBy string // 创建人
 }
 
 // sysRoleColumns holds the columns for table sys_role.
@@ -39,6 +40,7 @@ var sysRoleColumns = SysRoleColumns{
 	DataScope: "data_scope",
 	CreatedAt: "created_at",
 	UpdatedAt: "updated_at",
+	CreatedBy: "created_by",
 }
 
 // NewSysRoleDao creates and returns a new DAO object for table data access.

internal/app/system/logic/middleware/middleware.go

@@ -67,14 +67,7 @@ func (s *sMiddleware) Auth(r *ghttp.Request) {
 		libResponse.FailJson(true, r, "对不起！演示系统，不能删改数据！")
 	}*/
 	//获取无需验证权限的用户id
-	tagSuperAdmin := false
+	tagSuperAdmin := service.SysUser().IsSupperAdmin(ctx, service.Context().GetUserId(ctx))
-	service.SysUser().NotCheckAuthAdminIds(ctx).Iterator(func(v interface{}) bool {
-		if gconv.Uint64(v) == adminId {
-			tagSuperAdmin = true
-			return false
-		}
-		return true
-	})
 	if tagSuperAdmin {
 		r.Middleware.Next()
 		//不要再往后面执行

internal/app/system/logic/sysRole/sys_role.go

@@ -9,7 +9,8 @@ package sysRole
 
 import (
 	"context"
-
+	"errors"
+	"github.com/gogf/gf/v2/container/garray"
 	"github.com/gogf/gf/v2/database/gdb"
 	"github.com/gogf/gf/v2/frame/g"
 	"github.com/gogf/gf/v2/util/gconv"
@@ -44,6 +45,17 @@ func (s *sSysRole) GetRoleListSearch(ctx context.Context, req *system.RoleListRe
 		if req.Status != "" {
 			model = model.Where("a.status", gconv.Int(req.Status))
 		}
+		userId := service.Context().GetUserId(ctx)
+		//获取当前用户所属角色ids
+		if !service.SysUser().IsSupperAdmin(ctx, userId) {
+			var roleIds []uint
+			roleIds, err = service.SysUser().GetAdminRoleIds(ctx, userId)
+			liberr.ErrIsNil(ctx, err)
+			if len(roleIds) == 0 {
+				return
+			}
+			model = model.Where("a."+dao.SysRole.Columns().Id+" in(?) OR a.created_by = ?", roleIds, userId)
+		}
 		model = model.As("a")
 		res.Total, err = model.Count()
 		liberr.ErrIsNil(ctx, err, "获取角色数据失败")
@@ -117,6 +129,9 @@ func (s *sSysRole) AddRole(ctx context.Context, req *system.RoleAddReq) (err err
 		err = g.Try(ctx, func(ctx context.Context) {
 			roleId, e := dao.SysRole.Ctx(ctx).TX(tx).InsertAndGetId(req)
 			liberr.ErrIsNil(ctx, e, "添加角色失败")
+			//过滤ruleIds 把没有权限的过滤掉
+			req.MenuIds, err = s.filterAccessRuleIds(ctx, req.MenuIds)
+			liberr.ErrIsNil(ctx, err)
 			//添加角色权限
 			e = s.AddRoleRule(ctx, req.MenuIds, roleId)
 			liberr.ErrIsNil(ctx, e)
@@ -130,6 +145,10 @@ func (s *sSysRole) AddRole(ctx context.Context, req *system.RoleAddReq) (err err
 
 func (s *sSysRole) Get(ctx context.Context, id uint) (res *entity.SysRole, err error) {
 	err = g.Try(ctx, func(ctx context.Context) {
+		//判断是否具有此角色的权限
+		if !s.hasManageAccess(ctx, id) {
+			liberr.ErrIsNil(ctx, errors.New("没有查看这个角色的权限"))
+		}
 		err = dao.SysRole.Ctx(ctx).WherePri(id).Scan(&res)
 		liberr.ErrIsNil(ctx, err, "获取角色信息失败")
 	})
@@ -150,10 +169,39 @@ func (s *sSysRole) GetFilteredNamedPolicy(ctx context.Context, id uint) (gpSlice
 	return
 }
 
+func (s *sSysRole) hasManageAccess(ctx context.Context, roleId uint) bool {
+	if !service.SysUser().IsSupperAdmin(ctx, service.Context().GetUserId(ctx)) {
+		var (
+			roleIds   []uint
+			hasAccess bool
+			err       error
+		)
+		roleIds, err = service.SysUser().GetAdminRoleIds(ctx, service.Context().GetUserId(ctx))
+		if err != nil {
+			g.Log().Error(ctx, err)
+			return false
+		}
+		if len(roleIds) > 0 {
+			for _, v := range roleIds {
+				if v == roleId {
+					hasAccess = true
+					break
+				}
+			}
+		}
+		return hasAccess
+	}
+	return true
+}
+
 // EditRole 修改角色
 func (s *sSysRole) EditRole(ctx context.Context, req *system.RoleEditReq) (err error) {
 	err = g.DB().Transaction(ctx, func(ctx context.Context, tx gdb.TX) error {
 		err = g.Try(ctx, func(ctx context.Context) {
+			//判断是否具有修改此角色的权限
+			if !s.hasManageAccess(ctx, gconv.Uint(req.Id)) {
+				liberr.ErrIsNil(ctx, errors.New("没有修改这个角色的权限"))
+			}
 			_, e := dao.SysRole.Ctx(ctx).TX(tx).WherePri(req.Id).Data(&do.SysRole{
 				Status:    req.Status,
 				ListOrder: req.ListOrder,
@@ -161,6 +209,9 @@ func (s *sSysRole) EditRole(ctx context.Context, req *system.RoleEditReq) (err e
 				Remark:    req.Remark,
 			}).Update()
 			liberr.ErrIsNil(ctx, e, "修改角色失败")
+			//过滤ruleIds 把没有权限的过滤掉
+			req.MenuIds, err = s.filterAccessRuleIds(ctx, req.MenuIds)
+			liberr.ErrIsNil(ctx, err)
 			//删除角色权限
 			e = s.DelRoleRule(ctx, req.Id)
 			liberr.ErrIsNil(ctx, e)
@@ -175,10 +226,40 @@ func (s *sSysRole) EditRole(ctx context.Context, req *system.RoleEditReq) (err e
 	return
 }
 
+// 从给定的menuIds中过滤掉用户没有操作权限的菜单id
+func (s *sSysRole) filterAccessRuleIds(ctx context.Context, menuIds []uint) (newRuleIds []uint, err error) {
+	err = g.Try(ctx, func(ctx context.Context) {
+		//若不是超管，过滤ruleIds 把没有权限的过滤掉
+		if !service.SysUser().IsSupperAdmin(ctx, service.Context().GetUserId(ctx)) {
+			var (
+				userRoleIds []uint
+				accessMenus *garray.Array
+			)
+			userRoleIds, err = service.SysUser().GetAdminRoleIds(ctx, service.Context().GetUserId(ctx))
+			liberr.ErrIsNil(ctx, err)
+			accessMenus, err = service.SysUser().GetAdminMenusIdsByRoleIds(ctx, userRoleIds)
+			for _, v := range menuIds {
+				if accessMenus.Contains(v) {
+					newRuleIds = append(newRuleIds, v)
+				}
+			}
+		} else {
+			newRuleIds = menuIds
+		}
+	})
+	return
+}
+
 // DeleteByIds 删除角色
 func (s *sSysRole) DeleteByIds(ctx context.Context, ids []int64) (err error) {
 	err = g.DB().Transaction(ctx, func(ctx context.Context, tx gdb.TX) error {
 		err = g.Try(ctx, func(ctx context.Context) {
+			for _, id := range ids {
+				//判断是否有删除该角色的权限
+				if !s.hasManageAccess(ctx, gconv.Uint(id)) {
+					liberr.ErrIsNil(ctx, errors.New("没有删除这个角色的权限"))
+				}
+			}
 			_, err = dao.SysRole.Ctx(ctx).TX(tx).Where(dao.SysRole.Columns().Id+" in(?)", ids).Delete()
 			liberr.ErrIsNil(ctx, err, "删除角色失败")
 			//删除角色权限

internal/app/system/logic/sysUser/sys_user.go

@@ -10,6 +10,7 @@ package sysUser
 import (
 	"context"
 	"fmt"
+	"github.com/gogf/gf/v2/container/garray"
 	"reflect"
 
 	"github.com/gogf/gf/v2/container/gset"
@@ -51,8 +52,17 @@ func (s *sSysUser) GetCasBinUserPrefix() string {
 	return s.casBinUserPrefix
 }
 
+// IsSupperAdmin 判断用户是否超管
+func (s *sSysUser) IsSupperAdmin(ctx context.Context, userId uint64) bool {
+	superAdminIds := s.NotCheckAuthAdminIds(ctx)
+	if superAdminIds.Contains(userId) {
+		return true
+	}
+	return false
+}
+
 func (s *sSysUser) NotCheckAuthAdminIds(ctx context.Context) *gset.Set {
-	ids := g.Cfg().MustGet(ctx, "system.notCheckAuthAdminIds")
+	ids := g.Cfg().MustGet(ctx, "system.notCheckAuthAdminIds").Uint64s()
 	if !g.IsNil(ids) {
 		return gset.NewFrom(ids)
 	}
@@ -118,7 +128,7 @@ func (s *sSysUser) LoginLog(ctx context.Context, params *model.LoginLogParams) {
 }
 
 func (s *sSysUser) UpdateLoginInfo(ctx context.Context, id uint64, ip string) (err error) {
-	g.Try(ctx, func(ctx context.Context) {
+	err = g.Try(ctx, func(ctx context.Context) {
 		_, err = dao.SysUser.Ctx(ctx).WherePri(id).Unscoped().Update(g.Map{
 			dao.SysUser.Columns().LastLoginIp:   ip,
 			dao.SysUser.Columns().LastLoginTime: gtime.Now(),
@@ -132,15 +142,7 @@ func (s *sSysUser) UpdateLoginInfo(ctx context.Context, id uint64, ip string) (e
 func (s *sSysUser) GetAdminRules(ctx context.Context, userId uint64) (menuList []*model.UserMenus, permissions []string, err error) {
 	err = g.Try(ctx, func(ctx context.Context) {
 		//是否超管
-		isSuperAdmin := false
+		isSuperAdmin := s.IsSupperAdmin(ctx, userId)
-		//获取无需验证权限的用户id
-		s.NotCheckAuthAdminIds(ctx).Iterator(func(v interface{}) bool {
-			if gconv.Uint64(v) == userId {
-				isSuperAdmin = true
-				return false
-			}
-			return true
-		})
 		//获取用户菜单数据
 		allRoles, err := service.SysRole().GetRoleList(ctx)
 		liberr.ErrIsNil(ctx, err)
@@ -225,26 +227,52 @@ func (s *sSysUser) GetAllMenus(ctx context.Context) (menus []*model.UserMenus, e
 	return
 }
 
-func (s *sSysUser) GetAdminMenusByRoleIds(ctx context.Context, roleIds []uint) (menus []*model.UserMenus, err error) {
+func (s *sSysUser) GetAdminMenusIdsByRoleIds(ctx context.Context, roleIds []uint) (menuIds *garray.Array, err error) {
 	//获取角色对应的菜单id
+	menuIds = garray.New()
 	err = g.Try(ctx, func(ctx context.Context) {
+		if s.IsSupperAdmin(ctx, service.Context().GetUserId(ctx)) {
+			var menus []*model.SysAuthRuleInfoRes
+			menus, err = service.SysAuthRule().GetMenuList(ctx)
+			liberr.ErrIsNil(ctx, err)
+			for _, m := range menus {
+				menuIds.Append(m.Id)
+			}
+			return
+		}
 		enforcer, e := commonService.CasbinEnforcer(ctx)
 		liberr.ErrIsNil(ctx, e)
-		menuIds := map[int64]int64{}
 		for _, roleId := range roleIds {
 			//查询当前权限
 			gp := enforcer.GetFilteredPolicy(0, gconv.String(roleId))
 			for _, p := range gp {
-				mid := gconv.Int64(p[1])
+				menuIds.Append(gconv.Uint(p[1]))
-				menuIds[mid] = mid
 			}
 		}
+	})
+	return
+}
+
+func (s *sSysUser) GetAdminMenusByRoleIds(ctx context.Context, roleIds []uint) (menus []*model.UserMenus, err error) {
+	//获取角色对应的菜单id
+	err = g.Try(ctx, func(ctx context.Context) {
+		var (
+			menuArr *garray.Array
+			menuIds = map[uint]uint{}
+		)
+		menuArr, err = s.GetAdminMenusIdsByRoleIds(ctx, roleIds)
+		liberr.ErrIsNil(ctx, err)
+		menuArr.Iterator(func(k int, v interface{}) bool {
+			mp := gconv.Uint(v)
+			menuIds[mp] = mp
+			return true
+		})
 		//获取所有开启的菜单
 		allMenus, err := service.SysAuthRule().GetIsMenuList(ctx)
 		liberr.ErrIsNil(ctx, err)
 		menus = make([]*model.UserMenus, 0, len(allMenus))
 		for _, v := range allMenus {
-			if _, ok := menuIds[gconv.Int64(v.Id)]; gstr.Equal(v.Condition, "nocheck") || ok {
+			if _, ok := menuIds[v.Id]; gstr.Equal(v.Condition, "nocheck") || ok {
 				var roleMenu *model.UserMenu
 				roleMenu = s.setMenuData(roleMenu, v)
 				menus = append(menus, &model.UserMenus{UserMenu: roleMenu})
@@ -442,6 +470,35 @@ func (s *sSysUser) getSearchDeptIds(ctx context.Context, deptId uint64) (deptIds
 	return
 }
 
+// 过滤用户可操作的角色
+func (s *sSysUser) filterRoleIds(ctx context.Context, roleIds []uint, userId uint64) (newRoleIds []uint, err error) {
+	err = g.Try(ctx, func(ctx context.Context) {
+		var (
+			accessRoleList []uint
+			roleList       []*entity.SysRole
+		)
+		accessRoleList, err = service.SysUser().GetAdminRoleIds(ctx, userId)
+		liberr.ErrIsNil(ctx, err)
+		roleList, err = service.SysRole().GetRoleList(ctx)
+		liberr.ErrIsNil(ctx, err)
+		//自己创建的角色可以被授权
+		for _, v := range roleList {
+			if v.CreatedBy == userId {
+				accessRoleList = append(accessRoleList, v.Id)
+			}
+		}
+		for _, r := range roleIds {
+			for _, a := range accessRoleList {
+				if r == a {
+					newRoleIds = append(newRoleIds, r)
+					break
+				}
+			}
+		}
+	})
+	return
+}
+
 func (s *sSysUser) Add(ctx context.Context, req *system.UserAddReq) (err error) {
 	err = s.UserNameOrMobileExists(ctx, req.UserName, req.Mobile)
 	if err != nil {
@@ -465,6 +522,8 @@ func (s *sSysUser) Add(ctx context.Context, req *system.UserAddReq) (err error)
 				IsAdmin:      req.IsAdmin,
 			})
 			liberr.ErrIsNil(ctx, e, "添加用户失败")
+			req.RoleIds, err = s.filterRoleIds(ctx, req.RoleIds, service.Context().GetUserId(ctx))
+			liberr.ErrIsNil(ctx, err)
 			e = s.addUserRole(ctx, req.RoleIds, userId)
 			liberr.ErrIsNil(ctx, e, "设置用户权限失败")
 			e = s.AddUserPost(ctx, tx, req.PostIds, userId)
@@ -493,6 +552,8 @@ func (s *sSysUser) Edit(ctx context.Context, req *system.UserEditReq) (err error
 				IsAdmin:      req.IsAdmin,
 			})
 			liberr.ErrIsNil(ctx, err, "修改用户信息失败")
+			req.RoleIds, err = s.filterRoleIds(ctx, req.RoleIds, service.Context().GetUserId(ctx))
+			liberr.ErrIsNil(ctx, err)
 			//设置用户所属角色信息
 			err = s.EditUserRole(ctx, req.RoleIds, req.UserId)
 			liberr.ErrIsNil(ctx, err, "设置用户权限失败")
@@ -528,7 +589,7 @@ func (s *sSysUser) AddUserPost(ctx context.Context, tx gdb.TX, postIds []int64,
 }
 
 // AddUserRole 添加用户角色信息
-func (s *sSysUser) addUserRole(ctx context.Context, roleIds []int64, userId int64) (err error) {
+func (s *sSysUser) addUserRole(ctx context.Context, roleIds []uint, userId int64) (err error) {
 	err = g.Try(ctx, func(ctx context.Context) {
 		enforcer, e := commonService.CasbinEnforcer(ctx)
 		liberr.ErrIsNil(ctx, e)
@@ -541,13 +602,14 @@ func (s *sSysUser) addUserRole(ctx context.Context, roleIds []int64, userId int6
 }
 
 // EditUserRole 修改用户角色信息
-func (s *sSysUser) EditUserRole(ctx context.Context, roleIds []int64, userId int64) (err error) {
+func (s *sSysUser) EditUserRole(ctx context.Context, roleIds []uint, userId int64) (err error) {
 	err = g.Try(ctx, func(ctx context.Context) {
 		enforcer, e := commonService.CasbinEnforcer(ctx)
 		liberr.ErrIsNil(ctx, e)
 
 		//删除用户旧角色信息
-		enforcer.RemoveFilteredGroupingPolicy(0, fmt.Sprintf("%s%d", s.casBinUserPrefix, userId))
+		_, err = enforcer.RemoveFilteredGroupingPolicy(0, fmt.Sprintf("%s%d", s.casBinUserPrefix, userId))
+		liberr.ErrIsNil(ctx, err)
 		for _, v := range roleIds {
 			_, err = enforcer.AddGroupingPolicy(fmt.Sprintf("%s%d", s.casBinUserPrefix, userId), gconv.String(v))
 			liberr.ErrIsNil(ctx, err)
@@ -770,14 +832,7 @@ func (s *sSysUser) HasAccessByDataWhere(ctx context.Context, where g.Map, uid in
 // AccessRule 判断用户是否有某一菜单规则权限
 func (s *sSysUser) AccessRule(ctx context.Context, userId uint64, rule string) bool {
 	//获取无需验证权限的用户id
-	tagSuperAdmin := false
+	tagSuperAdmin := s.IsSupperAdmin(ctx, userId)
-	s.NotCheckAuthAdminIds(ctx).Iterator(func(v interface{}) bool {
-		if gconv.Uint64(v) == userId {
-			tagSuperAdmin = true
-			return false
-		}
-		return true
-	})
 	if tagSuperAdmin {
 		return true
 	}

internal/app/system/model/do/sys_role.go

@@ -20,4 +20,5 @@ type SysRole struct {
 	DataScope interface{} // 数据范围（1：全部数据权限 2：自定数据权限 3：本部门数据权限 4：本部门及以下数据权限）
 	CreatedAt *gtime.Time // 创建时间
 	UpdatedAt *gtime.Time // 更新时间
+	CreatedBy interface{} //创建人
 }

internal/app/system/model/do/tools_gen_table.go

@@ -30,4 +30,5 @@ type ToolsGenTable struct {
 	SortColumn     interface{} // 排序字段名
 	SortType       interface{} // 排序方式 (asc顺序 desc倒序)
 	ShowDetail     interface{} // 是否有查看详情功能
+	ExcelPort      interface{} // 是否有导入导出excel功能
 }

internal/app/system/model/entity/sys_role.go

@@ -18,5 +18,6 @@ type SysRole struct {
 	DataScope uint        `json:"dataScope" description:"数据范围（1：全部数据权限 2：自定数据权限 3：本部门数据权限 4：本部门及以下数据权限）"`
 	CreatedAt *gtime.Time `json:"createdAt" description:"创建时间"`
 	UpdatedAt *gtime.Time `json:"updatedAt" description:"更新时间"`
-	UserCnt    uint    `json:"userCnt" description:"用户数量"`     
+	UserCnt   uint        `json:"userCnt" description:"用户数量"`
+	CreatedBy uint64      `json:"createdBy" orm:"created_by" description:"创建人"`
 }

internal/app/system/model/entity/tools_gen_table.go

@@ -28,4 +28,5 @@ type ToolsGenTable struct {
 	SortColumn     string      `json:"sortColumn"     description:"排序字段名"`
 	SortType       string      `json:"sortType"       description:"排序方式 (asc顺序 desc倒序)"`
 	ShowDetail     bool        `json:"showDetail"     description:"是否有查看详情功能"`
+	ExcelPort      bool        `json:"excelPort" description:"是否有excel导入导出功能"`
 }

internal/app/system/model/sys_user.go

@@ -43,7 +43,6 @@ type SysUserPostInfoRes struct {
 	PostName string `json:"postName"`
 }
 
-
 type SysUserSimpleRes struct {
 	gmeta.Meta   `orm:"table:sys_user"`
 	Id           uint64 `orm:"id"       json:"id"`                   //

internal/app/system/model/tools_gen_table.go

@@ -35,6 +35,7 @@ type ToolsGenTableEx struct {
 	SortColumn     string                   // 缺省排序字段
 	SortType       string                   // 缺省排序方式 (asc顺序 desc倒序)
 	ShowDetail     bool                     // 是否有查看详情功能
+	ExcelPort      bool                     // 是否有导入导出excel功能
 	TreeCode       string                   // 树编码字段
 	TreeParentCode string                   // 树父编码字段
 	TreeName       string                   // 树名称字段

internal/app/system/service/sys_user.go

@@ -7,6 +7,7 @@ package service
 
 import (
 	"context"
+	"github.com/gogf/gf/v2/container/garray"
 
 	"github.com/gogf/gf/v2/container/gset"
 	"github.com/gogf/gf/v2/database/gdb"
@@ -19,6 +20,7 @@ import (
 type (
 	ISysUser interface {
 		GetCasBinUserPrefix() string
+		IsSupperAdmin(ctx context.Context, userId uint64) bool
 		NotCheckAuthAdminIds(ctx context.Context) *gset.Set
 		GetAdminUserByUsernamePassword(ctx context.Context, req *system.UserLoginReq) (user *model.LoginUserRes, err error)
 		GetUserByUsername(ctx context.Context, userName string) (user *model.LoginUserRes, err error)
@@ -29,6 +31,7 @@ type (
 		GetAdminRole(ctx context.Context, userId uint64, allRoleList []*entity.SysRole) (roles []*entity.SysRole, err error)
 		GetAdminRoleIds(ctx context.Context, userId uint64) (roleIds []uint, err error)
 		GetAllMenus(ctx context.Context) (menus []*model.UserMenus, err error)
+		GetAdminMenusIdsByRoleIds(ctx context.Context, roleIds []uint) (menuIds *garray.Array, err error)
 		GetAdminMenusByRoleIds(ctx context.Context, roleIds []uint) (menus []*model.UserMenus, err error)
 		GetMenusTree(menus []*model.UserMenus, pid uint) []*model.UserMenus
 		GetPermissions(ctx context.Context, roleIds []uint) (userButtons []string, err error)
@@ -37,7 +40,7 @@ type (
 		Add(ctx context.Context, req *system.UserAddReq) (err error)
 		Edit(ctx context.Context, req *system.UserEditReq) (err error)
 		AddUserPost(ctx context.Context, tx gdb.TX, postIds []int64, userId int64) (err error)
-		EditUserRole(ctx context.Context, roleIds []int64, userId int64) (err error)
+		EditUserRole(ctx context.Context, roleIds []uint, userId int64) (err error)
 		UserNameOrMobileExists(ctx context.Context, userName, mobile string, id ...int64) error
 		GetEditUser(ctx context.Context, id uint64) (res *system.UserGetEditRes, err error)
 		GetUserInfoById(ctx context.Context, id uint64, withPwd ...bool) (user *entity.SysUser, err error)