fix 完善用户操作权限
This commit is contained in:
yxh
parent
d29c341034
commit
dfb50e4ca2
@ -8,6 +8,7 @@
|
||||
package system
|
||||
|
||||
import (
|
||||
"github.com/gogf/gf/v2/container/garray"
|
||||
"github.com/gogf/gf/v2/frame/g"
|
||||
commonApi "github.com/tiger1103/gfast/v3/api/v1/common"
|
||||
"github.com/tiger1103/gfast/v3/internal/app/system/model"
|
||||
@ -34,6 +35,7 @@ type RoleGetParamsReq struct {
|
||||
type RoleGetParamsRes struct {
|
||||
g.Meta `mime:"application/json"`
|
||||
Menu []*model.SysAuthRuleInfoRes `json:"menu"`
|
||||
AccessMenus *garray.Array `json:"accessMenus"`
|
||||
}
|
||||
|
||||
type RoleAddReq struct {
|
||||
@ -50,6 +52,7 @@ type RoleAddRes struct {
|
||||
|
||||
type RoleGetReq struct {
|
||||
g.Meta `path:"/role/get" tags:"角色管理" method:"get" summary:"获取角色信息"`
|
||||
commonApi.Author
|
||||
Id uint `p:"id" v:"required#角色id不能为空""`
|
||||
}
|
||||
|
||||
@ -61,6 +64,7 @@ type RoleGetRes struct {
|
||||
|
||||
type RoleEditReq struct {
|
||||
g.Meta `path:"/role/edit" tags:"角色管理" method:"put" summary:"修改角色"`
|
||||
commonApi.Author
|
||||
Id int64 `p:"id" v:"required#角色id必须"`
|
||||
Name string `p:"name" v:"required#角色名称不能为空"`
|
||||
Status uint `p:"status" `
|
||||
|
||||
@ -44,6 +44,7 @@ type UserGetParamsRes struct {
|
||||
g.Meta `mime:"application/json"`
|
||||
RoleList []*entity.SysRole `json:"roleList"`
|
||||
Posts []*entity.SysPost `json:"posts"`
|
||||
RoleAccess []uint `json:"roleAccess"`
|
||||
}
|
||||
|
||||
// SetUserReq 添加修改用户公用请求字段
|
||||
@ -54,7 +55,7 @@ type SetUserReq struct {
|
||||
Mobile string `p:"mobile" v:"required|phone#手机号不能为空|手机号格式错误"`
|
||||
PostIds []int64 `p:"postIds"`
|
||||
Remark string `p:"remark"`
|
||||
RoleIds []int64 `p:"roleIds"`
|
||||
RoleIds []uint `p:"roleIds"`
|
||||
Sex int `p:"sex"`
|
||||
Status uint `p:"status"`
|
||||
IsAdmin int `p:"isAdmin"` // 是否后台管理员 1 是 0 否
|
||||
|
||||
@ -29,6 +29,14 @@ func (c *roleController) List(ctx context.Context, req *system.RoleListReq) (res
|
||||
func (c *roleController) GetParams(ctx context.Context, req *system.RoleGetParamsReq) (res *system.RoleGetParamsRes, err error) {
|
||||
res = new(system.RoleGetParamsRes)
|
||||
res.Menu, err = service.SysAuthRule().GetMenuList(ctx)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
roleIds, err := service.SysUser().GetAdminRoleIds(ctx, service.Context().GetUserId(ctx))
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
res.AccessMenus, err = service.SysUser().GetAdminMenusIdsByRoleIds(ctx, roleIds)
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@ -55,6 +55,32 @@ func (c *userController) GetParams(ctx context.Context, req *system.UserGetParam
|
||||
return
|
||||
}
|
||||
res.Posts, err = service.SysPost().GetUsedPost(ctx)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
userId := service.Context().GetUserId(ctx)
|
||||
res.RoleAccess, err = service.SysUser().GetAdminRoleIds(ctx, userId)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
//判断是否超管
|
||||
if service.SysUser().IsSupperAdmin(ctx, userId) {
|
||||
//自己创建的角色可以被授权
|
||||
for _, v := range res.RoleList {
|
||||
res.RoleAccess = append(res.RoleAccess, v.Id)
|
||||
}
|
||||
} else {
|
||||
res.RoleAccess, err = service.SysUser().GetAdminRoleIds(ctx, userId)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
//自己创建的角色可以被授权
|
||||
for _, v := range res.RoleList {
|
||||
if v.CreatedBy == userId {
|
||||
res.RoleAccess = append(res.RoleAccess, v.Id)
|
||||
}
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@ -27,6 +27,7 @@ type SysRoleColumns struct {
|
||||
DataScope string // 数据范围(1:全部数据权限 2:自定数据权限 3:本部门数据权限 4:本部门及以下数据权限)
|
||||
CreatedAt string // 创建时间
|
||||
UpdatedAt string // 更新时间
|
||||
CreatedBy string // 创建人
|
||||
}
|
||||
|
||||
// sysRoleColumns holds the columns for table sys_role.
|
||||
@ -39,6 +40,7 @@ var sysRoleColumns = SysRoleColumns{
|
||||
DataScope: "data_scope",
|
||||
CreatedAt: "created_at",
|
||||
UpdatedAt: "updated_at",
|
||||
CreatedBy: "created_by",
|
||||
}
|
||||
|
||||
// NewSysRoleDao creates and returns a new DAO object for table data access.
|
||||
|
||||
@ -67,14 +67,7 @@ func (s *sMiddleware) Auth(r *ghttp.Request) {
|
||||
libResponse.FailJson(true, r, "对不起!演示系统,不能删改数据!")
|
||||
}*/
|
||||
//获取无需验证权限的用户id
|
||||
tagSuperAdmin := false
|
||||
service.SysUser().NotCheckAuthAdminIds(ctx).Iterator(func(v interface{}) bool {
|
||||
if gconv.Uint64(v) == adminId {
|
||||
tagSuperAdmin = true
|
||||
return false
|
||||
}
|
||||
return true
|
||||
})
|
||||
tagSuperAdmin := service.SysUser().IsSupperAdmin(ctx, service.Context().GetUserId(ctx))
|
||||
if tagSuperAdmin {
|
||||
r.Middleware.Next()
|
||||
//不要再往后面执行
|
||||
|
||||
@ -9,7 +9,8 @@ package sysRole
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"errors"
|
||||
"github.com/gogf/gf/v2/container/garray"
|
||||
"github.com/gogf/gf/v2/database/gdb"
|
||||
"github.com/gogf/gf/v2/frame/g"
|
||||
"github.com/gogf/gf/v2/util/gconv"
|
||||
@ -44,6 +45,17 @@ func (s *sSysRole) GetRoleListSearch(ctx context.Context, req *system.RoleListRe
|
||||
if req.Status != "" {
|
||||
model = model.Where("a.status", gconv.Int(req.Status))
|
||||
}
|
||||
userId := service.Context().GetUserId(ctx)
|
||||
//获取当前用户所属角色ids
|
||||
if !service.SysUser().IsSupperAdmin(ctx, userId) {
|
||||
var roleIds []uint
|
||||
roleIds, err = service.SysUser().GetAdminRoleIds(ctx, userId)
|
||||
liberr.ErrIsNil(ctx, err)
|
||||
if len(roleIds) == 0 {
|
||||
return
|
||||
}
|
||||
model = model.Where("a."+dao.SysRole.Columns().Id+" in(?) OR a.created_by = ?", roleIds, userId)
|
||||
}
|
||||
model = model.As("a")
|
||||
res.Total, err = model.Count()
|
||||
liberr.ErrIsNil(ctx, err, "获取角色数据失败")
|
||||
@ -117,6 +129,9 @@ func (s *sSysRole) AddRole(ctx context.Context, req *system.RoleAddReq) (err err
|
||||
err = g.Try(ctx, func(ctx context.Context) {
|
||||
roleId, e := dao.SysRole.Ctx(ctx).TX(tx).InsertAndGetId(req)
|
||||
liberr.ErrIsNil(ctx, e, "添加角色失败")
|
||||
//过滤ruleIds 把没有权限的过滤掉
|
||||
req.MenuIds, err = s.filterAccessRuleIds(ctx, req.MenuIds)
|
||||
liberr.ErrIsNil(ctx, err)
|
||||
//添加角色权限
|
||||
e = s.AddRoleRule(ctx, req.MenuIds, roleId)
|
||||
liberr.ErrIsNil(ctx, e)
|
||||
@ -130,6 +145,10 @@ func (s *sSysRole) AddRole(ctx context.Context, req *system.RoleAddReq) (err err
|
||||
|
||||
func (s *sSysRole) Get(ctx context.Context, id uint) (res *entity.SysRole, err error) {
|
||||
err = g.Try(ctx, func(ctx context.Context) {
|
||||
//判断是否具有此角色的权限
|
||||
if !s.hasManageAccess(ctx, id) {
|
||||
liberr.ErrIsNil(ctx, errors.New("没有查看这个角色的权限"))
|
||||
}
|
||||
err = dao.SysRole.Ctx(ctx).WherePri(id).Scan(&res)
|
||||
liberr.ErrIsNil(ctx, err, "获取角色信息失败")
|
||||
})
|
||||
@ -150,10 +169,39 @@ func (s *sSysRole) GetFilteredNamedPolicy(ctx context.Context, id uint) (gpSlice
|
||||
return
|
||||
}
|
||||
|
||||
func (s *sSysRole) hasManageAccess(ctx context.Context, roleId uint) bool {
|
||||
if !service.SysUser().IsSupperAdmin(ctx, service.Context().GetUserId(ctx)) {
|
||||
var (
|
||||
roleIds []uint
|
||||
hasAccess bool
|
||||
err error
|
||||
)
|
||||
roleIds, err = service.SysUser().GetAdminRoleIds(ctx, service.Context().GetUserId(ctx))
|
||||
if err != nil {
|
||||
g.Log().Error(ctx, err)
|
||||
return false
|
||||
}
|
||||
if len(roleIds) > 0 {
|
||||
for _, v := range roleIds {
|
||||
if v == roleId {
|
||||
hasAccess = true
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
return hasAccess
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
// EditRole 修改角色
|
||||
func (s *sSysRole) EditRole(ctx context.Context, req *system.RoleEditReq) (err error) {
|
||||
err = g.DB().Transaction(ctx, func(ctx context.Context, tx gdb.TX) error {
|
||||
err = g.Try(ctx, func(ctx context.Context) {
|
||||
//判断是否具有修改此角色的权限
|
||||
if !s.hasManageAccess(ctx, gconv.Uint(req.Id)) {
|
||||
liberr.ErrIsNil(ctx, errors.New("没有修改这个角色的权限"))
|
||||
}
|
||||
_, e := dao.SysRole.Ctx(ctx).TX(tx).WherePri(req.Id).Data(&do.SysRole{
|
||||
Status: req.Status,
|
||||
ListOrder: req.ListOrder,
|
||||
@ -161,6 +209,9 @@ func (s *sSysRole) EditRole(ctx context.Context, req *system.RoleEditReq) (err e
|
||||
Remark: req.Remark,
|
||||
}).Update()
|
||||
liberr.ErrIsNil(ctx, e, "修改角色失败")
|
||||
//过滤ruleIds 把没有权限的过滤掉
|
||||
req.MenuIds, err = s.filterAccessRuleIds(ctx, req.MenuIds)
|
||||
liberr.ErrIsNil(ctx, err)
|
||||
//删除角色权限
|
||||
e = s.DelRoleRule(ctx, req.Id)
|
||||
liberr.ErrIsNil(ctx, e)
|
||||
@ -175,10 +226,40 @@ func (s *sSysRole) EditRole(ctx context.Context, req *system.RoleEditReq) (err e
|
||||
return
|
||||
}
|
||||
|
||||
// 从给定的menuIds中过滤掉用户没有操作权限的菜单id
|
||||
func (s *sSysRole) filterAccessRuleIds(ctx context.Context, menuIds []uint) (newRuleIds []uint, err error) {
|
||||
err = g.Try(ctx, func(ctx context.Context) {
|
||||
//若不是超管,过滤ruleIds 把没有权限的过滤掉
|
||||
if !service.SysUser().IsSupperAdmin(ctx, service.Context().GetUserId(ctx)) {
|
||||
var (
|
||||
userRoleIds []uint
|
||||
accessMenus *garray.Array
|
||||
)
|
||||
userRoleIds, err = service.SysUser().GetAdminRoleIds(ctx, service.Context().GetUserId(ctx))
|
||||
liberr.ErrIsNil(ctx, err)
|
||||
accessMenus, err = service.SysUser().GetAdminMenusIdsByRoleIds(ctx, userRoleIds)
|
||||
for _, v := range menuIds {
|
||||
if accessMenus.Contains(v) {
|
||||
newRuleIds = append(newRuleIds, v)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
newRuleIds = menuIds
|
||||
}
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
// DeleteByIds 删除角色
|
||||
func (s *sSysRole) DeleteByIds(ctx context.Context, ids []int64) (err error) {
|
||||
err = g.DB().Transaction(ctx, func(ctx context.Context, tx gdb.TX) error {
|
||||
err = g.Try(ctx, func(ctx context.Context) {
|
||||
for _, id := range ids {
|
||||
//判断是否有删除该角色的权限
|
||||
if !s.hasManageAccess(ctx, gconv.Uint(id)) {
|
||||
liberr.ErrIsNil(ctx, errors.New("没有删除这个角色的权限"))
|
||||
}
|
||||
}
|
||||
_, err = dao.SysRole.Ctx(ctx).TX(tx).Where(dao.SysRole.Columns().Id+" in(?)", ids).Delete()
|
||||
liberr.ErrIsNil(ctx, err, "删除角色失败")
|
||||
//删除角色权限
|
||||
|
||||
@ -10,6 +10,7 @@ package sysUser
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"github.com/gogf/gf/v2/container/garray"
|
||||
"reflect"
|
||||
|
||||
"github.com/gogf/gf/v2/container/gset"
|
||||
@ -51,8 +52,17 @@ func (s *sSysUser) GetCasBinUserPrefix() string {
|
||||
return s.casBinUserPrefix
|
||||
}
|
||||
|
||||
// IsSupperAdmin 判断用户是否超管
|
||||
func (s *sSysUser) IsSupperAdmin(ctx context.Context, userId uint64) bool {
|
||||
superAdminIds := s.NotCheckAuthAdminIds(ctx)
|
||||
if superAdminIds.Contains(userId) {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func (s *sSysUser) NotCheckAuthAdminIds(ctx context.Context) *gset.Set {
|
||||
ids := g.Cfg().MustGet(ctx, "system.notCheckAuthAdminIds")
|
||||
ids := g.Cfg().MustGet(ctx, "system.notCheckAuthAdminIds").Uint64s()
|
||||
if !g.IsNil(ids) {
|
||||
return gset.NewFrom(ids)
|
||||
}
|
||||
@ -118,7 +128,7 @@ func (s *sSysUser) LoginLog(ctx context.Context, params *model.LoginLogParams) {
|
||||
}
|
||||
|
||||
func (s *sSysUser) UpdateLoginInfo(ctx context.Context, id uint64, ip string) (err error) {
|
||||
g.Try(ctx, func(ctx context.Context) {
|
||||
err = g.Try(ctx, func(ctx context.Context) {
|
||||
_, err = dao.SysUser.Ctx(ctx).WherePri(id).Unscoped().Update(g.Map{
|
||||
dao.SysUser.Columns().LastLoginIp: ip,
|
||||
dao.SysUser.Columns().LastLoginTime: gtime.Now(),
|
||||
@ -132,15 +142,7 @@ func (s *sSysUser) UpdateLoginInfo(ctx context.Context, id uint64, ip string) (e
|
||||
func (s *sSysUser) GetAdminRules(ctx context.Context, userId uint64) (menuList []*model.UserMenus, permissions []string, err error) {
|
||||
err = g.Try(ctx, func(ctx context.Context) {
|
||||
//是否超管
|
||||
isSuperAdmin := false
|
||||
//获取无需验证权限的用户id
|
||||
s.NotCheckAuthAdminIds(ctx).Iterator(func(v interface{}) bool {
|
||||
if gconv.Uint64(v) == userId {
|
||||
isSuperAdmin = true
|
||||
return false
|
||||
}
|
||||
return true
|
||||
})
|
||||
isSuperAdmin := s.IsSupperAdmin(ctx, userId)
|
||||
//获取用户菜单数据
|
||||
allRoles, err := service.SysRole().GetRoleList(ctx)
|
||||
liberr.ErrIsNil(ctx, err)
|
||||
@ -225,26 +227,52 @@ func (s *sSysUser) GetAllMenus(ctx context.Context) (menus []*model.UserMenus, e
|
||||
return
|
||||
}
|
||||
|
||||
func (s *sSysUser) GetAdminMenusByRoleIds(ctx context.Context, roleIds []uint) (menus []*model.UserMenus, err error) {
|
||||
func (s *sSysUser) GetAdminMenusIdsByRoleIds(ctx context.Context, roleIds []uint) (menuIds *garray.Array, err error) {
|
||||
//获取角色对应的菜单id
|
||||
menuIds = garray.New()
|
||||
err = g.Try(ctx, func(ctx context.Context) {
|
||||
if s.IsSupperAdmin(ctx, service.Context().GetUserId(ctx)) {
|
||||
var menus []*model.SysAuthRuleInfoRes
|
||||
menus, err = service.SysAuthRule().GetMenuList(ctx)
|
||||
liberr.ErrIsNil(ctx, err)
|
||||
for _, m := range menus {
|
||||
menuIds.Append(m.Id)
|
||||
}
|
||||
return
|
||||
}
|
||||
enforcer, e := commonService.CasbinEnforcer(ctx)
|
||||
liberr.ErrIsNil(ctx, e)
|
||||
menuIds := map[int64]int64{}
|
||||
for _, roleId := range roleIds {
|
||||
//查询当前权限
|
||||
gp := enforcer.GetFilteredPolicy(0, gconv.String(roleId))
|
||||
for _, p := range gp {
|
||||
mid := gconv.Int64(p[1])
|
||||
menuIds[mid] = mid
|
||||
menuIds.Append(gconv.Uint(p[1]))
|
||||
}
|
||||
}
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
func (s *sSysUser) GetAdminMenusByRoleIds(ctx context.Context, roleIds []uint) (menus []*model.UserMenus, err error) {
|
||||
//获取角色对应的菜单id
|
||||
err = g.Try(ctx, func(ctx context.Context) {
|
||||
var (
|
||||
menuArr *garray.Array
|
||||
menuIds = map[uint]uint{}
|
||||
)
|
||||
menuArr, err = s.GetAdminMenusIdsByRoleIds(ctx, roleIds)
|
||||
liberr.ErrIsNil(ctx, err)
|
||||
menuArr.Iterator(func(k int, v interface{}) bool {
|
||||
mp := gconv.Uint(v)
|
||||
menuIds[mp] = mp
|
||||
return true
|
||||
})
|
||||
//获取所有开启的菜单
|
||||
allMenus, err := service.SysAuthRule().GetIsMenuList(ctx)
|
||||
liberr.ErrIsNil(ctx, err)
|
||||
menus = make([]*model.UserMenus, 0, len(allMenus))
|
||||
for _, v := range allMenus {
|
||||
if _, ok := menuIds[gconv.Int64(v.Id)]; gstr.Equal(v.Condition, "nocheck") || ok {
|
||||
if _, ok := menuIds[v.Id]; gstr.Equal(v.Condition, "nocheck") || ok {
|
||||
var roleMenu *model.UserMenu
|
||||
roleMenu = s.setMenuData(roleMenu, v)
|
||||
menus = append(menus, &model.UserMenus{UserMenu: roleMenu})
|
||||
@ -442,6 +470,35 @@ func (s *sSysUser) getSearchDeptIds(ctx context.Context, deptId uint64) (deptIds
|
||||
return
|
||||
}
|
||||
|
||||
// 过滤用户可操作的角色
|
||||
func (s *sSysUser) filterRoleIds(ctx context.Context, roleIds []uint, userId uint64) (newRoleIds []uint, err error) {
|
||||
err = g.Try(ctx, func(ctx context.Context) {
|
||||
var (
|
||||
accessRoleList []uint
|
||||
roleList []*entity.SysRole
|
||||
)
|
||||
accessRoleList, err = service.SysUser().GetAdminRoleIds(ctx, userId)
|
||||
liberr.ErrIsNil(ctx, err)
|
||||
roleList, err = service.SysRole().GetRoleList(ctx)
|
||||
liberr.ErrIsNil(ctx, err)
|
||||
//自己创建的角色可以被授权
|
||||
for _, v := range roleList {
|
||||
if v.CreatedBy == userId {
|
||||
accessRoleList = append(accessRoleList, v.Id)
|
||||
}
|
||||
}
|
||||
for _, r := range roleIds {
|
||||
for _, a := range accessRoleList {
|
||||
if r == a {
|
||||
newRoleIds = append(newRoleIds, r)
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
func (s *sSysUser) Add(ctx context.Context, req *system.UserAddReq) (err error) {
|
||||
err = s.UserNameOrMobileExists(ctx, req.UserName, req.Mobile)
|
||||
if err != nil {
|
||||
@ -465,6 +522,8 @@ func (s *sSysUser) Add(ctx context.Context, req *system.UserAddReq) (err error)
|
||||
IsAdmin: req.IsAdmin,
|
||||
})
|
||||
liberr.ErrIsNil(ctx, e, "添加用户失败")
|
||||
req.RoleIds, err = s.filterRoleIds(ctx, req.RoleIds, service.Context().GetUserId(ctx))
|
||||
liberr.ErrIsNil(ctx, err)
|
||||
e = s.addUserRole(ctx, req.RoleIds, userId)
|
||||
liberr.ErrIsNil(ctx, e, "设置用户权限失败")
|
||||
e = s.AddUserPost(ctx, tx, req.PostIds, userId)
|
||||
@ -493,6 +552,8 @@ func (s *sSysUser) Edit(ctx context.Context, req *system.UserEditReq) (err error
|
||||
IsAdmin: req.IsAdmin,
|
||||
})
|
||||
liberr.ErrIsNil(ctx, err, "修改用户信息失败")
|
||||
req.RoleIds, err = s.filterRoleIds(ctx, req.RoleIds, service.Context().GetUserId(ctx))
|
||||
liberr.ErrIsNil(ctx, err)
|
||||
//设置用户所属角色信息
|
||||
err = s.EditUserRole(ctx, req.RoleIds, req.UserId)
|
||||
liberr.ErrIsNil(ctx, err, "设置用户权限失败")
|
||||
@ -528,7 +589,7 @@ func (s *sSysUser) AddUserPost(ctx context.Context, tx gdb.TX, postIds []int64,
|
||||
}
|
||||
|
||||
// AddUserRole 添加用户角色信息
|
||||
func (s *sSysUser) addUserRole(ctx context.Context, roleIds []int64, userId int64) (err error) {
|
||||
func (s *sSysUser) addUserRole(ctx context.Context, roleIds []uint, userId int64) (err error) {
|
||||
err = g.Try(ctx, func(ctx context.Context) {
|
||||
enforcer, e := commonService.CasbinEnforcer(ctx)
|
||||
liberr.ErrIsNil(ctx, e)
|
||||
@ -541,13 +602,14 @@ func (s *sSysUser) addUserRole(ctx context.Context, roleIds []int64, userId int6
|
||||
}
|
||||
|
||||
// EditUserRole 修改用户角色信息
|
||||
func (s *sSysUser) EditUserRole(ctx context.Context, roleIds []int64, userId int64) (err error) {
|
||||
func (s *sSysUser) EditUserRole(ctx context.Context, roleIds []uint, userId int64) (err error) {
|
||||
err = g.Try(ctx, func(ctx context.Context) {
|
||||
enforcer, e := commonService.CasbinEnforcer(ctx)
|
||||
liberr.ErrIsNil(ctx, e)
|
||||
|
||||
//删除用户旧角色信息
|
||||
enforcer.RemoveFilteredGroupingPolicy(0, fmt.Sprintf("%s%d", s.casBinUserPrefix, userId))
|
||||
_, err = enforcer.RemoveFilteredGroupingPolicy(0, fmt.Sprintf("%s%d", s.casBinUserPrefix, userId))
|
||||
liberr.ErrIsNil(ctx, err)
|
||||
for _, v := range roleIds {
|
||||
_, err = enforcer.AddGroupingPolicy(fmt.Sprintf("%s%d", s.casBinUserPrefix, userId), gconv.String(v))
|
||||
liberr.ErrIsNil(ctx, err)
|
||||
@ -770,14 +832,7 @@ func (s *sSysUser) HasAccessByDataWhere(ctx context.Context, where g.Map, uid in
|
||||
// AccessRule 判断用户是否有某一菜单规则权限
|
||||
func (s *sSysUser) AccessRule(ctx context.Context, userId uint64, rule string) bool {
|
||||
//获取无需验证权限的用户id
|
||||
tagSuperAdmin := false
|
||||
s.NotCheckAuthAdminIds(ctx).Iterator(func(v interface{}) bool {
|
||||
if gconv.Uint64(v) == userId {
|
||||
tagSuperAdmin = true
|
||||
return false
|
||||
}
|
||||
return true
|
||||
})
|
||||
tagSuperAdmin := s.IsSupperAdmin(ctx, userId)
|
||||
if tagSuperAdmin {
|
||||
return true
|
||||
}
|
||||
|
||||
@ -20,4 +20,5 @@ type SysRole struct {
|
||||
DataScope interface{} // 数据范围(1:全部数据权限 2:自定数据权限 3:本部门数据权限 4:本部门及以下数据权限)
|
||||
CreatedAt *gtime.Time // 创建时间
|
||||
UpdatedAt *gtime.Time // 更新时间
|
||||
CreatedBy interface{} //创建人
|
||||
}
|
||||
|
||||
@ -30,4 +30,5 @@ type ToolsGenTable struct {
|
||||
SortColumn interface{} // 排序字段名
|
||||
SortType interface{} // 排序方式 (asc顺序 desc倒序)
|
||||
ShowDetail interface{} // 是否有查看详情功能
|
||||
ExcelPort interface{} // 是否有导入导出excel功能
|
||||
}
|
||||
|
||||
@ -19,4 +19,5 @@ type SysRole struct {
|
||||
CreatedAt *gtime.Time `json:"createdAt" description:"创建时间"`
|
||||
UpdatedAt *gtime.Time `json:"updatedAt" description:"更新时间"`
|
||||
UserCnt uint `json:"userCnt" description:"用户数量"`
|
||||
CreatedBy uint64 `json:"createdBy" orm:"created_by" description:"创建人"`
|
||||
}
|
||||
|
||||
@ -28,4 +28,5 @@ type ToolsGenTable struct {
|
||||
SortColumn string `json:"sortColumn" description:"排序字段名"`
|
||||
SortType string `json:"sortType" description:"排序方式 (asc顺序 desc倒序)"`
|
||||
ShowDetail bool `json:"showDetail" description:"是否有查看详情功能"`
|
||||
ExcelPort bool `json:"excelPort" description:"是否有excel导入导出功能"`
|
||||
}
|
||||
|
||||
@ -43,7 +43,6 @@ type SysUserPostInfoRes struct {
|
||||
PostName string `json:"postName"`
|
||||
}
|
||||
|
||||
|
||||
type SysUserSimpleRes struct {
|
||||
gmeta.Meta `orm:"table:sys_user"`
|
||||
Id uint64 `orm:"id" json:"id"` //
|
||||
|
||||
@ -35,6 +35,7 @@ type ToolsGenTableEx struct {
|
||||
SortColumn string // 缺省排序字段
|
||||
SortType string // 缺省排序方式 (asc顺序 desc倒序)
|
||||
ShowDetail bool // 是否有查看详情功能
|
||||
ExcelPort bool // 是否有导入导出excel功能
|
||||
TreeCode string // 树编码字段
|
||||
TreeParentCode string // 树父编码字段
|
||||
TreeName string // 树名称字段
|
||||
|
||||
@ -7,6 +7,7 @@ package service
|
||||
|
||||
import (
|
||||
"context"
|
||||
"github.com/gogf/gf/v2/container/garray"
|
||||
|
||||
"github.com/gogf/gf/v2/container/gset"
|
||||
"github.com/gogf/gf/v2/database/gdb"
|
||||
@ -19,6 +20,7 @@ import (
|
||||
type (
|
||||
ISysUser interface {
|
||||
GetCasBinUserPrefix() string
|
||||
IsSupperAdmin(ctx context.Context, userId uint64) bool
|
||||
NotCheckAuthAdminIds(ctx context.Context) *gset.Set
|
||||
GetAdminUserByUsernamePassword(ctx context.Context, req *system.UserLoginReq) (user *model.LoginUserRes, err error)
|
||||
GetUserByUsername(ctx context.Context, userName string) (user *model.LoginUserRes, err error)
|
||||
@ -29,6 +31,7 @@ type (
|
||||
GetAdminRole(ctx context.Context, userId uint64, allRoleList []*entity.SysRole) (roles []*entity.SysRole, err error)
|
||||
GetAdminRoleIds(ctx context.Context, userId uint64) (roleIds []uint, err error)
|
||||
GetAllMenus(ctx context.Context) (menus []*model.UserMenus, err error)
|
||||
GetAdminMenusIdsByRoleIds(ctx context.Context, roleIds []uint) (menuIds *garray.Array, err error)
|
||||
GetAdminMenusByRoleIds(ctx context.Context, roleIds []uint) (menus []*model.UserMenus, err error)
|
||||
GetMenusTree(menus []*model.UserMenus, pid uint) []*model.UserMenus
|
||||
GetPermissions(ctx context.Context, roleIds []uint) (userButtons []string, err error)
|
||||
@ -37,7 +40,7 @@ type (
|
||||
Add(ctx context.Context, req *system.UserAddReq) (err error)
|
||||
Edit(ctx context.Context, req *system.UserEditReq) (err error)
|
||||
AddUserPost(ctx context.Context, tx gdb.TX, postIds []int64, userId int64) (err error)
|
||||
EditUserRole(ctx context.Context, roleIds []int64, userId int64) (err error)
|
||||
EditUserRole(ctx context.Context, roleIds []uint, userId int64) (err error)
|
||||
UserNameOrMobileExists(ctx context.Context, userName, mobile string, id ...int64) error
|
||||
GetEditUser(ctx context.Context, id uint64) (res *system.UserGetEditRes, err error)
|
||||
GetUserInfoById(ctx context.Context, id uint64, withPwd ...bool) (user *entity.SysUser, err error)
|
||||
|
||||
File diff suppressed because one or more lines are too long
Loading…
x
Reference in New Issue
Block a user