|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184 |
- package svc
-
- import (
- "applet/app/md"
- "applet/app/utils"
- "applet/app/utils/cache"
- db "code.fnuoos.com/zhimeng/model.git/src"
- "code.fnuoos.com/zhimeng/model.git/src/super/implement"
- "code.fnuoos.com/zhimeng/model.git/src/super/model"
- "encoding/json"
- "errors"
- "github.com/gin-gonic/gin"
- "regexp"
- "strings"
- "time"
- )
-
- func CheckUserRole(c *gin.Context, cacheKey, uri string, admId int) (isHasPermission bool, err error) {
- uri = utils.UriFilterExcludeQueryString(uri) //去除uri中?后的query参数
- isHasPermission = false
- var rolePermission []string
- var rolePermissionString string
- rolePermissionString, _ = cache.GetString(cacheKey)
-
- //TODO::判断是否在白名单中
- if utils.InArr(uri, md.WhiteUri) {
- isHasPermission = true
- return
- }
-
- if rolePermissionString != "" {
- //if false {
- if err = json.Unmarshal([]byte(rolePermissionString), &rolePermission); err != nil {
- return
- }
- } else {
- adminDb := implement.NewAdminDb(db.Db)
- list, _, err1 := adminDb.GetAdminRolePermission(admId)
- if err1 != nil {
- return isHasPermission, err1
- }
- for _, v := range list {
- rolePermission = append(rolePermission, v.Permission.Action)
- }
- marshal, err1 := json.Marshal(rolePermission)
- if err1 != nil {
- return isHasPermission, err1
- }
- rolePermissionString = string(marshal)
- _, err = cache.SetEx(cacheKey, rolePermissionString, md.AdminRolePermissionCacheTime)
- }
-
- if utils.InArr(uri, rolePermission) {
- isHasPermission = true
- } else {
- //正则匹配占位符情况
- compileRegex := regexp.MustCompile("[0-9]+")
- matchArr := compileRegex.FindAllString(uri, -1)
- if len(matchArr) > 0 {
- uri = strings.Replace(uri, matchArr[len(matchArr)-1], ":id", 1)
- if utils.InArr(uri, rolePermission) {
- isHasPermission = true
- }
- }
- }
- return
- }
-
- func DeleteRole(c *gin.Context, roleId int) (err error) {
- session := db.Db.NewSession()
- defer session.Close()
- session.Begin()
-
- //1、删除 `role`
- roleDb := implement.NewRoleDb(db.Db, roleId)
- _, err = roleDb.RoleDeleteBySession(session, roleId)
- if err != nil {
- _ = session.Rollback()
- return
- }
-
- //2、删除 `role_permission_group`
- rolePermissionGroupDb := implement.NewRolePermissionGroupDb(db.Db)
- _, err = rolePermissionGroupDb.RolePermissionGroupDeleteForRoleBySession(session, roleId)
- if err != nil {
- _ = session.Rollback()
- return
- }
-
- //3、删除 `admin_role`
- adminRoleDb := implement.NewAdminRoleDb(db.Db)
- _, err = adminRoleDb.AdminRoleDeleteForRoleBySession(session, roleId)
- if err != nil {
- _ = session.Rollback()
- return
- }
-
- return session.Commit()
- }
-
- func RoleBindPermissionGroup(c *gin.Context, req md.RoleBindPermissionGroupReq) (err error) {
- session := db.Db.NewSession()
- defer session.Close()
- session.Begin()
- //1、查询 `role`
- roleDb := implement.NewRoleDb(db.Db, req.RoleId)
- role, err := roleDb.GetRole()
- if err != nil {
- return
- }
- if role == nil {
- return errors.New("未查询到相应记录")
- }
-
- //1、删除 `role_permission_group`
- rolePermissionGroupDb := implement.NewRolePermissionGroupDb(db.Db)
- _, err = rolePermissionGroupDb.RolePermissionGroupDeleteForRoleBySession(session, req.RoleId)
- if err != nil {
- _ = session.Rollback()
- return
- }
-
- //2、新增 `role_permission_group``
- var mm []*model.RolePermissionGroup
- now := time.Now()
- for _, v := range req.PermissionIds {
- mm = append(mm, &model.RolePermissionGroup{
- RoleId: role.Id,
- GroupId: v,
- CreateAt: now.Format("2006-01-02 15:04:05"),
- UpdateAt: now.Format("2006-01-02 15:04:05"),
- })
- }
- _, err = rolePermissionGroupDb.BatchAddRolePermissionGroupBySession(session, mm)
- if err != nil {
- _ = session.Rollback()
- return
- }
-
- return session.Commit()
- }
-
- func BindAdminRole(c *gin.Context, req md.BindAdminRoleReq) (err error) {
- session := db.Db.NewSession()
- defer session.Close()
- session.Begin()
- //1、查询 `role`
- adminDb := implement.NewAdminDb(db.Db)
- role, err := adminDb.GetAdmin(req.AdmId)
- if err != nil {
- return
- }
- if role == nil {
- return errors.New("未查询到相应记录")
- }
-
- //1、删除 `admin_role`
- adminRoleDb := implement.NewAdminRoleDb(db.Db)
- _, err = adminRoleDb.AdminRoleDeleteBySession(session, req.AdmId)
- if err != nil {
- _ = session.Rollback()
- return
- }
-
- //2、新增 `删除 `admin_role``
- var mm []*model.AdminRole
- now := time.Now()
- for _, v := range req.RoleIds {
- mm = append(mm, &model.AdminRole{
- AdmId: req.AdmId,
- RoleId: v,
- State: 1,
- CreateAt: now.Format("2006-01-02 15:04:05"),
- UpdateAt: now.Format("2006-01-02 15:04:05"),
- })
- }
- _, err = adminRoleDb.BatchAddAdminRoleBySession(session, mm)
- if err != nil {
- _ = session.Rollback()
- return
- }
-
- return session.Commit()
- }
|