package service import ( "Medical_OAuth/common/actions" cDto "Medical_OAuth/common/dto" "Medical_OAuth/common/global" "Medical_OAuth/conf" "encoding/json" "errors" "fmt" "github.com/casbin/casbin/v2" "github.com/go-resty/resty/v2" "gogs.baozhida.cn/zoie/OAuth-core/pkg" "gogs.baozhida.cn/zoie/OAuth-core/pkg/utils" "gogs.baozhida.cn/zoie/OAuth-core/service" "strconv" "strings" "Medical_OAuth/app/admin/model" "Medical_OAuth/app/admin/service/dto" "gorm.io/gorm" ) type SysRole struct { service.Service } // GetPage 获取SysRole列表 func (e *SysRole) GetPage(c *dto.SysRoleGetPageReq, list *[]model.SysRole, count *int64, p *actions.DataPermission) error { var err error var data model.SysRole err = e.Orm.Model(&data). Scopes( cDto.MakeCondition(c.GetNeedSearch()), cDto.Paginate(c.GetPageSize(), c.GetPageIndex()), actions.Permission(data.TableName(), p), ). Find(list).Limit(-1).Offset(-1). Count(count).Error if err != nil { e.Log.Errorf("db error: %s", err) return global.GetFailedErr } return nil } // Get 获取SysRole对象 func (e *SysRole) Get(d *dto.SysRoleGetReq, roleModel *model.SysRole, p *actions.DataPermission) error { err := e.Orm. Scopes(actions.Permission(roleModel.TableName(), p)). First(roleModel, d.GetId()).Error if err != nil { e.Log.Errorf("db error: %s", err) if errors.Is(err, gorm.ErrRecordNotFound) { return global.GetNotFoundOrNoPermissionErr } return global.GetFailedErr } //roleModel.MenuIds, err = e.GetRoleMenuId(roleModel.Id) if err != nil { e.Log.Errorf("get menuIds error, %s", err) return global.GetFailedErr } return nil } // Insert 创建SysRole对象 func (e *SysRole) Insert(c *dto.SysRoleInsertReq) error { var err error var data model.SysRole tx := e.Orm.Begin() defer func() { if err != nil { tx.Rollback() } else { tx.Commit() } }() var roleKey string for { var count int64 roleKey = utils.GetRandString(8, "", 0) var i int64 err = tx.Model(&data).Where("role_key = ?", roleKey).Count(&count).Error if err != nil { continue } if i == 0 { break } } c.Generate(&data) data.RoleKey = roleKey err = tx.Create(&data).Error if err != nil { e.Log.Errorf("db error: %s", err) return global.CreateFailedErr } c.Id = data.Id return nil } // Update 修改SysRole对象 func (e *SysRole) Update(c *dto.SysRoleUpdateReq, p *actions.DataPermission) error { var err error tx := e.Orm.Begin() defer func() { if err != nil { tx.Rollback() } else { tx.Commit() } }() var roleModel = model.SysRole{} // 查询角色是否存在 err = e.Orm.Scopes(actions.Permission(roleModel.TableName(), p)). First(&roleModel, c.GetId()).Error if err != nil { e.Log.Errorf("db error: %s", err) if errors.Is(err, gorm.ErrRecordNotFound) { return global.UpdateNotFoundOrNoPermissionErr } return global.UpdateFailedErr } c.Generate(&roleModel) err = tx.Save(&roleModel).Error if err != nil { e.Log.Errorf("db error: %s", err) return global.UpdateFailedErr } c.Id = roleModel.Id return nil } // Remove 删除SysRole func (e *SysRole) Remove(c *dto.SysRoleDeleteReq, p *actions.DataPermission, cb *casbin.SyncedEnforcer) error { var err error tx := e.Orm.Begin() defer func() { if err != nil { tx.Rollback() } else { tx.Commit() } }() var userList = make([]model.SysUser, 0) var roleModel model.SysRole err = e.Orm.Where("role_id = ?", c.Id).Find(&userList).Error if err != nil { e.Log.Errorf("db error: %s", err) return global.DeleteFailedErr } // 统计与用户关联的角色名 if len(userList) > 0 { var roleNameStr string for i := 0; i < len(userList); i++ { roleNameStr += fmt.Sprintf(" %s,", userList[i].Username) } if !pkg.IsEmptyStr(roleNameStr) { // eg: role1,role2有用户关联,禁止删除! return errors.New(strings.TrimRight(roleNameStr, ",") + "有用户关联,禁止删除!") } } // 查询角色是否存在 err = e.Orm.Scopes(actions.Permission(roleModel.TableName(), p)). First(&roleModel, c.GetId()).Error if err != nil { e.Log.Errorf("db error: %s", err) if errors.Is(err, gorm.ErrRecordNotFound) { return global.DeleteNotFoundOrNoPermissionErr } return global.DeleteFailedErr } db := tx.Delete(&roleModel) if err = db.Error; err != nil { e.Log.Errorf("db error: %s", err) return global.DeleteFailedErr } if db.RowsAffected == 0 { return global.DeleteNotFoundOrNoPermissionErr } // 删除之前的角色关联的api var roleApi model.ServRoleApi err = tx.Where("role_key = ?", roleModel.RoleKey).Delete(&roleApi).Error if err != nil { return global.UpdateFailedErr } // 删除之前的角色关联的菜单 var roleMenu model.SysRoleMenu err = tx.Where("role_key = ?", roleModel.RoleKey).Delete(&roleMenu).Error if err != nil { return global.UpdateFailedErr } // 清除 sys_casbin_rule 权限表里 当前角色的所有记录 _, _ = cb.RemoveFilteredPolicy(0, roleModel.RoleKey) return nil } // GetRoleMenuId 获取角色对应的菜单ids func (e *SysRole) GetRoleMenuId(roleId int) ([]int, error) { var err error var roleModel model.SysRole var menuIds []int err = e.Orm.Where("id = ?", roleId).First(&roleModel).Error if err != nil { return []int{}, global.GetFailedErr } err = e.Orm.Model(&model.SysRoleMenu{}).Select("menu_id").Where("role_key = ? ", roleModel.RoleKey).Scan(&menuIds).Error if err != nil { return []int{}, global.GetFailedErr } return menuIds, nil } // GetWithName 获取SysRole对象 func (e *SysRole) GetWithName(d *dto.SysRoleByName, roleModel *model.SysRole) *SysRole { err := e.Orm.Where("name = ?", d.RoleName).First(roleModel).Error if err != nil { e.Log.Errorf("db error: %s", err) if errors.Is(err, gorm.ErrRecordNotFound) { err = global.GetNotFoundOrNoPermissionErr } else { err = global.GetFailedErr } _ = e.AddError(err) return e } //roleModel.MenuIds, err = e.GetRoleMenuId(roleModel.Id) if err != nil { e.Log.Errorf("get menuIds error, %s", err.Error()) _ = e.AddError(global.GetFailedErr) return e } return e } // GetById 获取SysRole对象 func (e *SysRole) GetById(roleId int) ([]string, error) { permissions := make([]string, 0) roleModel := model.SysRole{} roleModel.Id = roleId err := e.Orm.Model(&roleModel).First(&roleModel).Error if err != nil { e.Log.Errorf("db error: %s", err) if errors.Is(err, gorm.ErrRecordNotFound) { err = global.GetNotFoundOrNoPermissionErr } else { err = global.GetFailedErr } return nil, err } //l := *roleModel.SysMenu //for i := 0; i < len(l); i++ { // permissions = append(permissions, l[i].Permission) //} return permissions, nil } func (e *SysRole) SaveRoleApiCache(roleKey string, serviceId int, apiList []model.ServApi) { key := "role_api-" + roleKey + strconv.Itoa(serviceId) s, err := json.Marshal(apiList) err = e.Cache.Set(key, s, 24*60*60) if err != nil { e.Log.Errorf("save apiIds error to redis, %s", err) } } func (e *SysRole) GetRoleApiCache(roleKey string, serviceId int, apiList *[]model.ServApi) (err error) { key := "role_api-" + roleKey + strconv.Itoa(serviceId) s, err := e.Cache.Get(key) if err != nil { return err } err = json.Unmarshal([]byte(s), &apiList) return err } // UpdateRoleApi func (e *SysRole) UpdateRoleApi(d *dto.SysRoleUpdateRoleApiReq, cb *casbin.SyncedEnforcer) error { var err error tx := e.Orm.Begin() defer func() { if err != nil { tx.Rollback() } else { tx.Commit() } }() var roleModel model.SysRole err = e.Orm.Where("id = ?", d.GetId()).First(&roleModel).Error if err != nil { return global.GetFailedErr } var serviceModel model.SysService err = e.Orm.Where("id = ?", d.ServiceId).First(&serviceModel).Error if err != nil { return global.GetFailedErr } var apiList []model.ServApi err = e.Orm.Where("service_id = ? and id in (?)", d.ServiceId, d.ApiIds).Find(&apiList).Error if err != nil { return global.GetFailedErr } if len(apiList) == 0 { return errors.New("api接口不存在!") } // 发送api权限回调 if serviceModel.No != conf.ExtConfig.Service.Number { // 调用回调地址 client := resty.New() resp, err := client.R(). SetHeader("Content-Type", "application/json"). SetHeader("AuthCode", serviceModel.AuthCode). SetBody(map[string]interface{}{ "roleKey": roleModel.RoleKey, "apiList": apiList, }). Post(serviceModel.Host + serviceModel.RoleApiUrl) if err != nil { return err } if resp.RawResponse.StatusCode != 200 { return errors.New("请求服务角色授权接口失败!") } } // 删除之前的角色关联的api var roleApi model.ServRoleApi err = tx.Where("role_key = ?", roleModel.RoleKey).Delete(&roleApi).Error if err != nil { return global.UpdateFailedErr } var roleApiList []model.ServRoleApi // 添加新增的角色关联的api for _, v := range apiList { roleApiObj := model.ServRoleApi{ ServiceId: serviceModel.Id, RoleKey: roleModel.RoleKey, ApiId: v.Id, } roleApiObj.SetCreateBy(d.CreateBy) roleApiList = append(roleApiList, roleApiObj) } err = tx.Save(&roleApiList).Error if err != nil { e.Log.Errorf("save apiIds error, %s", err) return global.UpdateFailedErr } e.SaveRoleApiCache(roleModel.RoleKey, serviceModel.Id, apiList) polices := make([][]string, 0) for _, api := range apiList { sub, dom, obj, act := FormatRoutePolicyForRole(roleModel.RoleKey, &api) polices = append(polices, []string{sub, dom, obj, act}) } // 清除 sys_casbin_rule 权限表里 当前角色的所有记录 _, err = cb.RemoveFilteredPolicy(0, roleModel.RoleKey) _, err = cb.AddNamedPolicies("p", polices) if err != nil { return err } return nil } // GetRoleApiList func (e *SysRole) GetRoleApiList(d *dto.SysRoleGetRoleApiListReq, apiIds *[]int, apiList *[]model.ServApi) error { var err error var roleModel model.SysRole err = e.Orm.Where("id = ?", d.GetId()).First(&roleModel).Error if err != nil { return global.GetFailedErr } var serviceModel model.SysService err = e.Orm.Where("id = ?", d.ServiceId).First(&serviceModel).Error if err != nil { return global.GetFailedErr } e.Orm.Model(&model.ServRoleApi{}).Select("api_id").Where("role_key = ? and service_id = ?", roleModel.RoleKey, serviceModel.Id).Scan(apiIds) // 从redis获取角色对应的api列表 err = e.GetRoleApiCache(roleModel.RoleKey, serviceModel.Id, apiList) if err == nil { return nil } err = e.Orm.Where("id in (?)", *apiIds).Find(&apiList).Error if err != nil { e.Log.Errorf("get apiIds error, %s", err) return global.GetFailedErr } e.SaveRoleApiCache(roleModel.RoleKey, serviceModel.Id, *apiList) return nil } func FormatRoutePolicyForRole(roleKey string, servApi *model.ServApi) (sub, dom, obj, act string) { sub = fmt.Sprintf("role:%s", roleKey) // 希望访问资源的角色 dom = fmt.Sprintf("service:%d:api", servApi.ServiceId) // 域/域租户,这里以资源为单位 obj = servApi.Path // 要访问的资源 act = servApi.Action // 用户对资源执行的操作 return } func FormatRoutePolicyForScope(roleKey string, servApi *model.ServApi) (sub, dom, obj, act string) { sub = fmt.Sprintf("scope:%s", roleKey) // 希望访问资源的范围 dom = fmt.Sprintf("service:%d:api", servApi.ServiceId) // 域/域租户,这里以资源为单位 obj = servApi.Path // 要访问的资源 act = servApi.Action // 用户对资源执行的操作 return } // UpdateRoleMenu 修改角色绑定的菜单 func (e *SysRole) UpdateRoleMenu(d *dto.SysRoleUpdateRoleMenuReq) error { var err error tx := e.Orm.Begin() defer func() { if err != nil { tx.Rollback() } else { tx.Commit() } }() var roleModel model.SysRole err = e.Orm.Where("id = ?", d.GetId()).First(&roleModel).Error if err != nil { return global.GetFailedErr } var menuList []model.SysMenu err = e.Orm.Where("id in (?)", d.MenuIds).Find(&menuList).Error if err != nil { return global.GetFailedErr } if len(menuList) == 0 { return errors.New("菜单不存在!") } // 删除之前的角色关联的菜单 var roleMenu model.SysRoleMenu err = tx.Where("role_key = ?", roleModel.RoleKey).Delete(&roleMenu).Error if err != nil { return global.UpdateFailedErr } var roleMenuList []model.SysRoleMenu // 添加角色关联的菜单 for _, v := range menuList { roleMenuObj := model.SysRoleMenu{ RoleKey: roleModel.RoleKey, MenuId: v.Id, } roleMenuObj.SetCreateBy(d.CreateBy) roleMenuList = append(roleMenuList, roleMenuObj) } err = tx.Save(&roleMenuList).Error if err != nil { e.Log.Errorf("save menuIds error, %s", err) return global.UpdateFailedErr } return nil }