Medical_OAuth/common/actions/permission.go

package actions

import (
	"Medical_OAuth/app/admin/model"
	"errors"
	"github.com/gin-gonic/gin"
	"gogs.baozhida.cn/zoie/OAuth-core/sdk"
	"gorm.io/gorm"
	"strconv"

	log "gogs.baozhida.cn/zoie/OAuth-core/logger"
	"gogs.baozhida.cn/zoie/OAuth-core/pkg"
	"gogs.baozhida.cn/zoie/OAuth-core/pkg/jwtauth/user"
	"gogs.baozhida.cn/zoie/OAuth-core/pkg/response"
	"gogs.baozhida.cn/zoie/OAuth-core/sdk/config"
)

type DataPermission struct {
	DataScope string
	UserId    int
	DeptId    int
	RoleId    int
}

func PermissionAction() gin.HandlerFunc {
	return func(c *gin.Context) {
		ormDB, err := pkg.GetOrm(c)
		if err != nil {
			log.Error(err)
			return
		}

		msgID := pkg.GenerateMsgIDFromContext(c)
		var p = new(DataPermission)
		if userId := user.GetUserIdStr(c); userId != "" {
			p, err = newDataPermission(ormDB, userId)
			if err != nil {
				log.Errorf("MsgID[%s] PermissionAction error: %s", msgID, err)
				response.Error(c, 500, err, "权限范围鉴定错误")
				c.Abort()
				return
			}
		}
		c.Set(PermissionKey, p)
		c.Next()
	}
}

func newDataPermission(tx *gorm.DB, userId interface{}) (*DataPermission, error) {
	var err error
	p := &DataPermission{}

	err = tx.Table("sys_user").
		Select("sys_user.id as user_id", "sys_role.id as role_id", "sys_user.dept_id", "sys_role.data_scope").
		Joins("left join sys_role on sys_role.id = sys_user.role_id").
		Where("sys_user.id = ?", userId).
		Scan(p).Error
	if err != nil {
		err = errors.New("获取用户数据出错 msg:" + err.Error())
		return nil, err
	}
	return p, nil
}

func UserPermission(tableName string, p *DataPermission) func(db *gorm.DB) *gorm.DB {
	return func(db *gorm.DB) *gorm.DB {
		if !config.ApplicationConfig.EnableDP {
			return db
		}
		if p == nil {
			return db
		}
		switch p.DataScope {
		//case "2":
		//	return db.Where(tableName+".create_by in (select sys_user.id from sys_role_dept left join sys_user on sys_user.dept_id=sys_role_dept.dept_id where sys_role_dept.role_id = ?) id = ?", p.RoleId, p.UserId)
		case "3":
			return db.Where(tableName+".dept_id = ? ", p.DeptId)
		case "4":
			return db.Where(tableName+".create_by in (SELECT id from sys_user where sys_user.dept_id in(select id from sys_dept where dept_path like ? )) or id = ?", "%/"+pkg.IntToString(p.DeptId)+"/%", p.UserId)
		case "5":
			return db.Where(tableName+".id = ?", p.UserId)
		default:
			return db
		}
	}
}

func Permission(tableName string, p *DataPermission) func(db *gorm.DB) *gorm.DB {
	return func(db *gorm.DB) *gorm.DB {
		if !config.ApplicationConfig.EnableDP {
			return db
		}
		if p == nil {
			return db
		}
		switch p.DataScope {
		//case "2":
		//	return db.Where(tableName+".create_by in (select sys_user.id from sys_role_dept left join sys_user on sys_user.dept_id=sys_role_dept.dept_id where sys_role_dept.role_id = ?)", p.RoleId)
		case "3":
			return db.Where(tableName+".create_by in (SELECT id from sys_user where dept_id = ? )", p.DeptId)
		case "4":
			return db.Where(tableName+".create_by in (SELECT id from sys_user where sys_user.dept_id in (select id from sys_dept where dept_path like ? ))", "%/"+pkg.IntToString(p.DeptId)+"/%")
		case "5":
			return db.Where(tableName+".create_by = ?", p.UserId)
		default:
			return db
		}
	}
}

func getPermissionFromContext(c *gin.Context) *DataPermission {
	p := new(DataPermission)
	if pm, ok := c.Get(PermissionKey); ok {
		switch pm.(type) {
		case *DataPermission:
			p = pm.(*DataPermission)
		}
	}
	if deptIdStr, err := sdk.Runtime.GetCacheAdapter().Get(model.GetEnterDeptCacheKey(c)); err == nil {
		p.DeptId, _ = strconv.Atoi(deptIdStr)
	}
	return p
}

// GetPermissionFromContext 提供非action写法数据范围约束
func GetPermissionFromContext(c *gin.Context) *DataPermission {
	return getPermissionFromContext(c)
}