permission.go 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127
  1. package actions
  2. import (
  3. "errors"
  4. "github.com/gin-gonic/gin"
  5. log "gogs.baozhida.cn/zoie/OAuth-core/logger"
  6. "gogs.baozhida.cn/zoie/OAuth-core/pkg"
  7. "gogs.baozhida.cn/zoie/OAuth-core/pkg/jwtauth/user"
  8. "gogs.baozhida.cn/zoie/OAuth-core/pkg/response"
  9. "gogs.baozhida.cn/zoie/OAuth-core/sdk/config"
  10. "gorm.io/gorm"
  11. )
  12. type DataPermission struct {
  13. DataScope string
  14. UserType string
  15. UserId int
  16. DeptId int
  17. RoleId int
  18. }
  19. func PermissionAction() gin.HandlerFunc {
  20. return func(c *gin.Context) {
  21. ormDB, err := pkg.GetOrm(c)
  22. if err != nil {
  23. log.Error(err)
  24. return
  25. }
  26. msgID := pkg.GenerateMsgIDFromContext(c)
  27. var p = new(DataPermission)
  28. if userId := user.GetUserIdStr(c); userId != "" {
  29. p, err = newDataPermission(ormDB, userId)
  30. if err != nil {
  31. log.Errorf("MsgID[%s] PermissionAction error: %s", msgID, err)
  32. response.Error(c, 500, err, "权限范围鉴定错误")
  33. c.Abort()
  34. return
  35. }
  36. }
  37. c.Set(PermissionKey, p)
  38. c.Next()
  39. }
  40. }
  41. func newDataPermission(tx *gorm.DB, userId interface{}) (*DataPermission, error) {
  42. var err error
  43. p := &DataPermission{}
  44. //err = tx.Table("sys_user").
  45. // Select("sys_user.id as user_id", "sys_role.id as role_id", "sys_user.dept_id", "sys_role.data_scope").
  46. // Joins("left join sys_role on sys_role.id = sys_user.role_id").
  47. // Where("sys_user.id = ?", userId).
  48. // Scan(p).Error
  49. err = tx.Table("sys_user").
  50. Select("sys_user.id as user_id", "sys_user.dept_id", "sys_user.user_type").
  51. Where("sys_user.id = ?", userId).
  52. Scan(p).Error
  53. if err != nil {
  54. err = errors.New("获取用户数据出错 msg:" + err.Error())
  55. return nil, err
  56. }
  57. return p, nil
  58. }
  59. func UserPermission(tableName string, p *DataPermission) func(db *gorm.DB) *gorm.DB {
  60. return func(db *gorm.DB) *gorm.DB {
  61. if !config.ApplicationConfig.EnableDP {
  62. return db
  63. }
  64. if p == nil {
  65. return db
  66. }
  67. switch p.DataScope {
  68. //case "2":
  69. // return db.Where(tableName+".create_by in (select sys_user.id from sys_role_dept left join sys_user on sys_user.dept_id=sys_role_dept.dept_id where sys_role_dept.role_id = ?) id = ?", p.RoleId, p.UserId)
  70. case "3":
  71. return db.Where(tableName+".dept_id = ? ", p.DeptId)
  72. case "4":
  73. return db.Where(tableName+".create_by in (SELECT id from sys_user where sys_user.dept_id in(select id from sys_dept where dept_path like ? )) or id = ?", "%/"+pkg.IntToString(p.DeptId)+"/%", p.UserId)
  74. case "5":
  75. return db.Where(tableName+".id = ?", p.UserId)
  76. default:
  77. return db
  78. }
  79. }
  80. }
  81. func Permission(tableName string, p *DataPermission) func(db *gorm.DB) *gorm.DB {
  82. return func(db *gorm.DB) *gorm.DB {
  83. if !config.ApplicationConfig.EnableDP {
  84. return db
  85. }
  86. if p == nil {
  87. return db
  88. }
  89. switch p.DataScope {
  90. //case "2":
  91. // return db.Where(tableName+".create_by in (select sys_user.id from sys_role_dept left join sys_user on sys_user.dept_id=sys_role_dept.dept_id where sys_role_dept.role_id = ?)", p.RoleId)
  92. case "3":
  93. return db.Where(tableName+".dept_id = ?", p.DeptId)
  94. case "4":
  95. return db.Where(tableName+".create_by in (SELECT id from sys_user where sys_user.dept_id in (select id from sys_dept where dept_path like ? ))", "%/"+pkg.IntToString(p.DeptId)+"/%")
  96. case "5":
  97. return db.Where(tableName+".create_by = ?", p.UserId)
  98. default:
  99. return db
  100. }
  101. }
  102. }
  103. func getPermissionFromContext(c *gin.Context) *DataPermission {
  104. p := new(DataPermission)
  105. if pm, ok := c.Get(PermissionKey); ok {
  106. switch pm.(type) {
  107. case *DataPermission:
  108. p = pm.(*DataPermission)
  109. }
  110. }
  111. p.DataScope = "3"
  112. return p
  113. }
  114. // GetPermissionFromContext 提供非action写法数据范围约束
  115. func GetPermissionFromContext(c *gin.Context) *DataPermission {
  116. return getPermissionFromContext(c)
  117. }