feat：完善项目

2021-11-02 10:02:52 +08:00
parent 4734344985
commit 690cd96bed
72 changed files with 5516 additions and 8 deletions
--- a/app/controller/auth/base.go
+++ b/app/controller/auth/base.go
@ -0,0 +1,60 @@
+package auth
+
+import (
+	model2 "ArmedPolice/app/common/model"
+	"ArmedPolice/app/model"
+)
+
+type (
+	// Tree 权限信息
+	Tree struct {
+		*model2.SysAuth
+		KindTitle string  `json:"kind_title"`
+		Children  []*Tree `json:"children"`
+	}
+	// TreeRole 角色权限信息
+	TreeRole struct {
+		*model2.SysAuth
+		KindTitle string      `json:"kind_title"`
+		Checked   bool        `json:"checked"`
+		Children  []*TreeRole `json:"children"`
+	}
+	// TreeChecked 角色选中状态
+	TreeChecked struct {
+		*model2.SysAuth
+		Checked  bool           `json:"checked"`
+		Children []*TreeChecked `json:"children"`
+	}
+)
+
+// tree 树状筛选
+func tree(src []*model2.SysAuth, parentID uint64) []*Tree {
+	out := make([]*Tree, 0)
+
+	for _, v := range src {
+		if v.ParentID == parentID {
+			out = append(out, &Tree{
+				SysAuth:   v,
+				KindTitle: v.KindTitle(),
+				Children:  tree(src, v.ID),
+			})
+		}
+	}
+	return out
+}
+
+// TreeCheckedFunc 树状筛选
+func TreeCheckedFunc(src []*model.SysAuthScene, parentID uint64) []*TreeChecked {
+	out := make([]*TreeChecked, 0)
+
+	for _, v := range src {
+		if v.ParentID == parentID {
+			out = append(out, &TreeChecked{
+				SysAuth:  v.SysAuth,
+				Checked:  v.SceneID > 0,
+				Children: TreeCheckedFunc(src, v.ID),
+			})
+		}
+	}
+	return out
+}
--- a/app/controller/auth/instance.go
+++ b/app/controller/auth/instance.go
@ -0,0 +1,34 @@
+package auth
+
+import (
+	model2 "ArmedPolice/app/common/model"
+	"ArmedPolice/app/controller"
+	"ArmedPolice/app/model"
+	"ArmedPolice/app/service"
+)
+
+type Instance struct{ *controller.Platform }
+
+type InstanceHandle func(session *service.Session) *Instance
+
+// List 列表信息
+func (c *Instance) List() ([]*Tree, error) {
+	mSysAuth := model.NewSysAuth()
+
+	where := []*model2.ModelWhereOrder{
+		&model2.ModelWhereOrder{Order: model2.NewOrder("parent_id", model2.OrderModeToAsc)},
+		&model2.ModelWhereOrder{Order: model2.NewOrder("sort", model2.OrderModeToDesc)},
+	}
+	out := make([]*model2.SysAuth, 0)
+
+	if err := model2.Scan(mSysAuth, &out, where...); err != nil {
+		return nil, err
+	}
+	return tree(out, 0), nil
+}
+
+func NewInstance() InstanceHandle {
+	return func(session *service.Session) *Instance {
+		return &Instance{Platform: &controller.Platform{Session: session}}
+	}
+}
--- a/app/controller/auth/role.go
+++ b/app/controller/auth/role.go
@ -0,0 +1,87 @@
+package auth
+
+import (
+	model2 "ArmedPolice/app/common/model"
+	"ArmedPolice/app/controller"
+	"ArmedPolice/app/model"
+	"ArmedPolice/app/service"
+	"ArmedPolice/serve/logger"
+	"ArmedPolice/serve/orm"
+	"ArmedPolice/utils"
+
+	"gorm.io/gorm"
+)
+
+type Role struct{ *controller.Platform }
+
+type RoleHandle func(session *service.Session) *Role
+
+// List 角色权限列表
+func (c *Role) List(roleID uint64) ([]*TreeChecked, error) {
+	mSysAuth := model.NewSysAuth()
+
+	out, err := mSysAuth.RoleAuth(c.TenantID, roleID)
+
+	if err != nil {
+		return nil, err
+	}
+	return TreeCheckedFunc(out, 0), nil
+}
+
+// Bind 角色权限绑定
+func (c *Role) Bind(roleID uint64, authIDs []uint64) error {
+	return orm.GetDB().Transaction(func(tx *gorm.DB) error {
+		mSysRoleAuth := model.NewSysRoleAuth()
+
+		err := model2.DeleteWhere(mSysRoleAuth.SysRoleAuth, []*model2.ModelWhere{model2.NewWhere("role_id", roleID)}, tx)
+
+		if err != nil {
+			return err
+		}
+		// 查询权限信息
+		mSysAuth := model.NewSysAuth()
+
+		auths := make([]*model2.SysAuth, 0)
+
+		if err = model2.Find(mSysAuth.SysAuth, &auths, &model2.ModelWhereOrder{Where: model2.NewWhereIn("id", authIDs)}); err != nil {
+			return err
+		}
+		authRequests := make([]*service.AuthRequest, 0)
+
+		roles := make([]*model2.SysRoleAuth, 0)
+
+		for _, v := range auths {
+			roles = append(roles, &model2.SysRoleAuth{
+				ModelTenant: model2.ModelTenant{TenantID: c.TenantID}, RoleID: roleID, AuthID: v.ID,
+			})
+			if v.Auth == "" {
+				continue
+			}
+			authRequests = append(authRequests, &service.AuthRequest{Url: v.Auth, Method: "*"})
+		}
+		if err = model2.Creates(mSysRoleAuth.SysRoleAuth, roles, tx); err != nil {
+			return err
+		}
+		go utils.TryCatch(func() {
+			permission := service.NewPermission([]string{utils.UintToString(roleID)}, authRequests...)(c.TenantKey, "")
+			// 删除角色权限
+			if _, err = permission.RemoveRolePolicy(); err != nil {
+				logger.ErrorF("删除角色【%d】规则信息错误：%v", roleID, err)
+				return
+			}
+			if len(authRequests) > 0 {
+				if _, err = permission.AddPolicies(); err != nil {
+					logger.ErrorF("创建角色【%d】规则信息错误：%v", roleID, err)
+					return
+				}
+			}
+		})
+		return nil
+	})
+}
+
+func NewRole() RoleHandle {
+	return func(session *service.Session) *Role {
+		return &Role{Platform: &controller.Platform{Session: session}}
+	}
+}
--- a/app/controller/auth/tenant.go
+++ b/app/controller/auth/tenant.go
@ -0,0 +1,107 @@
+package auth
+
+import (
+	model2 "ArmedPolice/app/common/model"
+	"ArmedPolice/app/controller"
+	"ArmedPolice/app/model"
+	"ArmedPolice/app/service"
+	"ArmedPolice/serve/logger"
+	"ArmedPolice/serve/orm"
+	"ArmedPolice/utils"
+	"errors"
+
+	"gorm.io/gorm"
+)
+
+type Tenant struct{ *controller.Platform }
+
+type TenantHandle func(session *service.Session) *Tenant
+
+// delete 删除所有权限
+func (c *Tenant) delete(tenantID uint64, tenantKey string, tx *gorm.DB) error {
+	mSysRoleAuth := model.NewSysRoleAuth()
+
+	err := model2.DeleteWhere(mSysRoleAuth.SysRoleAuth, []*model2.ModelWhere{model2.NewWhere("tenant_id", tenantID)}, tx)
+
+	if err != nil {
+		return err
+	}
+	go utils.TryCatch(func() {
+		permission := service.NewPermission(nil)(tenantKey, "")
+
+		if succ, err := permission.RemoveFilteredGroupingPolicy(); err != nil {
+			logger.ErrorF("删除租户【%s】权限信息错误：%v", tenantKey, err)
+		} else if !succ {
+			logger.ErrorF("删除租户【%s】权限信息失败", tenantKey)
+		}
+	})
+	return nil
+}
+
+// revoke 撤销某些权限
+func (c *Tenant) revoke(tenantID uint64, tenantKey string, authIDs []uint64, tx *gorm.DB) error {
+	// 查询该租户下不含有的权限信息
+	mSysRuleAuth := model.NewSysRoleAuth()
+
+	out, err := mSysRuleAuth.Auths(model2.NewWhere("r.tenant_id", tenantID), model2.NewWhereNotIn("r_a.auth_id", authIDs))
+
+	if err != nil {
+		return err
+	}
+	if len(out) <= 0 {
+		return nil
+	}
+	roleAuthIDs := make([]uint64, 0)
+	roleIDs := make([]string, 0)
+	auths := make([]*service.AuthRequest, 0)
+
+	for _, v := range out {
+		roleAuthIDs = append(roleAuthIDs, v.ID)
+		roleIDs = append(roleIDs, utils.UintToString(v.RoleID))
+		auths = append(auths, &service.AuthRequest{Url: v.Auth, Method: "*"})
+	}
+	if err = model2.DeleteWhere(mSysRuleAuth.SysRoleAuth, []*model2.ModelWhere{model2.NewWhereIn("id", roleAuthIDs)}); err != nil {
+		return err
+	}
+	go utils.TryCatch(func() {
+		permission := service.NewPermission(roleIDs, auths...)(c.TenantKey, "")
+		// 删除角色权限
+		if _, err = permission.RemoveNamedGroupingPolicies(); err != nil {
+			logger.ErrorF("删除租户【%s】下角色权限错误：%v", tenantKey, err)
+			return
+		}
+	})
+	return nil
+}
+
+// Bind 绑定权限
+func (c *Tenant) Bind(tenantID uint64, authIDs []uint64) error {
+	mSysTenant := model.NewSysTenant()
+	mSysTenant.ID = tenantID
+
+	isExist, err := model2.FirstField(mSysTenant.SysTenant, []string{"id", "key"})
+
+	if err != nil {
+		return err
+	} else if !isExist {
+		return errors.New("租户/公司信息不存在或已被删除")
+	}
+	return orm.GetDB().Transaction(func(tx *gorm.DB) error {
+		mSysTenantAuth := model.NewSysTenantAuth()
+
+		if err = model2.DeleteWhere(mSysTenantAuth.SysTenantAuth, []*model2.ModelWhere{model2.NewWhere("tenant_id", mSysTenant.ID)}, tx); err != nil {
+			return err
+		}
+		if len(authIDs) <= 0 {
+			// 删除租户下所有角色的权限
+			return c.delete(mSysTenant.ID, mSysTenant.Key, tx)
+		}
+		return c.revoke(mSysTenant.ID, mSysTenant.Key, authIDs, tx)
+	})
+}
+
+func NewTenant() TenantHandle {
+	return func(session *service.Session) *Tenant {
+		return &Tenant{Platform: &controller.Platform{Session: session}}
+	}
+}