2021-09-28 11:47:19 +08:00
|
|
|
package tenant
|
|
|
|
|
|
|
|
|
|
import (
|
2022-01-07 17:24:39 +08:00
|
|
|
"SciencesServer/app/api/admin/controller/auth"
|
|
|
|
|
"SciencesServer/app/api/admin/model"
|
2021-09-28 11:47:19 +08:00
|
|
|
model2 "SciencesServer/app/common/model"
|
|
|
|
|
"SciencesServer/app/service"
|
2022-01-06 22:02:09 +08:00
|
|
|
"SciencesServer/app/session"
|
2021-09-28 11:47:19 +08:00
|
|
|
"SciencesServer/serve/orm"
|
2022-01-07 17:24:39 +08:00
|
|
|
"fmt"
|
2021-09-28 11:47:19 +08:00
|
|
|
|
|
|
|
|
"gorm.io/gorm"
|
|
|
|
|
)
|
|
|
|
|
|
2022-01-06 22:02:09 +08:00
|
|
|
type Auth struct{ *session.Admin }
|
2021-09-28 11:47:19 +08:00
|
|
|
|
2022-01-06 22:02:09 +08:00
|
|
|
type AuthHandle func(session *session.Admin) *Auth
|
2021-09-28 11:47:19 +08:00
|
|
|
|
2022-01-07 17:24:39 +08:00
|
|
|
func (c *Auth) revoke(tenantID string, roleIDs []string, request []*service.AuthRequest) error {
|
|
|
|
|
permission := service.NewPermission(
|
|
|
|
|
service.WithAuthTenant(tenantID),
|
|
|
|
|
service.WithAuthRoles(roleIDs),
|
|
|
|
|
service.WithAuthRequest(request),
|
|
|
|
|
)
|
|
|
|
|
_, err := permission.RemoveRolePolicies()
|
|
|
|
|
return err
|
2021-09-28 11:47:19 +08:00
|
|
|
}
|
|
|
|
|
|
2022-01-07 17:24:39 +08:00
|
|
|
// Instance 租户权限信息
|
|
|
|
|
func (c *Auth) Instance(tenantID uint64) ([]*auth.TreeChecked, error) {
|
|
|
|
|
mSysAuth := model.NewSysAuth()
|
2021-09-28 11:47:19 +08:00
|
|
|
|
2022-01-07 17:24:39 +08:00
|
|
|
out, err := mSysAuth.TenantAuth(tenantID)
|
2021-09-28 11:47:19 +08:00
|
|
|
|
|
|
|
|
if err != nil {
|
2022-01-07 17:24:39 +08:00
|
|
|
return nil, err
|
2021-09-28 11:47:19 +08:00
|
|
|
}
|
2022-01-07 17:24:39 +08:00
|
|
|
return auth.TreeCheckedFunc(out, 0), nil
|
2021-09-28 11:47:19 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Bind 绑定权限
|
|
|
|
|
func (c *Auth) Bind(tenantID uint64, authIDs []uint64) error {
|
2022-01-07 17:24:39 +08:00
|
|
|
mSysTenantAuth := model.NewSysTenantAuth()
|
|
|
|
|
// 查询用户所有的权限信息
|
|
|
|
|
out := make([]*model2.SysTenantAuth, 0)
|
2021-09-28 11:47:19 +08:00
|
|
|
|
2022-01-07 17:24:39 +08:00
|
|
|
err := model2.ScanFields(mSysTenantAuth.SysTenantAuth, &out, []string{"id", "auth_id"},
|
|
|
|
|
&model2.ModelWhereOrder{Where: model2.NewWhere("tenant_id", tenantID)})
|
2021-09-28 11:47:19 +08:00
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
2022-01-07 17:24:39 +08:00
|
|
|
}
|
|
|
|
|
_auths := make(map[uint64]uint64, 0)
|
|
|
|
|
// 应保存的菜单
|
|
|
|
|
insertAuths := make([]*model2.SysTenantAuth, 0)
|
|
|
|
|
// 应删除的菜单
|
|
|
|
|
deleteAuthIDs := make([]uint64, 0)
|
|
|
|
|
|
|
|
|
|
for _, v := range authIDs {
|
|
|
|
|
_auths[v] = v
|
2021-09-28 11:47:19 +08:00
|
|
|
}
|
|
|
|
|
return orm.GetDB().Transaction(func(tx *gorm.DB) error {
|
2022-01-07 17:24:39 +08:00
|
|
|
// 无菜单信息
|
|
|
|
|
if len(_auths) <= 0 {
|
|
|
|
|
for _, v := range out {
|
|
|
|
|
deleteAuthIDs = append(deleteAuthIDs, v.AuthID)
|
|
|
|
|
}
|
|
|
|
|
goto NEXT
|
|
|
|
|
}
|
|
|
|
|
// 租户原本含有菜单信息
|
|
|
|
|
for _, v := range out {
|
|
|
|
|
_, has := _auths[v.AuthID]
|
|
|
|
|
|
|
|
|
|
if !has {
|
|
|
|
|
deleteAuthIDs = append(deleteAuthIDs, v.AuthID)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
delete(_auths, v.AuthID)
|
|
|
|
|
}
|
|
|
|
|
if len(_auths) > 0 {
|
|
|
|
|
for k := range _auths {
|
|
|
|
|
insertAuths = append(insertAuths, &model2.SysTenantAuth{
|
|
|
|
|
ModelTenant: model2.ModelTenant{TenantID: tenantID},
|
|
|
|
|
AuthID: k,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
if err = model2.Creates(mSysTenantAuth.SysTenantAuth, insertAuths); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
NEXT:
|
|
|
|
|
// 删除操作
|
|
|
|
|
if len(deleteAuthIDs) <= 0 {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
// 删除租户的权限信息
|
|
|
|
|
if err = model2.DeleteWhere(mSysTenantAuth.SysTenantAuth, []*model2.ModelWhere{model2.NewWhere("tenant_id", tenantID),
|
|
|
|
|
model2.NewWhereIn("auth_id", deleteAuthIDs)}, tx); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
// 查询租户下所有角色信息
|
|
|
|
|
mSysRole := model.NewSysRole()
|
|
|
|
|
|
|
|
|
|
roleIDs := make([]uint64, 0)
|
2021-09-28 11:47:19 +08:00
|
|
|
|
2022-01-07 17:24:39 +08:00
|
|
|
if err = model2.Pluck(mSysRole.SysRole, "id", &roleIDs, model2.NewWhere("tenant_id", tenantID)); err != nil {
|
2021-09-28 11:47:19 +08:00
|
|
|
return err
|
|
|
|
|
}
|
2022-01-07 17:24:39 +08:00
|
|
|
// 删除租户下角色的权限
|
|
|
|
|
mSysRoleAuth := model.NewSysRoleAuth()
|
|
|
|
|
|
|
|
|
|
if err = model2.DeleteWhere(mSysRoleAuth.SysRoleAuth, []*model2.ModelWhere{
|
|
|
|
|
model2.NewWhereIn("role_id", roleIDs), model2.NewWhereIn("auth_id", deleteAuthIDs),
|
|
|
|
|
}, tx); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
// 查询菜单信息,关闭角色的权限信息
|
|
|
|
|
mSysAuth := model.NewSysAuth()
|
|
|
|
|
|
|
|
|
|
auths := make([]*model2.SysAuth, 0)
|
|
|
|
|
|
|
|
|
|
if err = model2.ScanFields(mSysAuth.SysAuth, &auths, []string{"kind", "auth"},
|
|
|
|
|
&model2.ModelWhereOrder{Where: model2.NewWhereIn("id", deleteAuthIDs)}); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
// 同步权限
|
|
|
|
|
_roleIDs := make([]string, 0)
|
|
|
|
|
|
|
|
|
|
for _, v := range roleIDs {
|
|
|
|
|
_roleIDs = append(_roleIDs, fmt.Sprintf("%d", v))
|
|
|
|
|
}
|
|
|
|
|
request := make([]*service.AuthRequest, 0)
|
|
|
|
|
|
|
|
|
|
for _, v := range auths {
|
|
|
|
|
if v.Kind == model2.SysAuthKindForModule || v.Auth == "" {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
mSysAuth.Auth = v.Auth
|
|
|
|
|
|
|
|
|
|
request = append(request, &service.AuthRequest{
|
|
|
|
|
Url: mSysAuth.FilterAuth(),
|
|
|
|
|
Method: "*",
|
|
|
|
|
})
|
2021-09-28 11:47:19 +08:00
|
|
|
}
|
2022-01-07 17:24:39 +08:00
|
|
|
return c.revoke(fmt.Sprintf("%d", tenantID), _roleIDs, request)
|
2021-09-28 11:47:19 +08:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewAuth() AuthHandle {
|
2022-01-06 22:02:09 +08:00
|
|
|
return func(session *session.Admin) *Auth {
|
|
|
|
|
return &Auth{Admin: session}
|
2021-09-28 11:47:19 +08:00
|
|
|
}
|
|
|
|
|
}
|
