Files

108 lines
3.1 KiB
Go
Raw Normal View History

2021-09-28 11:47:19 +08:00
package tenant
import (
2021-09-28 11:51:15 +08:00
"SciencesServer/app/api/controller"
"SciencesServer/app/api/model"
2021-09-28 11:47:19 +08:00
model2 "SciencesServer/app/common/model"
"SciencesServer/app/service"
"SciencesServer/serve/logger"
"SciencesServer/serve/orm"
"SciencesServer/utils"
"errors"
"gorm.io/gorm"
)
type Auth struct{ *controller.Platform }
type AuthHandle func(session *service.Session) *Auth
// delete 删除所有权限
func (c *Auth) delete(tenantID uint64, tenantKey string, tx *gorm.DB) error {
mSysRoleAuth := model.NewSysRoleAuth()
err := model2.DeleteWhere(mSysRoleAuth.SysRoleAuth, []*model2.ModelWhere{model2.NewWhere("tenant_id", tenantID)}, tx)
if err != nil {
return err
}
go utils.TryCatch(func() {
permission := service.NewPermission(nil)(tenantKey, "")
if succ, err := permission.RemoveFilteredGroupingPolicy(); err != nil {
logger.ErrorF("删除租户【%s】权限信息错误%v", tenantKey, err)
} else if !succ {
logger.ErrorF("删除租户【%s】权限信息失败", tenantKey)
}
})
return nil
}
// revoke 撤销某些权限
func (c *Auth) revoke(tenantID uint64, tenantKey string, authIDs []uint64, tx *gorm.DB) error {
// 查询该租户下不含有的权限信息
mSysRuleAuth := model.NewSysRoleAuth()
out, err := mSysRuleAuth.Auths(model2.NewWhere("r.tenant_id", tenantID), model2.NewWhereNotIn("r_a.auth_id", authIDs))
if err != nil {
return err
}
if len(out) <= 0 {
return nil
}
roleAuthIDs := make([]uint64, 0)
roleIDs := make([]string, 0)
auths := make([]*service.AuthRequest, 0)
for _, v := range out {
roleAuthIDs = append(roleAuthIDs, v.ID)
roleIDs = append(roleIDs, utils.UintToString(v.RoleID))
auths = append(auths, &service.AuthRequest{Url: v.Auth, Method: "*"})
}
if err = model2.DeleteWhere(mSysRuleAuth.SysRoleAuth, []*model2.ModelWhere{model2.NewWhereIn("id", roleAuthIDs)}); err != nil {
return err
}
go utils.TryCatch(func() {
permission := service.NewPermission(roleIDs, auths...)(c.TenantKey, "")
// 删除角色权限
if _, err = permission.RemoveNamedGroupingPolicies(); err != nil {
logger.ErrorF("删除租户【%s】下角色权限错误%v", tenantKey, err)
return
}
})
return nil
}
// Bind 绑定权限
func (c *Auth) Bind(tenantID uint64, authIDs []uint64) error {
mSysTenant := model.NewSysTenant()
mSysTenant.ID = tenantID
isExist, err := model2.FirstField(mSysTenant.SysTenant, []string{"id", "key"})
if err != nil {
return err
} else if !isExist {
return errors.New("租户/公司信息不存在或已被删除")
}
return orm.GetDB().Transaction(func(tx *gorm.DB) error {
mSysTenantAuth := model.NewSysTenantAuth()
if err = model2.DeleteWhere(mSysTenantAuth.SysTenantAuth, []*model2.ModelWhere{model2.NewWhere("tenant_id", mSysTenant.ID)}, tx); err != nil {
return err
}
if len(authIDs) <= 0 {
// 删除租户下所有角色的权限
return c.delete(mSysTenant.ID, mSysTenant.Key, tx)
}
return c.revoke(mSysTenant.ID, mSysTenant.Key, authIDs, tx)
})
}
func NewAuth() AuthHandle {
return func(session *service.Session) *Auth {
return &Auth{Platform: &controller.Platform{Session: session}}
}
}