feat：完善项目信息

app/api/admin/api/role.go

@@ -120,7 +120,7 @@ func (*Role) Auth(c *gin.Context) {
 		api.APIFailure(err.(error))(c)
 		return
 	}
-	data, err := role.NewAuth()(api.GetSession()(c).(*session.Admin)).Index((&api.IDStringForm{ID: form.RoleID}).Convert())
+	data, err := role.NewAuth()(api.GetSession()(c).(*session.Admin)).Instance((&api.IDStringForm{ID: form.RoleID}).Convert())
 	api.APIResponse(err, data)(c)
 }
 

app/api/admin/api/tenant.go

@@ -113,7 +113,7 @@ func (a *Tenant) Menu(c *gin.Context) {
 		api.APIFailure(err.(error))(c)
 		return
 	}
-	data, err := tenant.NewMenu()(api.GetSession()(c).(*session.Admin)).List((&api.IDStringForm{ID: form.TenantID}).Convert())
+	data, err := tenant.NewMenu()(api.GetSession()(c).(*session.Admin)).Instance((&api.IDStringForm{ID: form.TenantID}).Convert())
 	api.APIResponse(err, data)(c)
 }
 
@@ -135,6 +135,18 @@ func (a *Tenant) MenuBind(c *gin.Context) {
 	api.APIResponse(err)(c)
 }
 
+func (a *Tenant) Auth(c *gin.Context) {
+	form := &struct {
+		TenantID string `json:"tenant_id" form:"tenant_id" binding:"required"`
+	}{}
+	if err := api.Bind(form)(c); err != nil {
+		api.APIFailure(err.(error))(c)
+		return
+	}
+	data, err := tenant.NewAuth()(api.GetSession()(c).(*session.Admin)).Instance((&api.IDStringForm{ID: form.TenantID}).Convert())
+	api.APIResponse(err, data)(c)
+}
+
 func (a *Tenant) AuthBind(c *gin.Context) {
 	form := &struct {
 		TenantID string   `json:"tenant_id" form:"tenant_id" binding:"required"`

app/api/admin/controller/auth/base.go

@@ -8,20 +8,14 @@ import (
 type (
 	// Tree 权限信息
 	Tree struct {
+		ID string `json:"id"`
 		*model2.SysAuth
-		KindTitle string  `json:"kind_title"`
-		Children  []*Tree `json:"children"`
-	}
-	// TreeRole 角色权限信息
-	TreeRole struct {
-		*model2.SysAuth
-		KindTitle string      `json:"kind_title"`
-		Checked   bool        `json:"checked"`
-		Children  []*TreeRole `json:"children"`
+		Children []*Tree `json:"children"`
 	}
 	// TreeChecked 角色选中状态
 	TreeChecked struct {
-		*model2.SysAuth
+		ID string `json:"id"`
+		*model.SysAuthScene
 		Checked  bool           `json:"checked"`
 		Children []*TreeChecked `json:"children"`
 	}
@@ -34,9 +28,9 @@ func tree(src []*model2.SysAuth, parentID uint64) []*Tree {
 	for _, v := range src {
 		if v.ParentID == parentID {
 			out = append(out, &Tree{
-				SysAuth:   v,
-				KindTitle: v.KindTitle(),
-				Children:  tree(src, v.ID),
+				ID:       v.GetEncodeID(),
+				SysAuth:  v,
+				Children: tree(src, v.ID),
 			})
 		}
 	}
@@ -50,9 +44,10 @@ func TreeCheckedFunc(src []*model.SysAuthScene, parentID uint64) []*TreeChecked
 	for _, v := range src {
 		if v.ParentID == parentID {
 			out = append(out, &TreeChecked{
-				SysAuth:  v.SysAuth,
-				Checked:  v.SceneID > 0,
-				Children: TreeCheckedFunc(src, v.ID),
+				ID:           v.GetEncodeID(),
+				SysAuthScene: v,
+				Checked:      v.SceneID > 0,
+				Children:     TreeCheckedFunc(src, v.ID),
 			})
 		}
 	}

app/api/admin/controller/role/auth.go

@@ -1,13 +1,14 @@
 package role
 
 import (
-	auth2 "SciencesServer/app/api/admin/controller/auth"
-	model3 "SciencesServer/app/api/admin/model"
+	"SciencesServer/app/api/admin/controller/auth"
+	"SciencesServer/app/api/admin/model"
 	model2 "SciencesServer/app/common/model"
 	"SciencesServer/app/service"
 	"SciencesServer/app/session"
 	"SciencesServer/serve/orm"
-	"SciencesServer/utils"
+	"errors"
+	"fmt"
 
 	"gorm.io/gorm"
 )
@@ -16,67 +17,86 @@ type Auth struct{ *session.Admin }
 
 type AuthHandle func(session *session.Admin) *Auth
 
-// Index 角色权限列表
-func (c *Auth) Index(roleID uint64) ([]*auth2.TreeChecked, error) {
-	mSysAuth := model3.NewSysAuth()
+// Instance 角色权限列表
+func (c *Auth) Instance(roleID uint64) ([]*auth.TreeChecked, error) {
+	mSysAuth := model.NewSysAuth()
 
 	out, err := mSysAuth.RoleAuth(c.TenantID, roleID)
 
 	if err != nil {
 		return nil, err
 	}
-	return auth2.TreeCheckedFunc(out, 0), nil
+	return auth.TreeCheckedFunc(out, 0), nil
 }
 
 // Bind 角色权限绑定
 func (c *Auth) Bind(roleID uint64, authIDs []uint64) error {
-	return orm.GetDB().Transaction(func(tx *gorm.DB) error {
-		mSysRoleAuth := model3.NewSysRoleAuth()
+	if c.TenantID > 0 {
+		// 查询该租户下绑定的菜单信息
+		mSysTenantAuth := model.NewSysTenantAuth()
 
+		var count int64
+
+		if err := model2.Count(mSysTenantAuth.SysTenantAuth, &count, model2.NewWhere("tenant_id", c.TenantID),
+			model2.NewWhereNotIn("auth_id", authIDs)); err != nil {
+			return err
+		} else if count > 0 {
+			return errors.New("操作异常，菜单权限异常")
+		}
+	}
+	mSysRoleAuth := model.NewSysRoleAuth()
+
+	return orm.GetDB().Transaction(func(tx *gorm.DB) error {
 		err := model2.DeleteWhere(mSysRoleAuth.SysRoleAuth, []*model2.ModelWhere{model2.NewWhere("role_id", roleID)}, tx)
 
 		if err != nil {
 			return err
 		}
+		permission := service.NewPermission(
+			service.WithAuthTenant(fmt.Sprintf("%d", c.TenantID)),
+			service.WithAuthRoles([]string{fmt.Sprintf("%d", roleID)}),
+		)
+		if len(authIDs) <= 0 {
+			_, err = permission.RemoveSingleRolePolicy()
+			return err
+		}
 		// 查询权限信息
-		mSysAuth := model3.NewSysAuth()
+		mSysAuth := model.NewSysAuth()
 
 		auths := make([]*model2.SysAuth, 0)
 
-		if err = model2.Find(mSysAuth.SysAuth, &auths, &model2.ModelWhereOrder{Where: model2.NewWhereIn("id", authIDs)}); err != nil {
+		if err = model2.ScanFields(mSysAuth.SysAuth, &auths, []string{"id", "kind", "auth"}, &model2.ModelWhereOrder{
+			Where: model2.NewWhereIn("id", authIDs),
+		}); err != nil {
 			return err
 		}
-		authRequests := make([]*service.AuthRequest, 0)
+		data := make([]*model2.SysRoleAuth, 0)
 
-		roles := make([]*model2.SysRoleAuth, 0)
+		request := make([]*service.AuthRequest, 0)
 
 		for _, v := range auths {
-			roles = append(roles, &model2.SysRoleAuth{
-				ModelTenant: model2.ModelTenant{TenantID: c.TenantID}, RoleID: roleID, AuthID: v.ID,
+			data = append(data, &model2.SysRoleAuth{
+				RoleID: roleID,
+				AuthID: v.ID,
 			})
-			if v.Auth == "" {
+			if v.Kind == model2.SysAuthKindForModule || v.Auth == "" {
 				continue
 			}
-			authRequests = append(authRequests, &service.AuthRequest{Url: v.Auth, Method: "*"})
+			mSysAuth.Auth = v.Auth
+
+			request = append(request, &service.AuthRequest{
+				Url:    mSysAuth.FilterAuth(),
+				Method: "*",
+			})
 		}
-		if err = model2.Creates(mSysRoleAuth.SysRoleAuth, roles, tx); err != nil {
+		if err = model2.Creates(mSysRoleAuth.SysRoleAuth, data); err != nil {
 			return err
 		}
-		go utils.TryCatch(func() {
-			//permission := service.NewPermission([]string{utils.UintToString(roleID)}, authRequests...)(c.TenantKey, "")
-			//// 删除角色权限
-			//if _, err = permission.RemoveRolePolicy(); err != nil {
-			//	logger.ErrorF("删除角色【%d】规则信息错误：%v", roleID, err)
-			//	return
-			//}
-			//if len(authRequests) > 0 {
-			//	if _, err = permission.AddPolicies(); err != nil {
-			//		logger.ErrorF("创建角色【%d】规则信息错误：%v", roleID, err)
-			//		return
-			//	}
-			//}
-		})
-		return nil
+		permission.AddRequest(request)
+
+		_, err = permission.AddPolicies()
+
+		return err
 	})
 }
 

app/api/admin/controller/role/menu.go

@@ -1,11 +1,14 @@
 package role
 
 import (
-	menu2 "SciencesServer/app/api/admin/controller/menu"
+	"SciencesServer/app/api/admin/controller/menu"
 	"SciencesServer/app/api/admin/model"
 	model2 "SciencesServer/app/common/model"
+	"SciencesServer/app/service"
 	"SciencesServer/app/session"
 	"SciencesServer/serve/orm"
+	"errors"
+	"fmt"
 	"gorm.io/gorm"
 )
 
@@ -14,15 +17,25 @@ type Menu struct{ *session.Admin }
 type MenuHandle func(session *session.Admin) *Menu
 
 // Index 菜单列表
-func (c *Menu) Index(roleID uint64) ([]*menu2.TreeChecked, error) {
+func (c *Menu) Index(roleID uint64) ([]*menu.TreeChecked, error) {
 	mSysMenu := model.NewSysMenu()
-	return menu2.MenuForRoleChecked(mSysMenu, c.TenantID, roleID)
+	return menu.MenuForRoleChecked(mSysMenu, c.TenantID, roleID)
 }
 
 // Bind 绑定菜单
 func (c *Menu) Bind(roleID uint64, menuIDs []uint64) error {
-	if len(menuIDs) > 0 {
+	if c.TenantID > 0 {
+		// 查询该租户下绑定的菜单信息
+		mSysTenantMenu := model.NewSysTenantMenu()
 
+		var count int64
+
+		if err := model2.Count(mSysTenantMenu.SysTenantMenu, &count, model2.NewWhere("tenant_id", c.TenantID),
+			model2.NewWhereNotIn("menu_id", menuIDs)); err != nil {
+			return err
+		} else if count > 0 {
+			return errors.New("操作异常，菜单权限异常")
+		}
 	}
 	mSysRoleMenu := model.NewSysRoleMenu()
 
@@ -32,24 +45,51 @@ func (c *Menu) Bind(roleID uint64, menuIDs []uint64) error {
 		if err != nil {
 			return err
 		}
+		permission := service.NewPermission(
+			service.WithAuthTenant(fmt.Sprintf("%d", c.TenantID)),
+			service.WithAuthRoles([]string{fmt.Sprintf("%d", roleID)}),
+		)
 		if len(menuIDs) <= 0 {
-			return nil
-		}
-		menus := make([]*model2.SysRoleMenu, 0)
-
-		mark := make(map[uint64]uint64, 0)
-
-		for _, v := range menuIDs {
-			if _, has := mark[v]; has {
-				continue
-			}
-			menus = append(menus, &model2.SysRoleMenu{RoleID: roleID, MenuID: v})
-			mark[v] = v
-		}
-		if err = model2.Creates(mSysRoleMenu.SysRoleMenu, menus, tx); err != nil {
+			_, err = permission.RemoveSingleRolePolicy()
 			return err
 		}
-		return nil
+		// 查询菜单信息
+		mSysMenu := model.NewSysMenu()
+
+		menus := make([]*model2.SysMenu, 0)
+
+		if err = model2.ScanFields(mSysMenu.SysMenu, &menus, []string{"id", "kind", "auth"}, &model2.ModelWhereOrder{
+			Where: model2.NewWhereIn("id", menuIDs),
+		}); err != nil {
+			return err
+		}
+		data := make([]*model2.SysRoleMenu, 0)
+
+		request := make([]*service.AuthRequest, 0)
+
+		for _, v := range menus {
+			data = append(data, &model2.SysRoleMenu{
+				RoleID: roleID,
+				MenuID: v.ID,
+			})
+			if v.Kind == model2.SysMenuKindForCatalogue || v.Auth == "" {
+				continue
+			}
+			mSysMenu.Auth = v.Auth
+
+			request = append(request, &service.AuthRequest{
+				Url:    mSysMenu.FilterAuth(),
+				Method: "*",
+			})
+		}
+		if err = model2.Creates(mSysRoleMenu.SysRoleMenu, data, tx); err != nil {
+			return err
+		}
+		permission.AddRequest(request)
+
+		_, err = permission.AddPolicies()
+
+		return err
 	})
 }
 

app/api/admin/controller/tenant/auth.go

@@ -1,14 +1,13 @@
 package tenant
 
 import (
-	model3 "SciencesServer/app/api/admin/model"
+	"SciencesServer/app/api/admin/controller/auth"
+	"SciencesServer/app/api/admin/model"
 	model2 "SciencesServer/app/common/model"
 	"SciencesServer/app/service"
 	"SciencesServer/app/session"
-	"SciencesServer/serve/logger"
 	"SciencesServer/serve/orm"
-	"SciencesServer/utils"
-	"errors"
+	"fmt"
 
 	"gorm.io/gorm"
 )
@@ -17,86 +16,133 @@ type Auth struct{ *session.Admin }
 
 type AuthHandle func(session *session.Admin) *Auth
 
-// delete 删除所有权限
-func (c *Auth) delete(tenantID uint64, tenantKey string, tx *gorm.DB) error {
-	mSysRoleAuth := model3.NewSysRoleAuth()
-
-	err := model2.DeleteWhere(mSysRoleAuth.SysRoleAuth, []*model2.ModelWhere{model2.NewWhere("tenant_id", tenantID)}, tx)
-
-	if err != nil {
-		return err
-	}
-	go utils.TryCatch(func() {
-		permission := service.NewPermission(service.WithAuthTenant(tenantKey))
-
-		if succ, err := permission.RemoveFilteredGroupingPolicy(); err != nil {
-			logger.ErrorF("删除租户【%s】权限信息错误：%v", tenantKey, err)
-		} else if !succ {
-			logger.ErrorF("删除租户【%s】权限信息失败", tenantKey)
-		}
-	})
-	return nil
+func (c *Auth) revoke(tenantID string, roleIDs []string, request []*service.AuthRequest) error {
+	permission := service.NewPermission(
+		service.WithAuthTenant(tenantID),
+		service.WithAuthRoles(roleIDs),
+		service.WithAuthRequest(request),
+	)
+	_, err := permission.RemoveRolePolicies()
+	return err
 }
 
-// revoke 撤销某些权限
-func (c *Auth) revoke(tenantID uint64, tenantKey string, authIDs []uint64, tx *gorm.DB) error {
-	// 查询该租户下不含有的权限信息
-	mSysRuleAuth := model3.NewSysRoleAuth()
+// Instance 租户权限信息
+func (c *Auth) Instance(tenantID uint64) ([]*auth.TreeChecked, error) {
+	mSysAuth := model.NewSysAuth()
 
-	out, err := mSysRuleAuth.Auths(model2.NewWhere("r.tenant_id", tenantID), model2.NewWhereNotIn("r_a.auth_id", authIDs))
+	out, err := mSysAuth.TenantAuth(tenantID)
 
 	if err != nil {
-		return err
+		return nil, err
 	}
-	if len(out) <= 0 {
-		return nil
-	}
-	roleAuthIDs := make([]uint64, 0)
-	roleIDs := make([]string, 0)
-	auths := make([]*service.AuthRequest, 0)
-
-	for _, v := range out {
-		roleAuthIDs = append(roleAuthIDs, v.ID)
-		roleIDs = append(roleIDs, utils.UintToString(v.RoleID))
-		auths = append(auths, &service.AuthRequest{Url: v.Auth, Method: "*"})
-	}
-	if err = model2.DeleteWhere(mSysRuleAuth.SysRoleAuth, []*model2.ModelWhere{model2.NewWhereIn("id", roleAuthIDs)}); err != nil {
-		return err
-	}
-	go utils.TryCatch(func() {
-		//permission := service.NewPermission(roleIDs, auths...)(c.TenantKey, "")
-		//// 删除角色权限
-		//if _, err = permission.RemoveNamedGroupingPolicies(); err != nil {
-		//	logger.ErrorF("删除租户【%s】下角色权限错误：%v", tenantKey, err)
-		//	return
-		//}
-	})
-	return nil
+	return auth.TreeCheckedFunc(out, 0), nil
 }
 
 // Bind 绑定权限
 func (c *Auth) Bind(tenantID uint64, authIDs []uint64) error {
-	mSysTenant := model3.NewSysTenant()
-	mSysTenant.ID = tenantID
+	mSysTenantAuth := model.NewSysTenantAuth()
+	// 查询用户所有的权限信息
+	out := make([]*model2.SysTenantAuth, 0)
 
-	isExist, err := model2.FirstField(mSysTenant.SysTenant, []string{"id", "key"})
+	err := model2.ScanFields(mSysTenantAuth.SysTenantAuth, &out, []string{"id", "auth_id"},
+		&model2.ModelWhereOrder{Where: model2.NewWhere("tenant_id", tenantID)})
 
 	if err != nil {
 		return err
-	} else if !isExist {
-		return errors.New("租户/公司信息不存在或已被删除")
+	}
+	_auths := make(map[uint64]uint64, 0)
+	// 应保存的菜单
+	insertAuths := make([]*model2.SysTenantAuth, 0)
+	// 应删除的菜单
+	deleteAuthIDs := make([]uint64, 0)
+
+	for _, v := range authIDs {
+		_auths[v] = v
 	}
 	return orm.GetDB().Transaction(func(tx *gorm.DB) error {
-		mSysTenantAuth := model3.NewSysTenantAuth()
+		// 无菜单信息
+		if len(_auths) <= 0 {
+			for _, v := range out {
+				deleteAuthIDs = append(deleteAuthIDs, v.AuthID)
+			}
+			goto NEXT
+		}
+		// 租户原本含有菜单信息
+		for _, v := range out {
+			_, has := _auths[v.AuthID]
 
-		if err = model2.DeleteWhere(mSysTenantAuth.SysTenantAuth, []*model2.ModelWhere{model2.NewWhere("tenant_id", mSysTenant.ID)}, tx); err != nil {
+			if !has {
+				deleteAuthIDs = append(deleteAuthIDs, v.AuthID)
+				continue
+			}
+			delete(_auths, v.AuthID)
+		}
+		if len(_auths) > 0 {
+			for k := range _auths {
+				insertAuths = append(insertAuths, &model2.SysTenantAuth{
+					ModelTenant: model2.ModelTenant{TenantID: tenantID},
+					AuthID:      k,
+				})
+			}
+			if err = model2.Creates(mSysTenantAuth.SysTenantAuth, insertAuths); err != nil {
+				return err
+			}
+		}
+	NEXT:
+		// 删除操作
+		if len(deleteAuthIDs) <= 0 {
+			return nil
+		}
+		// 删除租户的权限信息
+		if err = model2.DeleteWhere(mSysTenantAuth.SysTenantAuth, []*model2.ModelWhere{model2.NewWhere("tenant_id", tenantID),
+			model2.NewWhereIn("auth_id", deleteAuthIDs)}, tx); err != nil {
 			return err
 		}
-		if len(authIDs) <= 0 {
-			// 删除租户下所有角色的权限
-			return c.delete(mSysTenant.ID, mSysTenant.Key, tx)
+		// 查询租户下所有角色信息
+		mSysRole := model.NewSysRole()
+
+		roleIDs := make([]uint64, 0)
+
+		if err = model2.Pluck(mSysRole.SysRole, "id", &roleIDs, model2.NewWhere("tenant_id", tenantID)); err != nil {
+			return err
 		}
-		return c.revoke(mSysTenant.ID, mSysTenant.Key, authIDs, tx)
+		// 删除租户下角色的权限
+		mSysRoleAuth := model.NewSysRoleAuth()
+
+		if err = model2.DeleteWhere(mSysRoleAuth.SysRoleAuth, []*model2.ModelWhere{
+			model2.NewWhereIn("role_id", roleIDs), model2.NewWhereIn("auth_id", deleteAuthIDs),
+		}, tx); err != nil {
+			return err
+		}
+		// 查询菜单信息，关闭角色的权限信息
+		mSysAuth := model.NewSysAuth()
+
+		auths := make([]*model2.SysAuth, 0)
+
+		if err = model2.ScanFields(mSysAuth.SysAuth, &auths, []string{"kind", "auth"},
+			&model2.ModelWhereOrder{Where: model2.NewWhereIn("id", deleteAuthIDs)}); err != nil {
+			return err
+		}
+		// 同步权限
+		_roleIDs := make([]string, 0)
+
+		for _, v := range roleIDs {
+			_roleIDs = append(_roleIDs, fmt.Sprintf("%d", v))
+		}
+		request := make([]*service.AuthRequest, 0)
+
+		for _, v := range auths {
+			if v.Kind == model2.SysAuthKindForModule || v.Auth == "" {
+				continue
+			}
+			mSysAuth.Auth = v.Auth
+
+			request = append(request, &service.AuthRequest{
+				Url:    mSysAuth.FilterAuth(),
+				Method: "*",
+			})
+		}
+		return c.revoke(fmt.Sprintf("%d", tenantID), _roleIDs, request)
 	})
 }
 

app/api/admin/controller/tenant/menu.go

@@ -15,7 +15,7 @@ type Menu struct{ *session.Admin }
 
 type MenuHandle func(session *session.Admin) *Menu
 
-func (c *Menu) auth(tenantID string, roleIDs []string, request []*service.AuthRequest) error {
+func (c *Menu) revokeAuth(tenantID string, roleIDs []string, request []*service.AuthRequest) error {
 	permission := service.NewPermission(
 		service.WithAuthTenant(tenantID),
 		service.WithAuthRoles(roleIDs),
@@ -25,8 +25,8 @@ func (c *Menu) auth(tenantID string, roleIDs []string, request []*service.AuthRe
 	return err
 }
 
-// List 菜单列表
-func (c *Menu) List(tenantID uint64) ([]*menu.TreeChecked, error) {
+// Instance 菜单列表
+func (c *Menu) Instance(tenantID uint64) ([]*menu.TreeChecked, error) {
 	mSysMenu := model.NewSysMenu()
 	return menu.MenuForTenantChecked(mSysMenu, tenantID)
 }
@@ -38,7 +38,8 @@ func (c *Menu) Bind(tenantID uint64, menuIDs []uint64) error {
 	// 当前租户的信息
 	out := make([]*model2.SysTenantMenu, 0)
 
-	err := model2.ScanFields(mSysTenantMenu.SysTenantMenu, &out, []string{"id", "menu_id"})
+	err := model2.ScanFields(mSysTenantMenu.SysTenantMenu, &out, []string{"id", "menu_id"},
+		&model2.ModelWhereOrder{Where: model2.NewWhere("tenant_id", tenantID)})
 
 	if err != nil {
 		return err
@@ -70,13 +71,13 @@ func (c *Menu) Bind(tenantID uint64, menuIDs []uint64) error {
 			}
 			delete(_menus, v.MenuID)
 		}
-		for k := range _menus {
-			insertMenus = append(insertMenus, &model2.SysTenantMenu{
-				ModelTenant: model2.ModelTenant{TenantID: tenantID},
-				MenuID:      k,
-			})
-		}
-		if len(insertMenus) > 0 {
+		if len(_menus) > 0 {
+			for k := range _menus {
+				insertMenus = append(insertMenus, &model2.SysTenantMenu{
+					ModelTenant: model2.ModelTenant{TenantID: tenantID},
+					MenuID:      k,
+				})
+			}
 			if err = model2.Creates(mSysTenantMenu.SysTenantMenu, insertMenus); err != nil {
 				return err
 			}
@@ -102,13 +103,10 @@ func (c *Menu) Bind(tenantID uint64, menuIDs []uint64) error {
 		// 删除租户下角色的菜单
 		mSysRoleMenu := model.NewSysRoleMenu()
 
-		if len(menuIDs) <= 0 {
-			if err = model2.DeleteWhere(mSysRoleMenu.SysRoleMenu, []*model2.ModelWhere{
-				model2.NewWhereIn("role_id", roleIDs), model2.NewWhereIn("menu_id", deleteMenuIDs),
-			}, tx); err != nil {
-				return err
-			}
-			return nil
+		if err = model2.DeleteWhere(mSysRoleMenu.SysRoleMenu, []*model2.ModelWhere{
+			model2.NewWhereIn("role_id", roleIDs), model2.NewWhereIn("menu_id", deleteMenuIDs),
+		}, tx); err != nil {
+			return err
 		}
 		// 查询菜单信息，关闭角色的权限信息
 		mSysMenu := model.NewSysMenu()
@@ -138,7 +136,7 @@ func (c *Menu) Bind(tenantID uint64, menuIDs []uint64) error {
 				Method: "*",
 			})
 		}
-		return c.auth(fmt.Sprintf("%d", tenantID), _roleIDs, request)
+		return c.revokeAuth(fmt.Sprintf("%d", tenantID), _roleIDs, request)
 	})
 }
 

app/api/admin/model/sys_auth.go

@@ -4,6 +4,7 @@ import (
 	"SciencesServer/app/common/model"
 	"SciencesServer/serve/orm"
 	"fmt"
+	"strings"
 )
 
 type SysAuth struct {
@@ -12,20 +13,25 @@ type SysAuth struct {
 
 // SysAuthScene 信息
 type SysAuthScene struct {
-	*model.SysAuth
-	SceneID uint64 `json:"scene_id"`
+	model.Model
+	ParentID uint64            `json:"parent_id"`
+	Kind     model.SysAuthKind `json:"kind"`
+	Name     string            `json:"name"`
+	SceneID  uint64            `json:"scene_id"`
+}
+
+func (m *SysAuth) FilterAuth() string {
+	return "/" + strings.ReplaceAll(m.Auth, ":", "/")
 }
 
 // TenantAuth 租户权限
 func (m *SysAuth) TenantAuth(tenantID uint64) ([]*SysAuthScene, error) {
-	mSysTenantAuth := NewSysTenantAuth()
-
 	out := make([]*SysAuthScene, 0)
 
 	db := orm.GetDB().Table(m.TableName()+" AS a").
-		Select("a.*, r_a.id AS scene_id").
+		Select("a.id", "a.parent_id", "a.kind", "a.name", "r_a.id AS scene_id").
 		Joins(fmt.Sprintf("LEFT JOIN %s AS t_a ON t_a.auth_id = a.id AND t_a.tenant_id = %d AND t_a.is_deleted = %d",
-			mSysTenantAuth.TableName(), tenantID, model.DeleteStatusForNot)).
+			model.NewSysTenantAuth().TableName(), tenantID, model.DeleteStatusForNot)).
 		Where("a.is_deleted = ?", model.DeleteStatusForNot)
 
 	if err := db.Scan(&out).Error; err != nil {
@@ -36,21 +42,18 @@ func (m *SysAuth) TenantAuth(tenantID uint64) ([]*SysAuthScene, error) {
 
 // RoleAuth 角色权限
 func (m *SysAuth) RoleAuth(tenantID, roleID uint64) ([]*SysAuthScene, error) {
-	mSysTenantAuth := NewSysTenantAuth()
-
-	mSysRoleAuth := NewSysRoleAuth()
-
 	out := make([]*SysAuthScene, 0)
 
 	db := orm.GetDB().Table(m.TableName()+" AS a").
-		Select("a.*, r_a.id AS scene_id").
-		Joins(fmt.Sprintf("LEFT JOIN %s AS t_a ON t_a.auth_id = a.id AND t_a.tenant_id = %d AND t_a.is_deleted = %d",
-			mSysTenantAuth.TableName(), tenantID, model.DeleteStatusForNot)).
-		Joins(fmt.Sprintf("LEFT JOIN %s AS r_a ON r_a.auth_id = a.id AND r_a.role_id = %d AND r_a.is_deleted = %d",
-			mSysRoleAuth.TableName(), roleID, model.DeleteStatusForNot)).
-		Where("a.is_deleted = ?", model.DeleteStatusForNot).
-		Where("t_a.id > ?", 0)
+		Select("a.id", "a.parent_id", "a.kind", "a.name", "r_a.id AS scene_id").
+		Joins(fmt.Sprintf("LEFT JOIN %s AS r_a ON a.id = r_a.auth_id AND r_a.role_id = %d AND r_a.is_deleted = %d",
+			model.NewSysRoleAuth().TableName(), roleID, model.DeleteStatusForNot)).
+		Where("a.is_deleted = ?", model.DeleteStatusForNot)
 
+	if tenantID > 0 {
+		db = db.Joins(fmt.Sprintf("RIGHT JOIN %s AS t_a ON  a.id = t_a.auth_id AND t_a.tenant_id = %d AND t_a.is_deleted = %d",
+			model.NewSysTenantAuth().TableName(), tenantID, model.DeleteStatusForNot))
+	}
 	if err := db.Scan(&out).Error; err != nil {
 		return nil, err
 	}

app/api/admin/model/sys_menu.go

@@ -132,13 +132,14 @@ func (m *SysMenu) RoleMenuChecked(tenantID uint64, roleID uint64) ([]*SysMenuSce
 
 	db := orm.GetDB().Table(m.TableName()+" AS m").
 		Select("m.id, m.parent_id, m.name, m.kind, m.link, m.component, m.icon, r_m.id AS scene_id").
-		Joins(fmt.Sprintf("LEFT JOIN %s AS t_m ON m.id = t_m.menu_id AND t_m.tenant_id = %d AND t_m.is_deleted = %d",
-			mSysTenantMenu.TableName(), tenantID, model.DeleteStatusForNot)).
 		Joins(fmt.Sprintf("LEFT JOIN %s AS r_m ON m.id = r_m.menu_id AND r_m.role_id = %d AND r_m.is_deleted = %d",
 			mSysRoleMenu.TableName(), roleID, model.DeleteStatusForNot)).
-		Where("m.status = ? AND m.is_deleted = ?", model.SysMenuStatusForNormal, model.DeleteStatusForNot).
-		Where("t_m.id > ?", 0)
+		Where("m.status = ? AND m.is_deleted = ?", model.SysMenuStatusForNormal, model.DeleteStatusForNot)
 
+	if tenantID > 0 {
+		db = db.Joins(fmt.Sprintf("RIGHT JOIN %s AS t_m ON m.id = t_m.menu_id AND t_m.tenant_id = %d AND t_m.is_deleted = %d",
+			mSysTenantMenu.TableName(), tenantID, model.DeleteStatusForNot))
+	}
 	if err := db.Order("m.parent_id " + model.OrderModeToAsc).Order("m.sort " + model.OrderModeToAsc).Scan(&out).Error; err != nil {
 		return nil, err
 	}

app/common/model/sys_role_auth.go

@@ -2,7 +2,6 @@ package model
 
 type SysRoleAuth struct {
 	Model
-	ModelTenant
 	RoleID uint64 `gorm:"column:role_id;type:int;default:0;comment:角色ID" json:"-"`
 	AuthID uint64 `gorm:"column:auth_id;type:int;default:0;comment:权限ID" json:"-"`
 	ModelDeleted

app/service/auth.go

@@ -132,6 +132,11 @@ func (this *Permission) AddUser(user string) {
 	this.user = user
 }
 
+// AddRequest 追加请求信息
+func (this *Permission) AddRequest(requests []*AuthRequest) {
+	this.request = requests
+}
+
 // AddRoleForUser 增加用户角色
 func (this *Permission) AddRoleForUser() (bool, error) {
 	if len(this.roles) <= 0 {

router/address.go

@@ -182,6 +182,7 @@ func registerAdminAPI(app *gin.Engine) {
 		tenant.POST("/member/bind", _api.MemberBind)
 		tenant.POST("/menu", _api.Menu)
 		tenant.POST("/menu/bind", _api.MenuBind)
+		tenant.POST("/auth", _api.Auth)
 		tenant.POST("/auth/bind", _api.AuthBind)
 	}
 	// Menu 菜单管理