feat：完善项目

app/api/controller/tenant/auth.go

@@ -0,0 +1,107 @@
+package tenant
+
+import (
+	"SciencesServer/app/api/controller"
+	"SciencesServer/app/api/model"
+	model2 "SciencesServer/app/common/model"
+	"SciencesServer/app/service"
+	"SciencesServer/serve/logger"
+	"SciencesServer/serve/orm"
+	"SciencesServer/utils"
+	"errors"
+
+	"gorm.io/gorm"
+)
+
+type Auth struct{ *controller.Platform }
+
+type AuthHandle func(session *service.Session) *Auth
+
+// delete 删除所有权限
+func (c *Auth) delete(tenantID uint64, tenantKey string, tx *gorm.DB) error {
+	mSysRoleAuth := model.NewSysRoleAuth()
+
+	err := model2.DeleteWhere(mSysRoleAuth.SysRoleAuth, []*model2.ModelWhere{model2.NewWhere("tenant_id", tenantID)}, tx)
+
+	if err != nil {
+		return err
+	}
+	go utils.TryCatch(func() {
+		permission := service.NewPermission(nil)(tenantKey, "")
+
+		if succ, err := permission.RemoveFilteredGroupingPolicy(); err != nil {
+			logger.ErrorF("删除租户【%s】权限信息错误：%v", tenantKey, err)
+		} else if !succ {
+			logger.ErrorF("删除租户【%s】权限信息失败", tenantKey)
+		}
+	})
+	return nil
+}
+
+// revoke 撤销某些权限
+func (c *Auth) revoke(tenantID uint64, tenantKey string, authIDs []uint64, tx *gorm.DB) error {
+	// 查询该租户下不含有的权限信息
+	mSysRuleAuth := model.NewSysRoleAuth()
+
+	out, err := mSysRuleAuth.Auths(model2.NewWhere("r.tenant_id", tenantID), model2.NewWhereNotIn("r_a.auth_id", authIDs))
+
+	if err != nil {
+		return err
+	}
+	if len(out) <= 0 {
+		return nil
+	}
+	roleAuthIDs := make([]uint64, 0)
+	roleIDs := make([]string, 0)
+	auths := make([]*service.AuthRequest, 0)
+
+	for _, v := range out {
+		roleAuthIDs = append(roleAuthIDs, v.ID)
+		roleIDs = append(roleIDs, utils.UintToString(v.RoleID))
+		auths = append(auths, &service.AuthRequest{Url: v.Auth, Method: "*"})
+	}
+	if err = model2.DeleteWhere(mSysRuleAuth.SysRoleAuth, []*model2.ModelWhere{model2.NewWhereIn("id", roleAuthIDs)}); err != nil {
+		return err
+	}
+	go utils.TryCatch(func() {
+		permission := service.NewPermission(roleIDs, auths...)(c.TenantKey, "")
+		// 删除角色权限
+		if _, err = permission.RemoveNamedGroupingPolicies(); err != nil {
+			logger.ErrorF("删除租户【%s】下角色权限错误：%v", tenantKey, err)
+			return
+		}
+	})
+	return nil
+}
+
+// Bind 绑定权限
+func (c *Auth) Bind(tenantID uint64, authIDs []uint64) error {
+	mSysTenant := model.NewSysTenant()
+	mSysTenant.ID = tenantID
+
+	isExist, err := model2.FirstField(mSysTenant.SysTenant, []string{"id", "key"})
+
+	if err != nil {
+		return err
+	} else if !isExist {
+		return errors.New("租户/公司信息不存在或已被删除")
+	}
+	return orm.GetDB().Transaction(func(tx *gorm.DB) error {
+		mSysTenantAuth := model.NewSysTenantAuth()
+
+		if err = model2.DeleteWhere(mSysTenantAuth.SysTenantAuth, []*model2.ModelWhere{model2.NewWhere("tenant_id", mSysTenant.ID)}, tx); err != nil {
+			return err
+		}
+		if len(authIDs) <= 0 {
+			// 删除租户下所有角色的权限
+			return c.delete(mSysTenant.ID, mSysTenant.Key, tx)
+		}
+		return c.revoke(mSysTenant.ID, mSysTenant.Key, authIDs, tx)
+	})
+}
+
+func NewAuth() AuthHandle {
+	return func(session *service.Session) *Auth {
+		return &Auth{Platform: &controller.Platform{Session: session}}
+	}
+}