package tenant import ( "SciencesServer/app/api/admin/controller" model3 "SciencesServer/app/api/admin/model" model2 "SciencesServer/app/common/model" "SciencesServer/app/service" "SciencesServer/serve/logger" "SciencesServer/serve/orm" "SciencesServer/utils" "errors" "gorm.io/gorm" ) type Auth struct{ *controller.Platform } type AuthHandle func(session *service.Session) *Auth // delete 删除所有权限 func (c *Auth) delete(tenantID uint64, tenantKey string, tx *gorm.DB) error { mSysRoleAuth := model3.NewSysRoleAuth() err := model2.DeleteWhere(mSysRoleAuth.SysRoleAuth, []*model2.ModelWhere{model2.NewWhere("tenant_id", tenantID)}, tx) if err != nil { return err } go utils.TryCatch(func() { permission := service.NewPermission(nil)(tenantKey, "") if succ, err := permission.RemoveFilteredGroupingPolicy(); err != nil { logger.ErrorF("删除租户【%s】权限信息错误:%v", tenantKey, err) } else if !succ { logger.ErrorF("删除租户【%s】权限信息失败", tenantKey) } }) return nil } // revoke 撤销某些权限 func (c *Auth) revoke(tenantID uint64, tenantKey string, authIDs []uint64, tx *gorm.DB) error { // 查询该租户下不含有的权限信息 mSysRuleAuth := model3.NewSysRoleAuth() out, err := mSysRuleAuth.Auths(model2.NewWhere("r.tenant_id", tenantID), model2.NewWhereNotIn("r_a.auth_id", authIDs)) if err != nil { return err } if len(out) <= 0 { return nil } roleAuthIDs := make([]uint64, 0) roleIDs := make([]string, 0) auths := make([]*service.AuthRequest, 0) for _, v := range out { roleAuthIDs = append(roleAuthIDs, v.ID) roleIDs = append(roleIDs, utils.UintToString(v.RoleID)) auths = append(auths, &service.AuthRequest{Url: v.Auth, Method: "*"}) } if err = model2.DeleteWhere(mSysRuleAuth.SysRoleAuth, []*model2.ModelWhere{model2.NewWhereIn("id", roleAuthIDs)}); err != nil { return err } go utils.TryCatch(func() { //permission := service.NewPermission(roleIDs, auths...)(c.TenantKey, "") //// 删除角色权限 //if _, err = permission.RemoveNamedGroupingPolicies(); err != nil { // logger.ErrorF("删除租户【%s】下角色权限错误:%v", tenantKey, err) // return //} }) return nil } // Bind 绑定权限 func (c *Auth) Bind(tenantID uint64, authIDs []uint64) error { mSysTenant := model3.NewSysTenant() mSysTenant.ID = tenantID isExist, err := model2.FirstField(mSysTenant.SysTenant, []string{"id", "key"}) if err != nil { return err } else if !isExist { return errors.New("租户/公司信息不存在或已被删除") } return orm.GetDB().Transaction(func(tx *gorm.DB) error { mSysTenantAuth := model3.NewSysTenantAuth() if err = model2.DeleteWhere(mSysTenantAuth.SysTenantAuth, []*model2.ModelWhere{model2.NewWhere("tenant_id", mSysTenant.ID)}, tx); err != nil { return err } if len(authIDs) <= 0 { // 删除租户下所有角色的权限 return c.delete(mSysTenant.ID, mSysTenant.Key, tx) } return c.revoke(mSysTenant.ID, mSysTenant.Key, authIDs, tx) }) } func NewAuth() AuthHandle { return func(session *service.Session) *Auth { return &Auth{Platform: &controller.Platform{Session: session}} } }