package tenant import ( "SciencesServer/app/api/admin/controller/auth" "SciencesServer/app/api/admin/model" model2 "SciencesServer/app/common/model" "SciencesServer/app/service" "SciencesServer/app/session" "SciencesServer/serve/orm" "fmt" "gorm.io/gorm" ) type Auth struct{ *session.Admin } type AuthHandle func(session *session.Admin) *Auth func (c *Auth) revoke(tenantID string, roleIDs []string, request []*service.AuthRequest) error { permission := service.NewPermission( service.WithAuthTenant(tenantID), service.WithAuthRoles(roleIDs), service.WithAuthRequest(request), ) _, err := permission.RemoveRolePolicies() return err } // Instance 租户权限信息 func (c *Auth) Instance(tenantID uint64) ([]*auth.TreeChecked, error) { mSysAuth := model.NewSysAuth() out, err := mSysAuth.TenantAuth(tenantID) if err != nil { return nil, err } return auth.TreeCheckedFunc(out, 0), nil } // Bind 绑定权限 func (c *Auth) Bind(tenantID uint64, authIDs []uint64) error { mSysTenantAuth := model.NewSysTenantAuth() // 查询用户所有的权限信息 out := make([]*model2.SysTenantAuth, 0) err := model2.ScanFields(mSysTenantAuth.SysTenantAuth, &out, []string{"id", "auth_id"}, &model2.ModelWhereOrder{Where: model2.NewWhere("tenant_id", tenantID)}) if err != nil { return err } _auths := make(map[uint64]uint64, 0) // 应保存的菜单 insertAuths := make([]*model2.SysTenantAuth, 0) // 应删除的菜单 deleteAuthIDs := make([]uint64, 0) for _, v := range authIDs { _auths[v] = v } return orm.GetDB().Transaction(func(tx *gorm.DB) error { // 无菜单信息 if len(_auths) <= 0 { for _, v := range out { deleteAuthIDs = append(deleteAuthIDs, v.AuthID) } goto NEXT } // 租户原本含有菜单信息 for _, v := range out { _, has := _auths[v.AuthID] if !has { deleteAuthIDs = append(deleteAuthIDs, v.AuthID) continue } delete(_auths, v.AuthID) } if len(_auths) > 0 { for k := range _auths { insertAuths = append(insertAuths, &model2.SysTenantAuth{ ModelTenant: model2.ModelTenant{TenantID: tenantID}, AuthID: k, }) } if err = model2.Creates(mSysTenantAuth.SysTenantAuth, insertAuths); err != nil { return err } } NEXT: // 删除操作 if len(deleteAuthIDs) <= 0 { return nil } // 删除租户的权限信息 if err = model2.DeleteWhere(mSysTenantAuth.SysTenantAuth, []*model2.ModelWhere{model2.NewWhere("tenant_id", tenantID), model2.NewWhereIn("auth_id", deleteAuthIDs)}, tx); err != nil { return err } // 查询租户下所有角色信息 mSysRole := model.NewSysRole() roleIDs := make([]uint64, 0) if err = model2.Pluck(mSysRole.SysRole, "id", &roleIDs, model2.NewWhere("tenant_id", tenantID)); err != nil { return err } // 删除租户下角色的权限 mSysRoleAuth := model.NewSysRoleAuth() if err = model2.DeleteWhere(mSysRoleAuth.SysRoleAuth, []*model2.ModelWhere{ model2.NewWhereIn("role_id", roleIDs), model2.NewWhereIn("auth_id", deleteAuthIDs), }, tx); err != nil { return err } // 查询菜单信息,关闭角色的权限信息 mSysAuth := model.NewSysAuth() auths := make([]*model2.SysAuth, 0) if err = model2.ScanFields(mSysAuth.SysAuth, &auths, []string{"kind", "auth"}, &model2.ModelWhereOrder{Where: model2.NewWhereIn("id", deleteAuthIDs)}); err != nil { return err } // 同步权限 _roleIDs := make([]string, 0) for _, v := range roleIDs { _roleIDs = append(_roleIDs, fmt.Sprintf("%d", v)) } request := make([]*service.AuthRequest, 0) for _, v := range auths { if v.Kind == model2.SysAuthKindForModule || v.Auth == "" { continue } mSysAuth.Auth = v.Auth request = append(request, &service.AuthRequest{ Url: mSysAuth.FilterAuth(), Method: "*", }) } return c.revoke(fmt.Sprintf("%d", tenantID), _roleIDs, request) }) } func NewAuth() AuthHandle { return func(session *session.Admin) *Auth { return &Auth{Admin: session} } }