108 lines
3.1 KiB
Go
108 lines
3.1 KiB
Go
package tenant
|
||
|
||
import (
|
||
"SciencesServer/app/api/manage/controller"
|
||
model3 "SciencesServer/app/api/manage/model"
|
||
model2 "SciencesServer/app/common/model"
|
||
"SciencesServer/app/service"
|
||
"SciencesServer/serve/logger"
|
||
"SciencesServer/serve/orm"
|
||
"SciencesServer/utils"
|
||
"errors"
|
||
|
||
"gorm.io/gorm"
|
||
)
|
||
|
||
type Auth struct{ *controller.Platform }
|
||
|
||
type AuthHandle func(session *service.Session) *Auth
|
||
|
||
// delete 删除所有权限
|
||
func (c *Auth) delete(tenantID uint64, tenantKey string, tx *gorm.DB) error {
|
||
mSysRoleAuth := model3.NewSysRoleAuth()
|
||
|
||
err := model2.DeleteWhere(mSysRoleAuth.SysRoleAuth, []*model2.ModelWhere{model2.NewWhere("tenant_id", tenantID)}, tx)
|
||
|
||
if err != nil {
|
||
return err
|
||
}
|
||
go utils.TryCatch(func() {
|
||
permission := service.NewPermission(nil)(tenantKey, "")
|
||
|
||
if succ, err := permission.RemoveFilteredGroupingPolicy(); err != nil {
|
||
logger.ErrorF("删除租户【%s】权限信息错误:%v", tenantKey, err)
|
||
} else if !succ {
|
||
logger.ErrorF("删除租户【%s】权限信息失败", tenantKey)
|
||
}
|
||
})
|
||
return nil
|
||
}
|
||
|
||
// revoke 撤销某些权限
|
||
func (c *Auth) revoke(tenantID uint64, tenantKey string, authIDs []uint64, tx *gorm.DB) error {
|
||
// 查询该租户下不含有的权限信息
|
||
mSysRuleAuth := model3.NewSysRoleAuth()
|
||
|
||
out, err := mSysRuleAuth.Auths(model2.NewWhere("r.tenant_id", tenantID), model2.NewWhereNotIn("r_a.auth_id", authIDs))
|
||
|
||
if err != nil {
|
||
return err
|
||
}
|
||
if len(out) <= 0 {
|
||
return nil
|
||
}
|
||
roleAuthIDs := make([]uint64, 0)
|
||
roleIDs := make([]string, 0)
|
||
auths := make([]*service.AuthRequest, 0)
|
||
|
||
for _, v := range out {
|
||
roleAuthIDs = append(roleAuthIDs, v.ID)
|
||
roleIDs = append(roleIDs, utils.UintToString(v.RoleID))
|
||
auths = append(auths, &service.AuthRequest{Url: v.Auth, Method: "*"})
|
||
}
|
||
if err = model2.DeleteWhere(mSysRuleAuth.SysRoleAuth, []*model2.ModelWhere{model2.NewWhereIn("id", roleAuthIDs)}); err != nil {
|
||
return err
|
||
}
|
||
go utils.TryCatch(func() {
|
||
permission := service.NewPermission(roleIDs, auths...)(c.TenantKey, "")
|
||
// 删除角色权限
|
||
if _, err = permission.RemoveNamedGroupingPolicies(); err != nil {
|
||
logger.ErrorF("删除租户【%s】下角色权限错误:%v", tenantKey, err)
|
||
return
|
||
}
|
||
})
|
||
return nil
|
||
}
|
||
|
||
// Bind 绑定权限
|
||
func (c *Auth) Bind(tenantID uint64, authIDs []uint64) error {
|
||
mSysTenant := model3.NewSysTenant()
|
||
mSysTenant.ID = tenantID
|
||
|
||
isExist, err := model2.FirstField(mSysTenant.SysTenant, []string{"id", "key"})
|
||
|
||
if err != nil {
|
||
return err
|
||
} else if !isExist {
|
||
return errors.New("租户/公司信息不存在或已被删除")
|
||
}
|
||
return orm.GetDB().Transaction(func(tx *gorm.DB) error {
|
||
mSysTenantAuth := model3.NewSysTenantAuth()
|
||
|
||
if err = model2.DeleteWhere(mSysTenantAuth.SysTenantAuth, []*model2.ModelWhere{model2.NewWhere("tenant_id", mSysTenant.ID)}, tx); err != nil {
|
||
return err
|
||
}
|
||
if len(authIDs) <= 0 {
|
||
// 删除租户下所有角色的权限
|
||
return c.delete(mSysTenant.ID, mSysTenant.Key, tx)
|
||
}
|
||
return c.revoke(mSysTenant.ID, mSysTenant.Key, authIDs, tx)
|
||
})
|
||
}
|
||
|
||
func NewAuth() AuthHandle {
|
||
return func(session *service.Session) *Auth {
|
||
return &Auth{Platform: &controller.Platform{Session: session}}
|
||
}
|
||
}
|