用户权限

2 years ago · 3f391caf61
parent 6ff5a0c0f7
commit 3f391caf61
13 changed files with 318 additions and 161 deletions
--- a/README.md
+++ b/README.md
@ -31,4 +31,9 @@ make init

 # 编译proto api
 make api
-```
+```
+
+## 开发说明
+
+- 除了文件上传相关的接口，其他接口一律使用proto进行定义。
+
--- a/api/v1/group.proto
+++ b/api/v1/group.proto
@ -47,6 +47,15 @@ message ListGroupReply {
  int64 total = 2;
 }

+message GetGroupPermissionRequest { int64 id = 1; }
+
+message UpdateGroupPermissionRequest {
+  int64 group_id = 1;
+  repeated int64 permission_id = 2;
+}
+
+message GroupPermissions { repeated int64 permission_id = 1; }
+
 service GroupAPI {
  // 创建用户组
  rpc CreateGroup(Group) returns (Group) {
@ -83,4 +92,20 @@ service GroupAPI {
      get : '/api/v1/group/list',
    };
  }
+
+  //  获取用户组权限列表
+  rpc GetGroupPermission(GetGroupPermissionRequest) returns (GroupPermissions) {
+    option (google.api.http) = {
+      get : '/api/v1/group/permission',
+    };
+  }
+
+  // 更新用户组权限，给用户组设置权限
+  rpc UpdateGroupPermission(UpdateGroupPermissionRequest)
+      returns (google.protobuf.Empty) {
+    option (google.api.http) = {
+      put : '/api/v1/group/permission',
+      body : '*',
+    };
+  }
 }
--- a/api/v1/user.proto
+++ b/api/v1/user.proto
@ -5,6 +5,7 @@ import "gogoproto/gogo.proto";
 // import "validate/validate.proto";
 import "google/api/annotations.proto";
 import "google/protobuf/empty.proto";
+import "api/v1/permission.proto";

 package api.v1;

@ -85,6 +86,10 @@ message UpdateUserPasswordRequest {
  string new_password = 3  [ (gogoproto.moretags) = "validate:\"min=6\"" ];
 }

+message GetUserPermissionsReply{
+  repeated Permission permission = 1;
+}
+
 service UserAPI {
  // 用户注册
  rpc Register(RegisterAndLoginRequest) returns (google.protobuf.Empty) {
@ -156,6 +161,13 @@ service UserAPI {
    };
  }

+  // GetUserCaptcha 获取用户验证码
+  rpc GetUserPermissions(google.protobuf.Empty) returns (GetUserPermissionsReply) {
+    option (google.api.http) = {
+      get : '/api/v1/user/permission',
+    };
+  }
+
  // 获取用户粉丝列表
  // rpc ListUserFans(ListUserFansRequest) returns (ListUserReply) {
  //   option (google.api.http) = {
--- a/biz/group.go
+++ b/biz/group.go
@ -137,3 +137,34 @@ func (s *GroupAPIService) ListGroup(ctx context.Context, req *pb.ListGroupReques
 	util.CopyStruct(&groups, &pbGroups)
 	return &pb.ListGroupReply{Group: pbGroups, Total: total}, nil
 }
+
+// GetGroupPermission 获取用户组权限
+func (s *GroupAPIService) GetGroupPermission(ctx context.Context, req *pb.GetGroupPermissionRequest) (*pb.GroupPermissions, error) {
+	_, err := s.checkPermission(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	groupPermissions, _ := s.dbModel.GetGroupPermissinsByGroupId(req.Id)
+	pbGroupPermissions := &pb.GroupPermissions{}
+	for _, item := range groupPermissions {
+		pbGroupPermissions.PermissionId = append(pbGroupPermissions.PermissionId, item.PermissionId)
+	}
+	return pbGroupPermissions, nil
+}
+
+// UpdateGroupPermission 更新用户组权限
+func (s *GroupAPIService) UpdateGroupPermission(ctx context.Context, req *pb.UpdateGroupPermissionRequest) (*emptypb.Empty, error) {
+	_, err := s.checkPermission(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	err = s.dbModel.UpdateGroupPermissions(req.GroupId, req.PermissionId)
+	if err != nil {
+		s.logger.Error("UpdateGroupPermissions", zap.Error(err))
+		return nil, err
+	}
+
+	return &emptypb.Empty{}, nil
+}
--- a/biz/user.go
+++ b/biz/user.go
@ -352,3 +352,21 @@ func (s *UserAPIService) GetUserCaptcha(ctx context.Context, req *pb.GetUserCapt

 	return res, nil
 }
+
+// GetUserPermissions 获取用户权限
+func (s *UserAPIService) GetUserPermissions(ctx context.Context, req *emptypb.Empty) (*pb.GetUserPermissionsReply, error) {
+	userClaims, ok := ctx.Value(auth.CtxKeyUserClaims).(*auth.UserClaims)
+	if !ok {
+		return nil, status.Error(codes.Unauthenticated, "您未登录或您的登录已过期")
+	}
+
+	permissions, err := s.dbModel.GetUserPermissinsByUserId(userClaims.UserId)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, err.Error())
+	}
+
+	var pbPermissions []*pb.Permission
+	util.CopyStruct(&permissions, &pbPermissions)
+
+	return &pb.GetUserPermissionsReply{Permission: pbPermissions}, nil
+}
--- a/model/groupPermission.go
+++ b/model/groupPermission.go
@ -1,12 +1,9 @@
 package model

 import (
-	"fmt"
-	"strings"
 	"time"

 	"go.uber.org/zap"
-	"gorm.io/gorm"
 )

 type GroupPermission struct {
@ -17,174 +14,44 @@ type GroupPermission struct {
 	UpdatedAt    *time.Time `form:"updated_at" json:"updated_at,omitempty" gorm:"column:updated_at;type:datetime;comment:更新时间;"`
 }

-// 这里是proto文件中的结构体，可以根据需要删除或者调整
-//message GroupPermission {
-// int64 id = 1;
-// int64 group_id = 2;
-// int64 permission_id = 3;
-//   = 0;
-//   = 0;
-//}
-
 func (GroupPermission) TableName() string {
 	return tablePrefix + "group_permission"
 }

-// CreateGroupPermission 创建GroupPermission
-func (m *DBModel) CreateGroupPermission(groupPermission *GroupPermission) (err error) {
-	err = m.db.Create(groupPermission).Error
-	if err != nil {
-		m.logger.Error("CreateGroupPermission", zap.Error(err))
-		return
-	}
+// GetGroupPermissinsByGroupId 根据用户组ID获取用户组权限
+func (m *DBModel) GetGroupPermissinsByGroupId(groupId int64) (groupPermissions []*GroupPermission, err error) {
+	err = m.db.Where("group_id = ?", groupId).Find(&groupPermissions).Error
 	return
 }

-// UpdateGroupPermission 更新GroupPermission，如果需要更新指定字段，则请指定updateFields参数
-func (m *DBModel) UpdateGroupPermission(groupPermission *GroupPermission, updateFields ...string) (err error) {
-	db := m.db.Model(groupPermission)
-
-	updateFields = m.FilterValidFields(GroupPermission{}.TableName(), updateFields...)
-	if len(updateFields) > 0 { // 更新指定字段
-		db = db.Select(updateFields)
-	}
-
-	err = db.Where("id = ?", groupPermission.Id).Updates(groupPermission).Error
-	if err != nil {
-		m.logger.Error("UpdateGroupPermission", zap.Error(err))
-	}
-	return
-}
-
-// GetGroupPermission 根据id获取GroupPermission
-func (m *DBModel) GetGroupPermission(id interface{}, fields ...string) (groupPermission GroupPermission, err error) {
-	db := m.db
-
-	fields = m.FilterValidFields(GroupPermission{}.TableName(), fields...)
-	if len(fields) > 0 {
-		db = db.Select(fields)
-	}
-
-	err = db.Where("id = ?", id).First(&groupPermission).Error
-	return
-}
-
-// GetGroupPermissionByGroupIdPermissionId(groupId int64, permissionId int64, fields ...string) 根据唯一索引获取GroupPermission
-func (m *DBModel) GetGroupPermissionByGroupIdPermissionId(groupId int64, permissionId int64, fields ...string) (groupPermission GroupPermission, err error) {
-	db := m.db
-
-	fields = m.FilterValidFields(GroupPermission{}.TableName(), fields...)
-	if len(fields) > 0 {
-		db = db.Select(fields)
-	}
-
-	db = db.Where("group_id = ?", groupId)
-
-	db = db.Where("permission_id = ?", permissionId)
-
-	err = db.First(&groupPermission).Error
-	if err != nil && err != gorm.ErrRecordNotFound {
-		m.logger.Error("GetGroupPermissionByGroupIdPermissionId", zap.Error(err))
-		return
-	}
-	return
-}
-
-type OptionGetGroupPermissionList struct {
-	Page         int
-	Size         int
-	WithCount    bool                      // 是否返回总数
-	Ids          []interface{}             // id列表
-	SelectFields []string                  // 查询字段
-	QueryRange   map[string][2]interface{} // map[field][]{min,max}
-	QueryIn      map[string][]interface{}  // map[field][]{value1,value2,...}
-	QueryLike    map[string][]interface{}  // map[field][]{value1,value2,...}
-	Sort         []string
-}
-
-// GetGroupPermissionList 获取GroupPermission列表
-func (m *DBModel) GetGroupPermissionList(opt OptionGetGroupPermissionList) (groupPermissionList []GroupPermission, total int64, err error) {
-	db := m.db.Model(&GroupPermission{})
-
-	for field, rangeValue := range opt.QueryRange {
-		fields := m.FilterValidFields(GroupPermission{}.TableName(), field)
-		if len(fields) == 0 {
-			continue
-		}
-		if rangeValue[0] != nil {
-			db = db.Where(fmt.Sprintf("%s >= ?", field), rangeValue[0])
-		}
-		if rangeValue[1] != nil {
-			db = db.Where(fmt.Sprintf("%s <= ?", field), rangeValue[1])
-		}
-	}
-
-	for field, values := range opt.QueryIn {
-		fields := m.FilterValidFields(GroupPermission{}.TableName(), field)
-		if len(fields) == 0 {
-			continue
-		}
-		db = db.Where(fmt.Sprintf("%s in (?)", field), values)
-	}
-
-	for field, values := range opt.QueryLike {
-		fields := m.FilterValidFields(GroupPermission{}.TableName(), field)
-		if len(fields) == 0 {
-			continue
-		}
-		db = db.Where(strings.TrimSuffix(fmt.Sprintf(strings.Join(make([]string, len(values)+1), "%s like ? or"), field), "or"), values...)
-	}
-
-	if len(opt.Ids) > 0 {
-		db = db.Where("id in (?)", opt.Ids)
-	}
-
-	if opt.WithCount {
-		err = db.Count(&total).Error
+// 设置权限
+func (m *DBModel) UpdateGroupPermissions(groupdId int64, permissionIds []int64) (err error) {
+	sess := m.db.Begin()
+	defer func() {
 		if err != nil {
-			m.logger.Error("GetGroupPermissionList", zap.Error(err))
-			return
+			sess.Rollback()
+		} else {
+			sess.Commit()
 		}
-	}
-
-	opt.SelectFields = m.FilterValidFields(GroupPermission{}.TableName(), opt.SelectFields...)
-	if len(opt.SelectFields) > 0 {
-		db = db.Select(opt.SelectFields)
-	}
-
-	if len(opt.Sort) > 0 {
-		var sorts []string
-		for _, sort := range opt.Sort {
-			slice := strings.Split(sort, " ")
-			if len(m.FilterValidFields(GroupPermission{}.TableName(), slice[0])) == 0 {
-				continue
-			}
+	}()

-			if len(slice) == 2 {
-				sorts = append(sorts, fmt.Sprintf("%s %s", slice[0], slice[1]))
-			} else {
-				sorts = append(sorts, fmt.Sprintf("%s desc", slice[0]))
-			}
-		}
-		if len(sorts) > 0 {
-			db = db.Order(strings.Join(sorts, ","))
-		}
+	// 删除旧的权限
+	err = sess.Where("group_id = ?", groupdId).Delete(&GroupPermission{}).Error
+	if err != nil {
+		m.logger.Error("delete old permission", zap.Error(err))
+		return
 	}

-	db = db.Offset((opt.Page - 1) * opt.Size).Limit(opt.Size)
-
-	err = db.Find(&groupPermissionList).Error
-	if err != nil && err != gorm.ErrRecordNotFound {
-		m.logger.Error("GetGroupPermissionList", zap.Error(err))
+	// 添加新的权限
+	var permissions []GroupPermission
+	for _, permissionId := range permissionIds {
+		permissions = append(permissions, GroupPermission{GroupId: groupdId, PermissionId: permissionId})
 	}
-	return
-}
-
-// DeleteGroupPermission 删除数据
-func (m *DBModel) DeleteGroupPermission(ids []interface{}) (err error) {
-	err = m.db.Where("id in (?)", ids).Delete(&GroupPermission{}).Error
+	err = sess.Create(&permissions).Error
 	if err != nil {
-		m.logger.Error("DeleteGroupPermission", zap.Error(err))
+		m.logger.Error("create group permission", zap.Error(err))
+		return
 	}
+
 	return
 }
--- a/model/user.go
+++ b/model/user.go
@ -290,3 +290,31 @@ func (m *DBModel) initUser() (err error) {
 	}
 	return
 }
+
+// GetUserPermissinsByUserId 根据用户ID获取用户权限
+func (m *DBModel) GetUserPermissinsByUserId(userId int64) (permissions []*Permission, err error) {
+	sql := `SELECT
+			p.*
+		FROM 
+			%s p
+		LEFT JOIN 
+			%s gp 
+		ON
+			p.id = gp.permission_id
+		LEFT JOIN 
+			%s ug
+		ON
+			ug.group_id=gp.group_id
+		WHERE
+			ug.user_id=?
+		group by p.id
+	`
+	sql = fmt.Sprintf(sql, Permission{}.TableName(), GroupPermission{}.TableName(), UserGroup{}.TableName())
+	err = m.db.Raw(sql, userId).Find(&permissions).Error
+	if err != nil && err != gorm.ErrRecordNotFound {
+		m.logger.Error("GetUserPermissinsByUserId", zap.Error(err))
+		return
+	}
+	err = nil
+	return
+}
--- a/web/api/group.js
+++ b/web/api/group.js
@ -40,4 +40,18 @@ export const listGroup = (params) => {
  })
 }

+export const getGroupPermission = (params) => {
+  return service({
+    url: '/api/v1/group/permission',
+    method: 'get',
+    params,
+  })
+}

+export const updateGroupPermission = (data) => {
+  return service({
+    url: '/api/v1/group/permission',
+    method: 'put',
+    data,
+  })
+}
--- a/web/api/user.js
+++ b/web/api/user.js
@ -71,3 +71,11 @@ export const getUserCaptcha = (params) => {
    params,
  })
 }
+
+export const getUserPermissions = (params) => {
+  return service({
+    url: '/api/v1/user/permission',
+    method: 'get',
+    params,
+  })
+}
--- a/web/components/FormGroupPermission.vue
+++ b/web/components/FormGroupPermission.vue
@ -0,0 +1,114 @@
+<template>
+  <div class="com-form-group-permission">
+    <el-form label-position="top" label-width="80px" :model="groupPermission">
+      <el-checkbox-group v-model="groupPermission.permission_id">
+        <el-checkbox
+          v-for="item in permissions"
+          :key="'permission-' + item.id"
+          :label="item.id"
+          >{{ item.title || item.method + ':' + item.path }}</el-checkbox
+        >
+      </el-checkbox-group>
+      <el-form-item>
+        <el-button
+          type="primary"
+          class="btn-block"
+          icon="el-icon-check"
+          :loading="loading"
+          @click="onSubmit"
+          >提交</el-button
+        >
+      </el-form-item>
+    </el-form>
+  </div>
+</template>
+<script>
+import { listPermission } from '~/api/permission'
+import { getGroupPermission, updateGroupPermission } from '~/api/group'
+export default {
+  name: 'FormGroupPermission',
+  props: {
+    groupId: {
+      type: Number,
+      default: 0,
+    },
+  },
+  data() {
+    return {
+      loading: false,
+      groupPermission: {
+        group_id: 0,
+        permission_id: [],
+      },
+      permissions: [],
+    }
+  },
+  watch: {
+    groupId: {
+      handler(val) {
+        this.groupPermission.group_id = val
+        this.loadAllPermissions()
+      },
+      immediate: true,
+    },
+  },
+  created() {
+    this.loadAllPermissions()
+    this.permission = this.initPermission
+  },
+  methods: {
+    async onSubmit() {
+      this.loading = true
+      const res = await updateGroupPermission(this.groupPermission)
+      if (res.status === 200) {
+        this.$message.success('设置成功')
+        this.$emit('success')
+      } else {
+        this.$message.error(res.data.message)
+      }
+      this.loading = false
+    },
+    async loadAllPermissions() {
+      if (this.groupPermission.group_id > 0) {
+        this.groupPermission.permission_id = [] // 重置授权信息
+        const [resPermissions, resGroupPermissions] = await Promise.all([
+          listPermission(),
+          getGroupPermission({ id: this.groupPermission.group_id }),
+        ])
+        if (resPermissions.status !== 200) {
+          this.$message.error(resPermissions.data.message)
+        }
+        if (resGroupPermissions.status !== 200) {
+          this.$message.error(resGroupPermissions.data.message)
+        }
+
+        if (
+          resPermissions.status === 200 &&
+          resGroupPermissions.status === 200
+        ) {
+          this.permissions = resPermissions.data.permission || []
+          this.groupPermission.permission_id =
+            resGroupPermissions.data.permission_id || []
+        }
+      }
+    },
+    clearValidate() {
+      this.$refs.formPermission.clearValidate()
+    },
+    resetFields() {
+      this.$refs.formPermission.resetFields()
+    },
+    reset() {
+      this.resetFields()
+      this.clearValidate()
+    },
+  },
+}
+</script>
+<style lang="scss">
+.com-form-group-permission {
+  .el-checkbox {
+    margin-bottom: 20px;
+  }
+}
+</style>
--- a/web/components/TableList.vue
+++ b/web/components/TableList.vue
@ -82,6 +82,7 @@
        :min-width="actionsMinWidth"
      >
        <template slot-scope="scope">
+          <slot :row="scope.row" name="actions"></slot>
          <el-button
            v-if="showView"
            type="text"
--- a/web/pages/admin/user/group.vue
+++ b/web/pages/admin/user/group.vue
@ -21,10 +21,21 @@
        :show-edit="true"
        :show-delete="true"
        :show-select="true"
+        :actions-min-width="200"
        @selectRow="selectRow"
        @deleteRow="deleteRow"
        @editRow="editRow"
-      />
+        @permission="setGroupPermission"
+      >
+        <template slot="actions" slot-scope="scope">
+          <el-button
+            type="text"
+            icon="el-icon-coordinate"
+            @click="setGroupPermission(scope.row)"
+            >授权</el-button
+          >
+        </template>
+      </TableList>
    </el-card>
    <el-card v-if="total > 0" shadow="never" class="mgt-20px">
      <div class="text-right">
@ -49,6 +60,16 @@
    >
      <FormGroup :init-group="group" @success="success" />
    </el-dialog>
+    <el-dialog
+      :title="`【${group.title}】角色授权`"
+      :visible.sync="formGroupPermissionVisible"
+      width="640px"
+    >
+      <FormGroupPermission
+        :group-id="group.id"
+        @success="updateGroupPermissionSuccess"
+      />
+    </el-dialog>
  </div>
 </template>

@ -57,13 +78,15 @@ import { listGroup, deleteGroup, getGroup } from '~/api/group'
 import TableList from '~/components/TableList.vue'
 import FormSearch from '~/components/FormSearch.vue'
 import FormGroup from '~/components/FormGroup.vue'
+import FormGroupPermission from '~/components/FormGroupPermission.vue'
 export default {
-  components: { TableList, FormSearch, FormGroup },
+  components: { TableList, FormSearch, FormGroup, FormGroupPermission },
  layout: 'admin',
  data() {
    return {
      loading: false,
      formGroupVisible: false,
+      formGroupPermissionVisible: false,
      search: {
        wd: '',
        page: 1,
@ -108,6 +131,13 @@ export default {
      this.search.size = val
      this.listGroup()
    },
+    updateGroupPermissionSuccess() {
+      // 权限设置成功，需要：
+      // 1. 隐藏设置功能
+      this.formGroupPermissionVisible = false
+      // 2. vuex重载用户权限
+      // 3. 刷新页面，以便使设置的权限生效
+    },
    handlePageChange(val) {
      this.search.page = val
      this.listGroup()
@ -121,6 +151,10 @@ export default {
      this.initGroup()
      this.formGroupVisible = true
    },
+    setGroupPermission(row) {
+      this.group = row
+      this.formGroupPermissionVisible = true
+    },
    async editRow(row) {
      const res = await getGroup({ id: row.id })
      if (res.status === 200) {
--- a/web/pages/admin/user/permission.vue
+++ b/web/pages/admin/user/permission.vue
@ -19,7 +19,7 @@
        :show-edit="true"
        :show-delete="false"
        :show-select="false"
-        :actions-min-width="'70px'"
+        :actions-min-width="70"
        @editRow="editRow"
      />
    </el-card>