From 3f391caf61fbd4242a90f2fe7c8074b3c238f2e5 Mon Sep 17 00:00:00 2001
From: truthhun <truthhun@qq.com>
Date: Tue, 18 Oct 2022 22:02:04 +0800
Subject: [PATCH] =?UTF-8?q?=E7=94=A8=E6=88=B7=E6=9D=83=E9=99=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                              |   7 +-
 api/v1/group.proto                     |  25 ++++
 api/v1/user.proto                      |  12 ++
 biz/group.go                           |  31 +++++
 biz/user.go                            |  18 +++
 model/groupPermission.go               | 181 ++++---------------------
 model/user.go                          |  28 ++++
 web/api/group.js                       |  14 ++
 web/api/user.js                        |   8 ++
 web/components/FormGroupPermission.vue | 114 ++++++++++++++++
 web/components/TableList.vue           |   1 +
 web/pages/admin/user/group.vue         |  38 +++++-
 web/pages/admin/user/permission.vue    |   2 +-
 13 files changed, 318 insertions(+), 161 deletions(-)
 create mode 100644 web/components/FormGroupPermission.vue

diff --git a/README.md b/README.md
index 3549a48..02d8a27 100644
--- a/README.md
+++ b/README.md
@@ -31,4 +31,9 @@ make init
 
 # 编译proto api
 make api
-```
\ No newline at end of file
+```
+
+## 开发说明
+
+- 除了文件上传相关的接口，其他接口一律使用proto进行定义。
+
diff --git a/api/v1/group.proto b/api/v1/group.proto
index fec845b..c321f30 100644
--- a/api/v1/group.proto
+++ b/api/v1/group.proto
@@ -47,6 +47,15 @@ message ListGroupReply {
   int64 total = 2;
 }
 
+message GetGroupPermissionRequest { int64 id = 1; }
+
+message UpdateGroupPermissionRequest {
+  int64 group_id = 1;
+  repeated int64 permission_id = 2;
+}
+
+message GroupPermissions { repeated int64 permission_id = 1; }
+
 service GroupAPI {
   // 创建用户组
   rpc CreateGroup(Group) returns (Group) {
@@ -83,4 +92,20 @@ service GroupAPI {
       get : '/api/v1/group/list',
     };
   }
+
+  //  获取用户组权限列表
+  rpc GetGroupPermission(GetGroupPermissionRequest) returns (GroupPermissions) {
+    option (google.api.http) = {
+      get : '/api/v1/group/permission',
+    };
+  }
+
+  // 更新用户组权限，给用户组设置权限
+  rpc UpdateGroupPermission(UpdateGroupPermissionRequest)
+      returns (google.protobuf.Empty) {
+    option (google.api.http) = {
+      put : '/api/v1/group/permission',
+      body : '*',
+    };
+  }
 }
\ No newline at end of file
diff --git a/api/v1/user.proto b/api/v1/user.proto
index 9417950..dd9c6ed 100644
--- a/api/v1/user.proto
+++ b/api/v1/user.proto
@@ -5,6 +5,7 @@ import "gogoproto/gogo.proto";
 // import "validate/validate.proto";
 import "google/api/annotations.proto";
 import "google/protobuf/empty.proto";
+import "api/v1/permission.proto";
 
 package api.v1;
 
@@ -85,6 +86,10 @@ message UpdateUserPasswordRequest {
   string new_password = 3  [ (gogoproto.moretags) = "validate:\"min=6\"" ];
 }
 
+message GetUserPermissionsReply{
+  repeated Permission permission = 1;
+}
+
 service UserAPI {
   // 用户注册
   rpc Register(RegisterAndLoginRequest) returns (google.protobuf.Empty) {
@@ -156,6 +161,13 @@ service UserAPI {
     };
   }
 
+  // GetUserCaptcha 获取用户验证码
+  rpc GetUserPermissions(google.protobuf.Empty) returns (GetUserPermissionsReply) {
+    option (google.api.http) = {
+      get : '/api/v1/user/permission',
+    };
+  }
+
   // 获取用户粉丝列表
   // rpc ListUserFans(ListUserFansRequest) returns (ListUserReply) {
   //   option (google.api.http) = {
diff --git a/biz/group.go b/biz/group.go
index 6212b4d..079310a 100644
--- a/biz/group.go
+++ b/biz/group.go
@@ -137,3 +137,34 @@ func (s *GroupAPIService) ListGroup(ctx context.Context, req *pb.ListGroupReques
 	util.CopyStruct(&groups, &pbGroups)
 	return &pb.ListGroupReply{Group: pbGroups, Total: total}, nil
 }
+
+// GetGroupPermission 获取用户组权限
+func (s *GroupAPIService) GetGroupPermission(ctx context.Context, req *pb.GetGroupPermissionRequest) (*pb.GroupPermissions, error) {
+	_, err := s.checkPermission(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	groupPermissions, _ := s.dbModel.GetGroupPermissinsByGroupId(req.Id)
+	pbGroupPermissions := &pb.GroupPermissions{}
+	for _, item := range groupPermissions {
+		pbGroupPermissions.PermissionId = append(pbGroupPermissions.PermissionId, item.PermissionId)
+	}
+	return pbGroupPermissions, nil
+}
+
+// UpdateGroupPermission 更新用户组权限
+func (s *GroupAPIService) UpdateGroupPermission(ctx context.Context, req *pb.UpdateGroupPermissionRequest) (*emptypb.Empty, error) {
+	_, err := s.checkPermission(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	err = s.dbModel.UpdateGroupPermissions(req.GroupId, req.PermissionId)
+	if err != nil {
+		s.logger.Error("UpdateGroupPermissions", zap.Error(err))
+		return nil, err
+	}
+
+	return &emptypb.Empty{}, nil
+}
diff --git a/biz/user.go b/biz/user.go
index fc8db55..e914798 100644
--- a/biz/user.go
+++ b/biz/user.go
@@ -352,3 +352,21 @@ func (s *UserAPIService) GetUserCaptcha(ctx context.Context, req *pb.GetUserCapt
 
 	return res, nil
 }
+
+// GetUserPermissions 获取用户权限
+func (s *UserAPIService) GetUserPermissions(ctx context.Context, req *emptypb.Empty) (*pb.GetUserPermissionsReply, error) {
+	userClaims, ok := ctx.Value(auth.CtxKeyUserClaims).(*auth.UserClaims)
+	if !ok {
+		return nil, status.Error(codes.Unauthenticated, "您未登录或您的登录已过期")
+	}
+
+	permissions, err := s.dbModel.GetUserPermissinsByUserId(userClaims.UserId)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, err.Error())
+	}
+
+	var pbPermissions []*pb.Permission
+	util.CopyStruct(&permissions, &pbPermissions)
+
+	return &pb.GetUserPermissionsReply{Permission: pbPermissions}, nil
+}
diff --git a/model/groupPermission.go b/model/groupPermission.go
index 4f3a005..66f1e2e 100644
--- a/model/groupPermission.go
+++ b/model/groupPermission.go
@@ -1,12 +1,9 @@
 package model
 
 import (
-	"fmt"
-	"strings"
 	"time"
 
 	"go.uber.org/zap"
-	"gorm.io/gorm"
 )
 
 type GroupPermission struct {
@@ -17,174 +14,44 @@ type GroupPermission struct {
 	UpdatedAt    *time.Time `form:"updated_at" json:"updated_at,omitempty" gorm:"column:updated_at;type:datetime;comment:更新时间;"`
 }
 
-// 这里是proto文件中的结构体，可以根据需要删除或者调整
-//message GroupPermission {
-// int64 id = 1;
-// int64 group_id = 2;
-// int64 permission_id = 3;
-//   = 0;
-//   = 0;
-//}
-
 func (GroupPermission) TableName() string {
 	return tablePrefix + "group_permission"
 }
 
-// CreateGroupPermission 创建GroupPermission
-func (m *DBModel) CreateGroupPermission(groupPermission *GroupPermission) (err error) {
-	err = m.db.Create(groupPermission).Error
-	if err != nil {
-		m.logger.Error("CreateGroupPermission", zap.Error(err))
-		return
-	}
+// GetGroupPermissinsByGroupId 根据用户组ID获取用户组权限
+func (m *DBModel) GetGroupPermissinsByGroupId(groupId int64) (groupPermissions []*GroupPermission, err error) {
+	err = m.db.Where("group_id = ?", groupId).Find(&groupPermissions).Error
 	return
 }
 
-// UpdateGroupPermission 更新GroupPermission，如果需要更新指定字段，则请指定updateFields参数
-func (m *DBModel) UpdateGroupPermission(groupPermission *GroupPermission, updateFields ...string) (err error) {
-	db := m.db.Model(groupPermission)
-
-	updateFields = m.FilterValidFields(GroupPermission{}.TableName(), updateFields...)
-	if len(updateFields) > 0 { // 更新指定字段
-		db = db.Select(updateFields)
-	}
-
-	err = db.Where("id = ?", groupPermission.Id).Updates(groupPermission).Error
-	if err != nil {
-		m.logger.Error("UpdateGroupPermission", zap.Error(err))
-	}
-	return
-}
-
-// GetGroupPermission 根据id获取GroupPermission
-func (m *DBModel) GetGroupPermission(id interface{}, fields ...string) (groupPermission GroupPermission, err error) {
-	db := m.db
-
-	fields = m.FilterValidFields(GroupPermission{}.TableName(), fields...)
-	if len(fields) > 0 {
-		db = db.Select(fields)
-	}
-
-	err = db.Where("id = ?", id).First(&groupPermission).Error
-	return
-}
-
-// GetGroupPermissionByGroupIdPermissionId(groupId int64, permissionId int64, fields ...string) 根据唯一索引获取GroupPermission
-func (m *DBModel) GetGroupPermissionByGroupIdPermissionId(groupId int64, permissionId int64, fields ...string) (groupPermission GroupPermission, err error) {
-	db := m.db
-
-	fields = m.FilterValidFields(GroupPermission{}.TableName(), fields...)
-	if len(fields) > 0 {
-		db = db.Select(fields)
-	}
-
-	db = db.Where("group_id = ?", groupId)
-
-	db = db.Where("permission_id = ?", permissionId)
-
-	err = db.First(&groupPermission).Error
-	if err != nil && err != gorm.ErrRecordNotFound {
-		m.logger.Error("GetGroupPermissionByGroupIdPermissionId", zap.Error(err))
-		return
-	}
-	return
-}
-
-type OptionGetGroupPermissionList struct {
-	Page         int
-	Size         int
-	WithCount    bool                      // 是否返回总数
-	Ids          []interface{}             // id列表
-	SelectFields []string                  // 查询字段
-	QueryRange   map[string][2]interface{} // map[field][]{min,max}
-	QueryIn      map[string][]interface{}  // map[field][]{value1,value2,...}
-	QueryLike    map[string][]interface{}  // map[field][]{value1,value2,...}
-	Sort         []string
-}
-
-// GetGroupPermissionList 获取GroupPermission列表
-func (m *DBModel) GetGroupPermissionList(opt OptionGetGroupPermissionList) (groupPermissionList []GroupPermission, total int64, err error) {
-	db := m.db.Model(&GroupPermission{})
-
-	for field, rangeValue := range opt.QueryRange {
-		fields := m.FilterValidFields(GroupPermission{}.TableName(), field)
-		if len(fields) == 0 {
-			continue
-		}
-		if rangeValue[0] != nil {
-			db = db.Where(fmt.Sprintf("%s >= ?", field), rangeValue[0])
-		}
-		if rangeValue[1] != nil {
-			db = db.Where(fmt.Sprintf("%s <= ?", field), rangeValue[1])
-		}
-	}
-
-	for field, values := range opt.QueryIn {
-		fields := m.FilterValidFields(GroupPermission{}.TableName(), field)
-		if len(fields) == 0 {
-			continue
-		}
-		db = db.Where(fmt.Sprintf("%s in (?)", field), values)
-	}
-
-	for field, values := range opt.QueryLike {
-		fields := m.FilterValidFields(GroupPermission{}.TableName(), field)
-		if len(fields) == 0 {
-			continue
-		}
-		db = db.Where(strings.TrimSuffix(fmt.Sprintf(strings.Join(make([]string, len(values)+1), "%s like ? or"), field), "or"), values...)
-	}
-
-	if len(opt.Ids) > 0 {
-		db = db.Where("id in (?)", opt.Ids)
-	}
-
-	if opt.WithCount {
-		err = db.Count(&total).Error
+// 设置权限
+func (m *DBModel) UpdateGroupPermissions(groupdId int64, permissionIds []int64) (err error) {
+	sess := m.db.Begin()
+	defer func() {
 		if err != nil {
-			m.logger.Error("GetGroupPermissionList", zap.Error(err))
-			return
+			sess.Rollback()
+		} else {
+			sess.Commit()
 		}
-	}
-
-	opt.SelectFields = m.FilterValidFields(GroupPermission{}.TableName(), opt.SelectFields...)
-	if len(opt.SelectFields) > 0 {
-		db = db.Select(opt.SelectFields)
-	}
-
-	if len(opt.Sort) > 0 {
-		var sorts []string
-		for _, sort := range opt.Sort {
-			slice := strings.Split(sort, " ")
-			if len(m.FilterValidFields(GroupPermission{}.TableName(), slice[0])) == 0 {
-				continue
-			}
+	}()
 
-			if len(slice) == 2 {
-				sorts = append(sorts, fmt.Sprintf("%s %s", slice[0], slice[1]))
-			} else {
-				sorts = append(sorts, fmt.Sprintf("%s desc", slice[0]))
-			}
-		}
-		if len(sorts) > 0 {
-			db = db.Order(strings.Join(sorts, ","))
-		}
+	// 删除旧的权限
+	err = sess.Where("group_id = ?", groupdId).Delete(&GroupPermission{}).Error
+	if err != nil {
+		m.logger.Error("delete old permission", zap.Error(err))
+		return
 	}
 
-	db = db.Offset((opt.Page - 1) * opt.Size).Limit(opt.Size)
-
-	err = db.Find(&groupPermissionList).Error
-	if err != nil && err != gorm.ErrRecordNotFound {
-		m.logger.Error("GetGroupPermissionList", zap.Error(err))
+	// 添加新的权限
+	var permissions []GroupPermission
+	for _, permissionId := range permissionIds {
+		permissions = append(permissions, GroupPermission{GroupId: groupdId, PermissionId: permissionId})
 	}
-	return
-}
-
-// DeleteGroupPermission 删除数据
-func (m *DBModel) DeleteGroupPermission(ids []interface{}) (err error) {
-	err = m.db.Where("id in (?)", ids).Delete(&GroupPermission{}).Error
+	err = sess.Create(&permissions).Error
 	if err != nil {
-		m.logger.Error("DeleteGroupPermission", zap.Error(err))
+		m.logger.Error("create group permission", zap.Error(err))
+		return
 	}
+
 	return
 }
diff --git a/model/user.go b/model/user.go
index af9ddc5..809c730 100644
--- a/model/user.go
+++ b/model/user.go
@@ -290,3 +290,31 @@ func (m *DBModel) initUser() (err error) {
 	}
 	return
 }
+
+// GetUserPermissinsByUserId 根据用户ID获取用户权限
+func (m *DBModel) GetUserPermissinsByUserId(userId int64) (permissions []*Permission, err error) {
+	sql := `SELECT
+			p.*
+		FROM 
+			%s p
+		LEFT JOIN 
+			%s gp 
+		ON
+			p.id = gp.permission_id
+		LEFT JOIN 
+			%s ug
+		ON
+			ug.group_id=gp.group_id
+		WHERE
+			ug.user_id=?
+		group by p.id
+	`
+	sql = fmt.Sprintf(sql, Permission{}.TableName(), GroupPermission{}.TableName(), UserGroup{}.TableName())
+	err = m.db.Raw(sql, userId).Find(&permissions).Error
+	if err != nil && err != gorm.ErrRecordNotFound {
+		m.logger.Error("GetUserPermissinsByUserId", zap.Error(err))
+		return
+	}
+	err = nil
+	return
+}
diff --git a/web/api/group.js b/web/api/group.js
index 65840a2..6264d60 100644
--- a/web/api/group.js
+++ b/web/api/group.js
@@ -40,4 +40,18 @@ export const listGroup = (params) => {
   })
 }
 
+export const getGroupPermission = (params) => {
+  return service({
+    url: '/api/v1/group/permission',
+    method: 'get',
+    params,
+  })
+}
 
+export const updateGroupPermission = (data) => {
+  return service({
+    url: '/api/v1/group/permission',
+    method: 'put',
+    data,
+  })
+}
diff --git a/web/api/user.js b/web/api/user.js
index 5174842..44e3b35 100644
--- a/web/api/user.js
+++ b/web/api/user.js
@@ -71,3 +71,11 @@ export const getUserCaptcha = (params) => {
     params,
   })
 }
+
+export const getUserPermissions = (params) => {
+  return service({
+    url: '/api/v1/user/permission',
+    method: 'get',
+    params,
+  })
+}
diff --git a/web/components/FormGroupPermission.vue b/web/components/FormGroupPermission.vue
new file mode 100644
index 0000000..6c07862
--- /dev/null
+++ b/web/components/FormGroupPermission.vue
@@ -0,0 +1,114 @@
+<template>
+  <div class="com-form-group-permission">
+    <el-form label-position="top" label-width="80px" :model="groupPermission">
+      <el-checkbox-group v-model="groupPermission.permission_id">
+        <el-checkbox
+          v-for="item in permissions"
+          :key="'permission-' + item.id"
+          :label="item.id"
+          >{{ item.title || item.method + ':' + item.path }}</el-checkbox
+        >
+      </el-checkbox-group>
+      <el-form-item>
+        <el-button
+          type="primary"
+          class="btn-block"
+          icon="el-icon-check"
+          :loading="loading"
+          @click="onSubmit"
+          >提交</el-button
+        >
+      </el-form-item>
+    </el-form>
+  </div>
+</template>
+<script>
+import { listPermission } from '~/api/permission'
+import { getGroupPermission, updateGroupPermission } from '~/api/group'
+export default {
+  name: 'FormGroupPermission',
+  props: {
+    groupId: {
+      type: Number,
+      default: 0,
+    },
+  },
+  data() {
+    return {
+      loading: false,
+      groupPermission: {
+        group_id: 0,
+        permission_id: [],
+      },
+      permissions: [],
+    }
+  },
+  watch: {
+    groupId: {
+      handler(val) {
+        this.groupPermission.group_id = val
+        this.loadAllPermissions()
+      },
+      immediate: true,
+    },
+  },
+  created() {
+    this.loadAllPermissions()
+    this.permission = this.initPermission
+  },
+  methods: {
+    async onSubmit() {
+      this.loading = true
+      const res = await updateGroupPermission(this.groupPermission)
+      if (res.status === 200) {
+        this.$message.success('设置成功')
+        this.$emit('success')
+      } else {
+        this.$message.error(res.data.message)
+      }
+      this.loading = false
+    },
+    async loadAllPermissions() {
+      if (this.groupPermission.group_id > 0) {
+        this.groupPermission.permission_id = [] // 重置授权信息
+        const [resPermissions, resGroupPermissions] = await Promise.all([
+          listPermission(),
+          getGroupPermission({ id: this.groupPermission.group_id }),
+        ])
+        if (resPermissions.status !== 200) {
+          this.$message.error(resPermissions.data.message)
+        }
+        if (resGroupPermissions.status !== 200) {
+          this.$message.error(resGroupPermissions.data.message)
+        }
+
+        if (
+          resPermissions.status === 200 &&
+          resGroupPermissions.status === 200
+        ) {
+          this.permissions = resPermissions.data.permission || []
+          this.groupPermission.permission_id =
+            resGroupPermissions.data.permission_id || []
+        }
+      }
+    },
+    clearValidate() {
+      this.$refs.formPermission.clearValidate()
+    },
+    resetFields() {
+      this.$refs.formPermission.resetFields()
+    },
+    reset() {
+      this.resetFields()
+      this.clearValidate()
+    },
+  },
+}
+</script>
+<style lang="scss">
+.com-form-group-permission {
+  .el-checkbox {
+    margin-bottom: 20px;
+  }
+}
+</style>
diff --git a/web/components/TableList.vue b/web/components/TableList.vue
index a15c3e1..fd22868 100644
--- a/web/components/TableList.vue
+++ b/web/components/TableList.vue
@@ -82,6 +82,7 @@
         :min-width="actionsMinWidth"
       >
         <template slot-scope="scope">
+          <slot :row="scope.row" name="actions"></slot>
           <el-button
             v-if="showView"
             type="text"
diff --git a/web/pages/admin/user/group.vue b/web/pages/admin/user/group.vue
index 3bbfe4c..ad2254f 100644
--- a/web/pages/admin/user/group.vue
+++ b/web/pages/admin/user/group.vue
@@ -21,10 +21,21 @@
         :show-edit="true"
         :show-delete="true"
         :show-select="true"
+        :actions-min-width="200"
         @selectRow="selectRow"
         @deleteRow="deleteRow"
         @editRow="editRow"
-      />
+        @permission="setGroupPermission"
+      >
+        <template slot="actions" slot-scope="scope">
+          <el-button
+            type="text"
+            icon="el-icon-coordinate"
+            @click="setGroupPermission(scope.row)"
+            >授权</el-button
+          >
+        </template>
+      </TableList>
     </el-card>
     <el-card v-if="total > 0" shadow="never" class="mgt-20px">
       <div class="text-right">
@@ -49,6 +60,16 @@
     >
       <FormGroup :init-group="group" @success="success" />
     </el-dialog>
+    <el-dialog
+      :title="`【${group.title}】角色授权`"
+      :visible.sync="formGroupPermissionVisible"
+      width="640px"
+    >
+      <FormGroupPermission
+        :group-id="group.id"
+        @success="updateGroupPermissionSuccess"
+      />
+    </el-dialog>
   </div>
 </template>
 
@@ -57,13 +78,15 @@ import { listGroup, deleteGroup, getGroup } from '~/api/group'
 import TableList from '~/components/TableList.vue'
 import FormSearch from '~/components/FormSearch.vue'
 import FormGroup from '~/components/FormGroup.vue'
+import FormGroupPermission from '~/components/FormGroupPermission.vue'
 export default {
-  components: { TableList, FormSearch, FormGroup },
+  components: { TableList, FormSearch, FormGroup, FormGroupPermission },
   layout: 'admin',
   data() {
     return {
       loading: false,
       formGroupVisible: false,
+      formGroupPermissionVisible: false,
       search: {
         wd: '',
         page: 1,
@@ -108,6 +131,13 @@ export default {
       this.search.size = val
       this.listGroup()
     },
+    updateGroupPermissionSuccess() {
+      // 权限设置成功，需要：
+      // 1. 隐藏设置功能
+      this.formGroupPermissionVisible = false
+      // 2. vuex重载用户权限
+      // 3. 刷新页面，以便使设置的权限生效
+    },
     handlePageChange(val) {
       this.search.page = val
       this.listGroup()
@@ -121,6 +151,10 @@ export default {
       this.initGroup()
       this.formGroupVisible = true
     },
+    setGroupPermission(row) {
+      this.group = row
+      this.formGroupPermissionVisible = true
+    },
     async editRow(row) {
       const res = await getGroup({ id: row.id })
       if (res.status === 200) {
diff --git a/web/pages/admin/user/permission.vue b/web/pages/admin/user/permission.vue
index 9ab88c2..0baec3f 100644
--- a/web/pages/admin/user/permission.vue
+++ b/web/pages/admin/user/permission.vue
@@ -19,7 +19,7 @@
         :show-edit="true"
         :show-delete="false"
         :show-select="false"
-        :actions-min-width="'70px'"
+        :actions-min-width="70"
         @editRow="editRow"
       />
     </el-card>