package model import ( "time" "go.uber.org/zap" "gorm.io/gorm" ) type Permission struct { Id int64 `form:"id" json:"id,omitempty" gorm:"primaryKey;autoIncrement;column:id;comment:;"` Method string `form:"method" json:"method,omitempty" gorm:"column:method;type:varchar(16);size:16;index:method_path,unique;comment:请求方法,grpc为空;"` Path string `form:"path" json:"path,omitempty" gorm:"column:path;type:varchar(128);size:128;index:method_path,unique;comment:API路径;"` Title string `form:"title" json:"title,omitempty" gorm:"column:title;type:varchar(255);size:255;comment:中文名称;"` Description string `form:"description" json:"description,omitempty" gorm:"column:description;type:varchar(255);size:255;comment:权限描述;"` CreatedAt *time.Time `form:"created_at" json:"created_at,omitempty" gorm:"column:created_at;type:datetime;comment:创建时间;"` UpdatedAt *time.Time `form:"updated_at" json:"updated_at,omitempty" gorm:"column:updated_at;type:datetime;comment:更新时间;"` } func (Permission) TableName() string { return tablePrefix + "permission" } // CreatePermission 创建Permission func (m *DBModel) CreatePermission(permission *Permission) (err error) { err = m.db.Create(permission).Error if err != nil { m.logger.Error("CreatePermission", zap.Error(err)) return } return } // UpdatePermission 更新Permission,如果需要更新指定字段,则请指定updateFields参数 func (m *DBModel) UpdatePermission(permission *Permission, updateFields ...string) (err error) { db := m.db.Model(permission) updateFields = m.FilterValidFields(Permission{}.TableName(), updateFields...) if len(updateFields) > 0 { // 更新指定字段 db = db.Select(updateFields) } err = db.Where("id = ?", permission.Id).Updates(permission).Error if err != nil { m.logger.Error("UpdatePermission", zap.Error(err)) } return } // GetPermission 根据id获取Permission func (m *DBModel) GetPermission(id interface{}, fields ...string) (permission Permission, err error) { db := m.db fields = m.FilterValidFields(Permission{}.TableName(), fields...) if len(fields) > 0 { db = db.Select(fields) } err = db.Where("id = ?", id).First(&permission).Error return } // GetPermissionByMethodPath func (m *DBModel) GetPermissionByMethodPath(method, path string, createIfNotExist bool, fields ...string) (permission Permission, err error) { db := m.db fields = m.FilterValidFields(Permission{}.TableName(), fields...) if len(fields) > 0 { db = db.Select(fields) } db = db.Where("path = ?", path) if method != "" { db = db.Where("method = ?", method) } else { db = db.Where("method IS NULL or method = '' or method = 'GRPC'") } err = db.First(&permission).Error if err != nil && err != gorm.ErrRecordNotFound { m.logger.Error("GetPermissionByIdentifier", zap.Error(err)) return } if permission.Id > 0 { return } if createIfNotExist { if method == "" { method = "GRPC" } permission.Method = method permission.Path = path err = m.CreatePermission(&permission) if err != nil { m.logger.Error("GetPermissionByIdentifier", zap.Error(err)) return } } return } // DeletePermission 删除数据 func (m *DBModel) DeletePermission(ids []interface{}) (err error) { err = m.db.Where("id in (?)", ids).Delete(&Permission{}).Error if err != nil { m.logger.Error("DeletePermission", zap.Error(err)) } return } // CheckPermissionByUserId 根据用户ID,检查用户是否有权限 func (m *DBModel) CheckPermissionByUserId(userId int64, path string, httpMethod ...string) (permission Permission, yes bool) { var ( userGroups []UserGroup groupId []int64 method string ) if len(httpMethod) > 0 { method = httpMethod[0] } if userId > 0 { m.db.Where("user_id = ?", userId).Find(&userGroups) for _, ug := range userGroups { groupId = append(groupId, ug.GroupId) } } permission, yes = m.CheckPermissionByGroupId(groupId, method, path) // NOTE: ID为1的用户,拥有所有权限,可以理解为类似linux的root用户 if !yes && userId == 1 { yes = true return } return permission, yes } // CheckPermissionByGroupId 根据用户所属用户组ID,检查用户是否有权限 func (m *DBModel) CheckPermissionByGroupId(groupId []int64, method, path string) (permission Permission, yes bool) { var err error fields := []string{"id", "method", "path", "title"} permission, err = m.GetPermissionByMethodPath(method, path, true, fields...) if err != nil && err != gorm.ErrRecordNotFound { m.logger.Error("CheckPermissionByGroupId", zap.Error(err)) } if permission.Id == 0 { // 权限控制表里面不存在的记录,默认允许访问 yes = true return } // 校验当前登录了的用户所属用户组,是否有权限 var groupPermission GroupPermission err = m.db.Where("group_id in (?) and permission_id = ?", groupId, permission.Id).First(&groupPermission).Error if err != nil && err != gorm.ErrRecordNotFound { m.logger.Error("CheckPermissionByGroupId", zap.Error(err)) } // 如果有权限,返回true return permission, groupPermission.Id > 0 } type OptionGetPermissionList struct { Page int Size int WithCount bool // 是否返回总数 SelectFields []string // 查询字段 QueryIn map[string][]interface{} // map[field][]{value1,value2,...} QueryLike map[string][]interface{} // map[field][]{value1,value2,...} } // GetPermissionList 获取Permission列表 func (m *DBModel) GetPermissionList(opt *OptionGetPermissionList) (permissionList []Permission, total int64, err error) { db := m.db.Model(&Permission{}) tableName := Permission{}.TableName() db = m.generateQueryIn(db, tableName, opt.QueryIn) db = m.generateQueryLike(db, tableName, opt.QueryLike) if opt.WithCount { err = db.Count(&total).Error if err != nil { m.logger.Error("GetPermissionList", zap.Error(err)) return } } opt.SelectFields = m.FilterValidFields(tableName, opt.SelectFields...) if len(opt.SelectFields) > 0 { db = db.Select(opt.SelectFields) } db = db.Order("path asc").Offset((opt.Page - 1) * opt.Size).Limit(opt.Size) err = db.Find(&permissionList).Error if err != nil && err != gorm.ErrRecordNotFound { m.logger.Error("GetPermissionList", zap.Error(err)) } return }