|
|
package model
|
|
|
|
|
|
import (
|
|
|
"time"
|
|
|
|
|
|
"go.uber.org/zap"
|
|
|
"gorm.io/gorm"
|
|
|
)
|
|
|
|
|
|
type Permission struct {
|
|
|
Id int64 `form:"id" json:"id,omitempty" gorm:"primaryKey;autoIncrement;column:id;comment:;"`
|
|
|
Method string `form:"method" json:"method,omitempty" gorm:"column:method;type:varchar(16);size:16;index:method_path,unique;comment:请求方法,grpc为空;"`
|
|
|
Path string `form:"path" json:"path,omitempty" gorm:"column:path;type:varchar(128);size:128;index:method_path,unique;comment:API路径;"`
|
|
|
Title string `form:"title" json:"title,omitempty" gorm:"column:title;type:varchar(255);size:255;comment:中文名称;"`
|
|
|
Description string `form:"description" json:"description,omitempty" gorm:"column:description;type:varchar(255);size:255;comment:权限描述;"`
|
|
|
CreatedAt *time.Time `form:"created_at" json:"created_at,omitempty" gorm:"column:created_at;type:datetime;comment:创建时间;"`
|
|
|
UpdatedAt *time.Time `form:"updated_at" json:"updated_at,omitempty" gorm:"column:updated_at;type:datetime;comment:更新时间;"`
|
|
|
}
|
|
|
|
|
|
func (Permission) TableName() string {
|
|
|
return tablePrefix + "permission"
|
|
|
}
|
|
|
|
|
|
// CreatePermission 创建Permission
|
|
|
func (m *DBModel) CreatePermission(permission *Permission) (err error) {
|
|
|
err = m.db.Create(permission).Error
|
|
|
if err != nil {
|
|
|
m.logger.Error("CreatePermission", zap.Error(err))
|
|
|
return
|
|
|
}
|
|
|
return
|
|
|
}
|
|
|
|
|
|
// UpdatePermission 更新Permission,如果需要更新指定字段,则请指定updateFields参数
|
|
|
func (m *DBModel) UpdatePermission(permission *Permission, updateFields ...string) (err error) {
|
|
|
db := m.db.Model(permission)
|
|
|
|
|
|
updateFields = m.FilterValidFields(Permission{}.TableName(), updateFields...)
|
|
|
if len(updateFields) > 0 { // 更新指定字段
|
|
|
db = db.Select(updateFields)
|
|
|
}
|
|
|
|
|
|
err = db.Where("id = ?", permission.Id).Updates(permission).Error
|
|
|
if err != nil {
|
|
|
m.logger.Error("UpdatePermission", zap.Error(err))
|
|
|
}
|
|
|
return
|
|
|
}
|
|
|
|
|
|
// GetPermission 根据id获取Permission
|
|
|
func (m *DBModel) GetPermission(id interface{}, fields ...string) (permission Permission, err error) {
|
|
|
db := m.db
|
|
|
|
|
|
fields = m.FilterValidFields(Permission{}.TableName(), fields...)
|
|
|
if len(fields) > 0 {
|
|
|
db = db.Select(fields)
|
|
|
}
|
|
|
|
|
|
err = db.Where("id = ?", id).First(&permission).Error
|
|
|
return
|
|
|
}
|
|
|
|
|
|
// GetPermissionByMethodPath
|
|
|
func (m *DBModel) GetPermissionByMethodPath(method, path string, createIfNotExist bool, fields ...string) (permission Permission, err error) {
|
|
|
db := m.db
|
|
|
|
|
|
fields = m.FilterValidFields(Permission{}.TableName(), fields...)
|
|
|
if len(fields) > 0 {
|
|
|
db = db.Select(fields)
|
|
|
}
|
|
|
|
|
|
db = db.Where("path = ?", path)
|
|
|
if method != "" {
|
|
|
db = db.Where("method = ?", method)
|
|
|
} else {
|
|
|
db = db.Where("method IS NULL or method = '' or method = 'GRPC'")
|
|
|
}
|
|
|
|
|
|
err = db.First(&permission).Error
|
|
|
if err != nil && err != gorm.ErrRecordNotFound {
|
|
|
m.logger.Error("GetPermissionByIdentifier", zap.Error(err))
|
|
|
return
|
|
|
}
|
|
|
|
|
|
if permission.Id > 0 {
|
|
|
return
|
|
|
}
|
|
|
|
|
|
if createIfNotExist {
|
|
|
if method == "" {
|
|
|
method = "GRPC"
|
|
|
}
|
|
|
permission.Method = method
|
|
|
permission.Path = path
|
|
|
err = m.CreatePermission(&permission)
|
|
|
if err != nil {
|
|
|
m.logger.Error("GetPermissionByIdentifier", zap.Error(err))
|
|
|
return
|
|
|
}
|
|
|
}
|
|
|
return
|
|
|
}
|
|
|
|
|
|
// DeletePermission 删除数据
|
|
|
func (m *DBModel) DeletePermission(ids []interface{}) (err error) {
|
|
|
err = m.db.Where("id in (?)", ids).Delete(&Permission{}).Error
|
|
|
if err != nil {
|
|
|
m.logger.Error("DeletePermission", zap.Error(err))
|
|
|
}
|
|
|
return
|
|
|
}
|
|
|
|
|
|
// CheckPermissionByUserId 根据用户ID,检查用户是否有权限
|
|
|
func (m *DBModel) CheckPermissionByUserId(userId int64, path string, httpMethod ...string) (permission Permission, yes bool) {
|
|
|
var (
|
|
|
userGroups []UserGroup
|
|
|
groupId []int64
|
|
|
method string
|
|
|
)
|
|
|
|
|
|
if len(httpMethod) > 0 {
|
|
|
method = httpMethod[0]
|
|
|
}
|
|
|
|
|
|
if userId > 0 {
|
|
|
m.db.Where("user_id = ?", userId).Find(&userGroups)
|
|
|
for _, ug := range userGroups {
|
|
|
groupId = append(groupId, ug.GroupId)
|
|
|
}
|
|
|
}
|
|
|
|
|
|
permission, yes = m.CheckPermissionByGroupId(groupId, method, path)
|
|
|
// NOTE: ID为1的用户,拥有所有权限,可以理解为类似linux的root用户
|
|
|
if !yes && userId == 1 {
|
|
|
yes = true
|
|
|
return
|
|
|
}
|
|
|
|
|
|
return permission, yes
|
|
|
}
|
|
|
|
|
|
// CheckPermissionByGroupId 根据用户所属用户组ID,检查用户是否有权限
|
|
|
func (m *DBModel) CheckPermissionByGroupId(groupId []int64, method, path string) (permission Permission, yes bool) {
|
|
|
var err error
|
|
|
fields := []string{"id", "method", "path", "title"}
|
|
|
permission, err = m.GetPermissionByMethodPath(method, path, true, fields...)
|
|
|
if err != nil && err != gorm.ErrRecordNotFound {
|
|
|
m.logger.Error("CheckPermissionByGroupId", zap.Error(err))
|
|
|
}
|
|
|
|
|
|
if permission.Id == 0 { // 权限控制表里面不存在的记录,默认允许访问
|
|
|
yes = true
|
|
|
return
|
|
|
}
|
|
|
|
|
|
// 校验当前登录了的用户所属用户组,是否有权限
|
|
|
var groupPermission GroupPermission
|
|
|
err = m.db.Where("group_id in (?) and permission_id = ?", groupId, permission.Id).First(&groupPermission).Error
|
|
|
if err != nil && err != gorm.ErrRecordNotFound {
|
|
|
m.logger.Error("CheckPermissionByGroupId", zap.Error(err))
|
|
|
}
|
|
|
|
|
|
// 如果有权限,返回true
|
|
|
return permission, groupPermission.Id > 0
|
|
|
}
|
|
|
|
|
|
type OptionGetPermissionList struct {
|
|
|
Page int
|
|
|
Size int
|
|
|
WithCount bool // 是否返回总数
|
|
|
SelectFields []string // 查询字段
|
|
|
QueryIn map[string][]interface{} // map[field][]{value1,value2,...}
|
|
|
QueryLike map[string][]interface{} // map[field][]{value1,value2,...}
|
|
|
}
|
|
|
|
|
|
// GetPermissionList 获取Permission列表
|
|
|
func (m *DBModel) GetPermissionList(opt *OptionGetPermissionList) (permissionList []Permission, total int64, err error) {
|
|
|
db := m.db.Model(&Permission{})
|
|
|
tableName := Permission{}.TableName()
|
|
|
|
|
|
db = m.generateQueryIn(db, tableName, opt.QueryIn)
|
|
|
db = m.generateQueryLike(db, tableName, opt.QueryLike)
|
|
|
|
|
|
if opt.WithCount {
|
|
|
err = db.Count(&total).Error
|
|
|
if err != nil {
|
|
|
m.logger.Error("GetPermissionList", zap.Error(err))
|
|
|
return
|
|
|
}
|
|
|
}
|
|
|
|
|
|
opt.SelectFields = m.FilterValidFields(tableName, opt.SelectFields...)
|
|
|
if len(opt.SelectFields) > 0 {
|
|
|
db = db.Select(opt.SelectFields)
|
|
|
}
|
|
|
|
|
|
db = db.Order("path asc").Offset((opt.Page - 1) * opt.Size).Limit(opt.Size)
|
|
|
|
|
|
err = db.Find(&permissionList).Error
|
|
|
if err != nil && err != gorm.ErrRecordNotFound {
|
|
|
m.logger.Error("GetPermissionList", zap.Error(err))
|
|
|
}
|
|
|
return
|
|
|
}
|