package user import ( "context" "cp-organization-management/errors" "cp-organization-management/impl/v1/common" "cp-organization-management/model" pb_v1 "cp-organization-management/pb/v1" "cp-organization-management/utils" "encoding/json" "fmt" "github.com/jaryhe/gopkgs/database" "github.com/jaryhe/gopkgs/logger" "go.uber.org/zap" "google.golang.org/grpc/status" ) func UserPermissionCheck(loginUserInfo, targetUserInfo *model.RbacUser, dbname string) error { // 获取登录用户的区域 loginUserIsSuper, loginTopLevel, loginUserSubZone, _, err := common.GetUserTopSubZone(loginUserInfo.Id, dbname) if err != nil { return err } // 超级用户可以任意操作 if loginUserIsSuper { return nil } // 获取目标用户的区域 targetUserIsSuper, targetUserTopLevel, _, targetUserAllZone, err := common.GetUserTopSubZone(targetUserInfo.Id, dbname) if err != nil { return err } // 不能对超级用户操作 if targetUserIsSuper { return errors.SuperError } // 有父子关系 pids := fmt.Sprintf("%s%d,", loginUserInfo.Pids, loginUserInfo.Id) if len(targetUserInfo.Pids) >= len(pids) && targetUserInfo.Pids[:len(pids)] == pids { return nil } // 检查目标用户是否在登录用户的管辖区域内 if loginTopLevel >= targetUserTopLevel { return errors.UserNotInRightZone } for k, _ := range targetUserAllZone { if _, ok := loginUserSubZone[k]; ok { return nil } } return errors.UserNotInRightZone } func UserDel(ctx context.Context, req *pb_v1.UserDelRequest)(reply *pb_v1.UserDelReply, err error) { reply = &pb_v1.UserDelReply{} defer func() { if r := recover(); r != nil { err = fmt.Errorf("%+v", r) e := &status.Status{} if er := json.Unmarshal([]byte(err.Error()), e); er != nil { logger.Error("err", zap.String("system_err", err.Error()), zap.Stack("stacktrace")) } } }() if req.Uid == 0 || req.Id == 0 || req.OrganizationCode == "" { return nil, errors.ParamsError } dbname := utils.GetDbName(req.OrganizationCode) loginUserInfo, err := common.GetUserBaseInfo(req.Uid, dbname) if err != nil { return nil, err } targetUserInfo, err := common.GetUserBaseInfo(req.Id, dbname) if err != nil { return nil, err } err = UserPermissionCheck(loginUserInfo, targetUserInfo, dbname) if err != nil { return nil, err } db := database.DB().Begin() p := model.NewRbacUser(dbname) where := map[string]interface{}{ "id":req.Id, } err = p.Delete(db, where) if err != nil { db.Rollback() return nil, errors.DataBaseError } ug := model.NewUserZone(dbname) where = map[string]interface{}{ "user_id":req.Id, } err = ug.Delete(database.DB(), where) if err != nil { db.Rollback() return nil, errors.DataBaseError } if err := common.DelUserBaseInfo(req.Id, dbname); err != nil { db.Rollback() return nil, err } if err := common.DelUserZone(req.Id, dbname); err != nil { db.Rollback() return nil, err } db.Commit() reply.Id = targetUserInfo.Id reply.Email = targetUserInfo.Email reply.Username = targetUserInfo.Username reply.Name = targetUserInfo.Name reply.Phone = targetUserInfo.Phone return reply, nil }