cp-backend
/
cp-organization-management


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131
							package user

import (
	"context"
	"cp-organization-management/errors"
	"cp-organization-management/impl/v1/common"
	"cp-organization-management/model"
	pb_v1 "cp-organization-management/pb/v1"
	"cp-organization-management/utils"
	"encoding/json"
	"fmt"
	"github.com/jaryhe/gopkgs/database"
	"github.com/jaryhe/gopkgs/logger"
	"go.uber.org/zap"
	"google.golang.org/grpc/status"
)


func UserPermissionCheck(loginUserInfo, targetUserInfo *model.RbacUser, dbname string) error {
	// 获取登录用户的区域
	loginUserIsSuper, loginTopLevel, loginUserSubZone, _, err := common.GetUserTopSubZone(loginUserInfo.Id, dbname)
	if err != nil {
		return err
	}
	// 超级用户可以任意操作
	if loginUserIsSuper {
		return nil
	}

	// 获取目标用户的区域
	targetUserIsSuper, targetUserTopLevel, _, targetUserAllZone, err := common.GetUserTopSubZone(targetUserInfo.Id, dbname)
	if err != nil {
		return err
	}
	// 不能对超级用户操作
	if targetUserIsSuper {
		return errors.SuperError
	}

	// 有父子关系
	pids := fmt.Sprintf("%s%d,", loginUserInfo.Pids, loginUserInfo.Id)
	if len(targetUserInfo.Pids) >= len(pids) && targetUserInfo.Pids[:len(pids)] == pids {
		return nil
	}

	// 检查目标用户是否在登录用户的管辖区域内
	if loginTopLevel >= targetUserTopLevel {
		return errors.UserNotInRightZone
	}

	for k, _ := range targetUserAllZone {
		if _, ok := loginUserSubZone[k]; ok {
			return nil
		}
	}

	return errors.UserNotInRightZone
}

func UserDel(ctx context.Context, req *pb_v1.UserDelRequest)(reply *pb_v1.UserDelReply, err error) {
	reply = &pb_v1.UserDelReply{}
	defer func() {
		if r := recover(); r != nil {
			err = fmt.Errorf("%+v", r)
			e := &status.Status{}
			if er := json.Unmarshal([]byte(err.Error()), e); er != nil {
				logger.Error("err",
					zap.String("system_err", err.Error()),
					zap.Stack("stacktrace"))
			}
		}
	}()
	if req.Uid == 0 || req.Id == 0 || req.OrganizationCode == "" {
		return nil, errors.ParamsError
	}

	dbname := utils.GetDbName(req.OrganizationCode)

	loginUserInfo, err := common.GetUserBaseInfo(req.Uid, dbname)
	if err != nil {
		return nil, err
	}
	targetUserInfo, err := common.GetUserBaseInfo(req.Id, dbname)
	if err != nil {
		return nil, err
	}
	
	err = UserPermissionCheck(loginUserInfo, targetUserInfo, dbname)
	if err != nil {
		return nil, err
	}

	db := database.DB().Begin()
	p := model.NewRbacUser(dbname)
	where := map[string]interface{}{
		"id":req.Id,
	}
	err = p.Delete(db, where)
	if err != nil {
		db.Rollback()
		return nil, errors.DataBaseError
	}
	ug := model.NewUserZone(dbname)
	where = map[string]interface{}{
		"user_id":req.Id,
	}
	err = ug.Delete(database.DB(), where)
	if err != nil {
		db.Rollback()
		return nil, errors.DataBaseError
	}

	if err := common.DelUserBaseInfo(req.Id, dbname); err != nil {
		db.Rollback()
		return nil, err
	}
	if err := common.DelUserZone(req.Id, dbname); err != nil {
		db.Rollback()
		return nil, err
	}
	db.Commit()

	reply.Id = targetUserInfo.Id
	reply.Email = targetUserInfo.Email
	reply.Username = targetUserInfo.Username
	reply.Name = targetUserInfo.Name
	reply.Phone = targetUserInfo.Phone
	return reply, nil

}