| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148 |
- package rbac
- import (
- "gd_admin/apis"
- "gd_admin/errors"
- "gd_admin/impl/dbmodel"
- "fmt"
- "strconv"
- "strings"
- "gd_admin/common.in/utils"
- "github.com/astaxie/beego/orm"
- "go.uber.org/zap"
- "golang.org/x/net/context"
- )
- // 获取用户具体权限列表
- func GetUserAccess(uid int64) (map[string][]string, []string, error) {
- node := make(map[string][]string, 0)
- resource := make([]string, 0)
- // 获取分组id
- p := dbmodel.TGdAdminRbacAccess{}
- // where
- filter := map[string]interface{}{
- "uid": uid,
- }
- err := p.Fetch(orm.NewOrm(), filter)
- if err != nil {
- if err == orm.ErrNoRows {
- return node, resource, errors.AccessNotAllow
- }
- l.Error("mysql",
- zap.String("sql", fmt.Sprintf("SELECT * FROM %s", p.TableName())),
- zap.String("fields", utils.MarshalJsonString(filter)),
- zap.String("error", err.Error()))
- return node, resource, errors.DataBaseError
- }
- // 获取节点id
- nodeIds, err := getUserRbacNode(p.GroupId)
- if err != nil {
- return node, resource, err
- }
- if nodeIds == "" {
- return node, resource, nil
- }
- //转换id类型
- ids := strings.Split(nodeIds, ",")
- nodeId := make([]int, len(ids))
- for k, v := range ids {
- id, _ := strconv.Atoi(v)
- nodeId[k] = id
- }
- // where
- where := map[string]interface{}{
- "id__in": nodeId,
- }
- n := dbmodel.TGdAdminRbacNode{}
- list, err := n.FetchAll(orm.NewOrm(), where, []string{"id", "pid", "resource", "object"})
- if err != nil {
- l.Error("mysql",
- zap.String("sql", fmt.Sprintf("SELECT * FROM %s", n.TableName())),
- zap.String("fields", utils.MarshalJsonString(where)),
- zap.String("error", err.Error()))
- return node, resource, errors.DataBaseError
- }
- for _, v := range list {
- if v.Pid == 0 {
- // 根节点
- if _, ok := node[v.Resource]; !ok {
- node[v.Resource] = make([]string, 0)
- resource = append(resource, v.Resource)
- }
- } else {
- // 子节点
- node[v.Resource] = append(node[v.Resource], v.Object)
- }
- }
- return node, resource, nil
- }
- // 用户刷新页面时获取权限列表
- func GetAccess(ctx context.Context, req *apis.GetAccessReq, reply *apis.GetAccessReply) (err error) {
- // 验证参数
- if req.Uid <= 0 {
- return errors.ArgsError
- }
- // 获取权限列表
- reply.Access, reply.Resource, err = GetUserAccess(req.Uid)
- if err != nil {
- return err
- }
- return nil
- }
- func UpdateAccess(db orm.Ormer, uid, groupId int64) error {
- // where
- filter := map[string]interface{}{
- "uid": uid,
- }
- // value
- value := map[string]interface{}{
- "group_id": groupId,
- }
- p := dbmodel.TGdAdminRbacAccess{}
- _, err := p.Save(db, filter, value)
- if err != nil {
- l.Error("mysql",
- zap.String("sql", fmt.Sprintf("Update %s", p.TableName())),
- zap.String("fields", utils.MarshalJsonString(filter, value)),
- zap.String("error", err.Error()))
- return errors.DataBaseError
- }
- return nil
- }
- // 新增访问权限
- func AddAccess(db orm.Ormer, uid, groupId int64) error {
- // where
- p := dbmodel.TGdAdminRbacAccess{
- Uid: int(uid),
- GroupId: int(groupId),
- }
- _, err := p.Create(db)
- if err != nil {
- l.Error("mysql",
- zap.String("sql", fmt.Sprintf("INSERT %s", p.TableName())),
- zap.String("fields", utils.MarshalJsonString(p)),
- zap.String("error", err.Error()))
- return errors.DataBaseError
- }
- return nil
- }
|
