package service import ( "context" "fmt" "reflect" "github.com/gogf/gf/container/gset" "github.com/gogf/gf/database/gdb" "github.com/gogf/gf/errors/gerror" "github.com/gogf/gf/frame/g" "github.com/gogf/gf/os/glog" "github.com/gogf/gf/util/gconv" "dashoo.cn/micro/app/dao" "dashoo.cn/micro/app/model" "dashoo.cn/opms_libary/micro_srv" "dashoo.cn/opms_libary/request" ) // Context 上下文管理服务 type contextService struct { Tenant string `json:"tenant"` Table string `json:"table"` Ctx context.Context `json:"ctx"` CxtUser *request.UserInfo `json:"cxtUser"` } // Init 初始化上下文对象指针到上下文对象中,以便后续的请求流程中可以修改。 func (c *contextService) Init(ctx context.Context) (*contextService, error) { cs := ctx.Value("contextService") if cs != nil { return cs.(*contextService), nil } c = new(contextService) // 获取租户码 tenant, err := micro_srv.GetTenant(ctx) if err != nil { return nil, err } reqMethod, _ := micro_srv.GetReqMethod(ctx) glog.Info("Received " + reqMethod + " request @ " + tenant) c.Tenant = tenant c.CxtUser = nil if !micro_srv.IsAuthExclude(ctx) { userInfo, err := micro_srv.GetUserInfo(ctx) if err != nil { return nil, err } c.CxtUser = &userInfo } c.Ctx = context.WithValue(ctx, "contextService", c) return c, nil } // checkDataScopeWhere 检查结构体是否存在创建人字段 func (c *contextService) checkDataScopeWhere(entity interface{}) error { t := reflect.TypeOf(entity) if t.Kind() == reflect.Ptr { t = t.Elem() } if _, ok := t.FieldByName("CreatedBy"); !ok { return gerror.New("结构体不存在创建人字段") } return nil } // SetDataScopeWhere 设置数据权限 func (c *contextService) SetDataScopeWhere(M *gdb.Model) (*gdb.Model, error) { where, err := c.GetDataScopeWhere() if err != nil { return nil, err } if where == nil { return M, nil } M = M.LeftJoin(dao.SysUser.Table, "user", fmt.Sprintf("%v.created_by=`user`.id", c.Table)).Where(where) return M, nil } // GetDataScopeWhere 获取数据权限判断条件 func (c *contextService) GetDataScopeWhere() (where g.Map, err error) { userSrv := &userService{ contextService: c, Dao: dao.NewSysUserDao(c.Tenant), } roleSrv := &roleService{ contextService: c, Dao: dao.NewSysRoleDao(c.Tenant), } deptSrv := &deptService{ contextService: c, Dao: dao.NewSysDeptDao(c.Tenant), } userInfo := c.CxtUser whereJustMe := g.Map{} //本人数据权限 //若存在用户id的字段,则生成判断数据权限的条件 //1、获取当前用户所属角色 roles, err := userSrv.GetRolesByUserId(userInfo.Id) if err != nil { return nil, err } //2获取角色对应数据权限 deptIdArr := gset.New() for _, role := range roles { switch role.DataScope { case "10": //全部数据权限 return nil, nil case "20": //自定数据权限 deptIds, err := roleSrv.GetRoleDeptTreeselect(gconv.Int64(role.Id)) if err != nil { return nil, err } deptIdArr.Add(gconv.Interfaces(deptIds)...) case "30": //本部门数据权限 deptIdArr.Add(gconv.Int64(userInfo.DeptId)) case "40": //本部门及以下数据权限 deptIdArr.Add(gconv.Int64(userInfo.DeptId)) //获取正常状态部门数据 depts, err := deptSrv.GetList(&model.SysDeptSearchParams{Status: "10"}) if err != nil { return nil, err } childrenList := deptSrv.FindSonByParentId(depts, userInfo.DeptId) for _, children := range childrenList { deptIdArr.Add(gconv.Int64(children.Id)) } case "50": //仅本人数据权限 whereJustMe = g.Map{"`user`.id": userInfo.Id} } } if deptIdArr.Size() > 0 { where = g.Map{"`user`.dept_id": deptIdArr.Slice()} } else if len(whereJustMe) > 0 { where = whereJustMe } return } func (c *contextService) GetCxtUserId() int { if c.CxtUser == nil { return -1 } return c.CxtUser.Id } func (c *contextService) GetCxtUserUuid() string { if c.CxtUser == nil { return "-1" } return c.CxtUser.Uuid } func (c *contextService) GetCxtUserName() string { if c.CxtUser == nil { return "-1" } return c.CxtUser.NickName } func (c *contextService) GetCxtUserDeptId() int { if c.CxtUser == nil { return -1 } return c.CxtUser.DeptId } func (c *contextService) GetCxtUserRoles() []string { if c.CxtUser == nil { return []string{} } return c.CxtUser.Roles } func (c *contextService) GetCxtUserPosts() []string { if c.CxtUser == nil { return []string{} } return c.CxtUser.Posts } func (c *contextService) GetCxtUserGroups() []string { if c.CxtUser == nil { return []string{} } return c.CxtUser.Groups }