package service import ( "context" "dashoo.cn/micro/app/dao" "dashoo.cn/micro/app/model" "errors" "fmt" "github.com/gogf/gf/container/gset" "github.com/gogf/gf/database/gdb" "github.com/gogf/gf/errors/gerror" "github.com/gogf/gf/frame/g" "github.com/gogf/gf/os/gtime" "github.com/gogf/gf/text/gstr" "github.com/gogf/gf/util/gconv" "github.com/gogf/gf/util/grand" "github.com/mssola/user_agent" "reflect" ) type sysUser struct { NotCheckAuthAdminIds *gset.Set //无需验证权限的用户id } type UserMenu struct { *model.SysAuthRuleInfoRes Index string `json:"index"` Name string `json:"name"` MenuName string `json:"menuName"` Component string `json:"component"` Path string `json:"path"` Meta struct { Icon string `json:"icon"` Title string `json:"title"` } `json:"meta"` Hidden bool `json:"hidden"` AlwaysShow bool `json:"alwaysShow"` } type UserMenus struct { UserMenu Children []UserMenus `json:"children"` } var ( notCheckAuthAdminIds = g.Cfg().GetInterfaces("system.notCheckAuthAdminIds") SysUser = &sysUser{ NotCheckAuthAdminIds: gset.NewFrom(notCheckAuthAdminIds), } ) // GetAdminUserByUsernamePassword 后台登陆验证 func (s *sysUser) GetAdminUserByUsernamePassword(ctx context.Context, req *model.LoginParamsReq) (user *model.LoginUserRes, err error) { user, err = s.GetUserByUsernamePassword(ctx, req) if err != nil { return } //判断是否后台用户 if user.IsAdmin != 1 { return nil, gerror.New("抱歉!您不属于后台管理员!") } return } // GetUserByUsernamePassword 登陆验证 func (s *sysUser) GetUserByUsernamePassword(ctx context.Context, req *model.LoginParamsReq) (user *model.LoginUserRes, err error) { user, err = s.GetUserByUsername(ctx, req.Username) if err != nil { return } if user == nil { return nil, gerror.New("账号密码错误") } //验证密码 if library.EncryptPassword(req.Password, user.UserSalt) != user.UserPassword { return nil, gerror.New("账号密码错误") } //账号状态 if user.UserStatus == 0 { return nil, gerror.New("账号已被冻结") } return } // GetUserByUsername 通过用户名获取用户信息 func (s *sysUser) GetUserByUsername(ctx context.Context, userName string) (user *model.LoginUserRes, err error) { return dao.SysUser.FindByUsername(ctx, userName) } // UpdateLoginInfo 更新用户登录信息 保存登录日志 func (s *sysUser) UpdateLoginInfo(id uint64, username, ip, userAgent, msg, module string) { status := 0 //登录状态 0失败 1成功 if id != 0 { //说明登录成功更新登录信息 status = 1 dao.SysUser.UpLoginInfo(id, ip) } //保存登录日志(异步) SysLoginLog.Invoke(&model.LoginLogParams{ Status: status, Username: username, Ip: ip, UserAgent: userAgent, Msg: msg, Module: module, }) } // LoginLog 记录登录日志 func (s *sysUser) LoginLog(params *model.LoginLogParams) { ua := user_agent.New(params.UserAgent) browser, _ := ua.Browser() loginData := &model.SysLogin{ LoginName: params.Username, Ipaddr: params.Ip, LoginLocation: library.GetCityByIp(params.Ip), Browser: browser, Os: ua.OS(), Status: params.Status, Msg: params.Msg, LoginTime: gtime.Now(), Module: params.Module, } dao.SysLoginLog.SaveLog(loginData) } // SaveOnline 保存用户登录在线状态信息 func (s *sysUser) SaveOnline(params *model.SysUserOnline) { dao.SysUserOnline.SaveOnline(params) } // GetAdminRole 获取用户角色 func (s *sysUser) GetAdminRole(userId uint64, allRoleList []*model.SysRole) (roles []*model.SysRole, err error) { var roleIds []uint roleIds, err = s.GetAdminRoleIds(userId) if err != nil { return } roles = make([]*model.SysRole, 0, len(allRoleList)) for _, v := range allRoleList { for _, id := range roleIds { if id == v.Id { roles = append(roles, v) } } if len(roles) == len(roleIds) { break } } return } // GetAdminRoleIds 获取用户角色ids func (s *sysUser) GetAdminRoleIds(userId uint64) (roleIds []uint, err error) { enforcer, e := service.Casbin.GetEnforcer() if e != nil { err = e return } //查询关联角色规则 groupPolicy := enforcer.GetFilteredGroupingPolicy(0, gconv.String(userId)) if len(groupPolicy) > 0 { roleIds = make([]uint, len(groupPolicy)) //得到角色id的切片 for k, v := range groupPolicy { roleIds[k] = gconv.Uint(v[1]) } } return } func (s *sysUser) GetPermissions(roleIds []uint) ([]string, error) { //获取角色对应的菜单id enforcer, err := service.Casbin.GetEnforcer() if err != nil { return nil, err } menuIds := map[int64]int64{} for _, roleId := range roleIds { //查询当前权限 gp := enforcer.GetFilteredPolicy(0, gconv.String(roleId)) for _, p := range gp { mid := gconv.Int64(p[1]) menuIds[mid] = mid } } //获取所有开启的按钮 allButtons, err := Rule.GetIsButtonStatusList() userButtons := make([]string, 0, len(allButtons)) for _, button := range allButtons { if _, ok := menuIds[gconv.Int64(button.Id)]; gstr.Equal(button.Condition, "nocheck") || ok { userButtons = append(userButtons, button.Name) } } return userButtons, nil } func (s *sysUser) GetAllMenus() (menus []UserMenus, err error) { //获取所有开启的菜单 var allMenus []*model.SysAuthRuleInfoRes allMenus, err = Rule.GetIsMenuStatusList() if err != nil { return } menus = make([]UserMenus, len(allMenus)) for k, v := range allMenus { var menu UserMenu menu = s.setMenuData(menu, v) menus[k] = UserMenus{UserMenu: menu} } menus = s.GetMenusTree(menus, 0) return } func (s *sysUser) GetAdminMenusByRoleIds(roleIds []uint) (menus []UserMenus, err error) { //获取角色对应的菜单id enforcer, e := service.Casbin.GetEnforcer() if e != nil { err = e return } menuIds := map[int64]int64{} for _, roleId := range roleIds { //查询当前权限 gp := enforcer.GetFilteredPolicy(0, fmt.Sprintf("%d", roleId)) for _, p := range gp { mid := gconv.Int64(p[1]) menuIds[mid] = mid } } //获取所有开启的菜单 allMenus, err := Rule.GetIsMenuStatusList() if err != nil { return } menus = make([]UserMenus, 0, len(allMenus)) for _, v := range allMenus { if _, ok := menuIds[gconv.Int64(v.Id)]; gstr.Equal(v.Condition, "nocheck") || ok { var roleMenu UserMenu roleMenu = s.setMenuData(roleMenu, v) menus = append(menus, UserMenus{UserMenu: roleMenu}) } } menus = s.GetMenusTree(menus, 0) return } func (s *sysUser) GetMenusTree(menus []UserMenus, pid uint) []UserMenus { returnList := make([]UserMenus, 0, len(menus)) for _, menu := range menus { if menu.Pid == pid { menu.Children = s.GetMenusTree(menus, menu.Id) returnList = append(returnList, menu) } } return returnList } func (s *sysUser) setMenuData(menu UserMenu, entity *model.SysAuthRuleInfoRes) UserMenu { menu = UserMenu{ SysAuthRuleInfoRes: entity, Index: entity.Name, Name: gstr.UcFirst(entity.Path), MenuName: entity.Title, Meta: struct { Icon string `json:"icon"` Title string `json:"title"` }(struct { Icon string Title string }{Icon: entity.Icon, Title: entity.Title}), } if entity.MenuType != 0 { menu.Component = entity.Component menu.Path = entity.Path } else { menu.Component = "Layout" menu.Path = "/" + entity.Path } if entity.AlwaysShow == 1 { menu.Hidden = false } else { menu.Hidden = true } if entity.AlwaysShow == 1 && entity.MenuType == 0 { menu.AlwaysShow = true } else { menu.AlwaysShow = false } return menu } func (s *sysUser) WriteDeptIdsOfSearchReq(req *model.SysUserSearchReq) error { if req.DeptId == "" { return nil } depts, e := Dept.GetList(&dao.SysDeptSearchParams{ Status: "1", }) if e != nil { return e } deptId := gconv.Int64(req.DeptId) req.DeptIds = append(req.DeptIds, deptId) children := Dept.FindSonByParentId(depts, deptId) for _, d := range children { req.DeptIds = append(req.DeptIds, d.DeptId) } return nil } // GetUsersRoleDept 获取多个用户角色 部门信息 func (s *sysUser) GetUsersRoleDept(userList []*model.SysUser) ([]*model.SysUserRoleDeptRes, error) { allRoles, err := SysRole.GetRoleList() if err != nil { g.Log().Error(err) return nil, err } depts, err := Dept.GetList(&dao.SysDeptSearchParams{}) if err != nil { g.Log().Error(err) return nil, err } users := make([]*model.SysUserRoleDeptRes, len(userList)) for k, u := range userList { var dept *model.SysDept users[k] = &model.SysUserRoleDeptRes{ SysUser: u, } for _, d := range depts { if u.DeptId == uint64(d.DeptId) { dept = d } } users[k].Dept = dept roles, err := s.GetAdminRole(u.Id, allRoles) if err != nil { g.Log().Error(err) return nil, err } for _, r := range roles { users[k].RoleInfo = append(users[k].RoleInfo, &struct { RoleId uint `json:"roleId"` Name string `json:"name"` }{RoleId: r.Id, Name: r.Name}) } } return users, nil } // GetUserRoleDeptPost 获取某个用户对应的部门、岗位、角色信息 func (s *sysUser) GetUserRoleDeptPost(user *model.SysUser) (*model.SysUserRoleDeptRes, error) { allRoles, err := SysRole.GetRoleList() if err != nil { g.Log().Error(err) return nil, err } //部门 depts, err := Dept.GetList(&dao.SysDeptSearchParams{}) if err != nil { g.Log().Error(err) return nil, err } userData := &model.SysUserRoleDeptRes{ SysUser: user, } for _, d := range depts { if user.DeptId == uint64(d.DeptId) { userData.Dept = d } } //角色 roles, err := s.GetAdminRole(user.Id, allRoles) if err != nil { g.Log().Error(err) return nil, err } for _, r := range roles { userData.RoleInfo = append(userData.RoleInfo, &struct { RoleId uint `json:"roleId"` Name string `json:"name"` }{RoleId: r.Id, Name: r.Name}) } //岗位 posts, err := s.GetPostsByUserId(user.Id) if err != nil { return nil, err } for _, v := range posts { userData.Post = append(userData.Post, &struct { PostId int64 `json:"postId"` PostName string `json:"postName"` }{PostId: v.PostId, PostName: v.PostName}) } return userData, nil } func (s *sysUser) GetUserList(req *model.SysUserSearchReq) (total, page int, userList []*model.SysUser, err error) { if req.PageSize == 0 { req.PageSize = comModel.PageSize } userModel := dao.SysUser.M if req.KeyWords != "" { keyWords := "%" + req.KeyWords + "%" userModel = userModel.Where("user_name like ? or user_nickname like ?", keyWords, keyWords) } if len(req.DeptIds) != 0 { userModel = userModel.Where("dept_id in (?)", req.DeptIds) } if req.Status != "" { userModel = userModel.Where("user_status", gconv.Int(req.Status)) } if req.Phonenumber != "" { userModel = userModel.Where("mobile like ?", "%"+req.Phonenumber+"%") } if req.BeginTime != "" { userModel = userModel.Where("created_at >=?", req.BeginTime) } if req.EndTime != "" { userModel = userModel.Where("created_at <=?", req.EndTime) } total, err = userModel.Count() if err != nil { g.Log().Error(err) err = gerror.New("获取总行数失败") return } if req.PageNum == 0 { req.PageNum = 1 } page = req.PageNum err = userModel.FieldsEx(dao.SysUser.Columns.UserPassword, dao.SysUser.Columns.UserSalt). Page(page, req.PageSize).Order("id asc").Scan(&userList) return } func (s *sysUser) AddUser(req *model.AddUserReq) (err error) { req.UserSalt = grand.S(10) req.Password = library.EncryptPassword(req.Password, req.UserSalt) var tx *gdb.TX tx, err = g.DB().Begin() if err != nil { err = gerror.New("事务开启失败") return } Model := dao.SysUser.TX(tx) if i, _ := Model.Where("user_name=?", req.UserName).Count(); i != 0 { err = gerror.New("用户名已经存在") tx.Rollback() return } if i, _ := Model.Where("mobile=?", req.Phonenumber).Count(); i != 0 { err = gerror.New("手机号已经存在") tx.Rollback() return } userData := new(model.SysUser) userData.UserName = req.UserName userData.DeptId = req.DeptId userData.UserStatus = req.Status userData.Mobile = req.Phonenumber userData.Sex = req.Sex userData.UserEmail = req.Email userData.UserNickname = req.NickName userData.UserSalt = req.UserSalt userData.UserPassword = req.Password userData.Remark = req.Remark userData.IsAdmin = req.IsAdmin res, err := Model.Insert(userData) if err != nil { tx.Rollback() return } InsertId, _ := res.LastInsertId() err = s.AddUserRole(req.RoleIds, InsertId) if err != nil { g.Log().Error(err) err = gerror.New("设置用户权限失败") tx.Rollback() return } err = s.AddUserPost(req.PostIds, InsertId, tx) if err != nil { g.Log().Error(err) err = gerror.New("设置用户岗位信息失败") tx.Rollback() return } tx.Commit() return } // AddUserRole 添加用户角色信息 func (s *sysUser) AddUserRole(roleIds interface{}, userId int64) (err error) { enforcer, e := service.Casbin.GetEnforcer() if e != nil { err = e return } rule := gconv.Ints(roleIds) for _, v := range rule { _, err = enforcer.AddGroupingPolicy(fmt.Sprintf("%d", userId), fmt.Sprintf("%d", v)) if err != nil { return } } return } // AddUserPost 添加用户岗位信息 func (s *sysUser) AddUserPost(postIds []int64, userId int64, tx *gdb.TX) (err error) { //删除旧岗位信息 _, err = dao.SysUserPost.TX(tx).Where(dao.SysUserPost.Columns.UserId, userId).Delete() if err != nil { g.Log().Error(err) return } if len(postIds) == 0 { return } //添加用户岗位信息 data := g.List{} for _, v := range postIds { data = append(data, g.Map{ dao.SysUserPost.Columns.UserId: userId, dao.SysUserPost.Columns.PostId: v, }) } _, err = dao.SysUserPost.TX(tx).Data(data).Insert() if err != nil { g.Log().Error(err) return } return } // GetUserInfoById 通过Id获取用户信息 func (s *sysUser) GetUserInfoById(id uint64, withPwd ...bool) (user *model.SysUser, err error) { if len(withPwd) > 0 && withPwd[0] { //用户用户信息 err = dao.SysUser.Where(dao.SysUser.Columns.Id, id).Scan(&user) } else { //用户用户信息 err = dao.SysUser.Where(dao.SysUser.Columns.Id, id). FieldsEx(dao.SysUser.Columns.UserPassword, dao.SysUser.Columns.UserSalt).Scan(&user) } if err != nil { g.Log().Error(err) return nil, errors.New("获取用户数据失败") } return } // GetEditUser 获取要修改的用户信息 func (s *sysUser) GetEditUser(id uint64) (g.Map, error) { userData, err := s.GetUserInfoById(id) //获取角色信息 roleList, err := SysRole.GetRoleList() if err != nil { g.Log().Error(err) return nil, errors.New("获取角色数据失败") } //获取已选择的角色信息 checkedRoleIds, err := SysUser.GetAdminRoleIds(id) if err != nil { g.Log().Error(err) return nil, errors.New("获取用户角色数据失败") } if checkedRoleIds == nil { checkedRoleIds = []uint{} } //获取岗位信息 posts, err := s.GetUsedPost() if err != nil { return nil, err } checkedPosts, err := s.GetUserPostIds(id) if err != nil { return nil, err } if checkedPosts == nil { checkedPosts = []int64{} } res := g.Map{ "roleList": roleList, "userInfo": userData, "checkedRoleIds": checkedRoleIds, "posts": posts, "checkedPosts": checkedPosts, } return res, nil } // GetUsedPost 获取正常状态的岗位 func (s *sysUser) GetUsedPost() (list []*model.SysPost, err error) { err = dao.SysPost.Where(dao.SysPost.C.Status, 1). Order(dao.SysPost.C.PostSort + " ASC, " + dao.SysPost.C.PostId + " ASC ").Scan(&list) if err != nil { g.Log().Error(err) err = gerror.New("获取岗位数据失败") } return } // GetUserPostIds 获取用户岗位 func (s *sysUser) GetUserPostIds(userId uint64) (postIds []int64, err error) { var list []*model.SysUserPost err = dao.SysUserPost.Where(dao.SysUserPost.Columns.UserId, userId).Scan(&list) if err != nil { g.Log().Error(err) return nil, gerror.New("获取用户岗位信息失败") } postIds = make([]int64, 0) for _, entity := range list { postIds = append(postIds, entity.PostId) } return } // GetPostsByUserId 根据用户id获取岗位信息详情 func (s *sysUser) GetPostsByUserId(userId uint64) ([]*model.SysPost, error) { postIds, err := s.GetUserPostIds(userId) if err != nil { return nil, err } var posts []*model.SysPost err = dao.SysPost.Where(dao.SysPost.C.PostId+" in (?)", postIds).Scan(&posts) return posts, err } // EditUser 修改用户 func (s *sysUser) EditUser(req *model.EditUserReq) (err error) { if i, _ := dao.SysUser.Where("id!=? and mobile=?", req.UserId, req.Phonenumber).Count(); i != 0 { err = gerror.New("手机号已经存在") return } var tx *gdb.TX tx, err = g.DB().Begin() //保存管理员信息 var userData *model.SysUser err = dao.SysUser.Where("id", req.UserId).Scan(&userData) if err != nil || userData == nil { g.Log().Error(err) err = gerror.New("获取用户信息失败") return } userData.DeptId = req.DeptId userData.UserStatus = req.Status userData.Mobile = req.Phonenumber userData.Sex = req.Sex userData.UserEmail = req.Email userData.UserNickname = req.NickName userData.Remark = req.Remark userData.IsAdmin = req.IsAdmin _, err = dao.SysUser.TX(tx).FieldsEx(dao.SysUser.Columns.Id, dao.SysUser.Columns.CreatedAt, dao.SysUser.Columns.DeletedAt, dao.SysUser.Columns.LastLoginTime). WherePri(userData.Id).Update(userData) if err != nil { g.Log().Error(err) err = gerror.New("修改用户信息失败") tx.Rollback() return } //设置用户所属角色信息 err = s.EditUserRole(req.RoleIds, req.UserId) if err != nil { g.Log().Error(err) err = gerror.New("设置用户权限失败") tx.Rollback() return } //设置用户岗位数据 err = s.AddUserPost(req.PostIds, gconv.Int64(req.UserId), tx) if err != nil { g.Log().Error(err) err = gerror.New("设置用户岗位信息失败") tx.Rollback() return } tx.Commit() return } // EditUserRole 修改用户角色信息 func (s *sysUser) EditUserRole(roleIds interface{}, userId int) (err error) { enforcer, e := service.Casbin.GetEnforcer() if e != nil { err = e return } rule := gconv.Ints(roleIds) //删除用户旧角色信息 enforcer.RemoveFilteredGroupingPolicy(0, fmt.Sprintf("%d", userId)) for _, v := range rule { _, err = enforcer.AddGroupingPolicy(fmt.Sprintf("%d", userId), fmt.Sprintf("%d", v)) if err != nil { return } } return } // ResetUserPwd 重置用户密码 func (s *sysUser) ResetUserPwd(req *model.SysUserResetPwdReq) error { salt := grand.S(10) password := library.EncryptPassword(req.Password, salt) _, err := dao.SysUser.WherePri(req.Id).Update(g.Map{ dao.SysUser.Columns.UserSalt: salt, dao.SysUser.Columns.UserPassword: password, }) return err } func (s *sysUser) ChangeUserStatus(req *model.SysUserStatusReq) error { _, err := dao.SysUser.WherePri(req.Id).Update(g.Map{ dao.SysUser.Columns.UserStatus: req.UserStatus, }) return err } // DeleteUser 删除用户信息 func (s *sysUser) DeleteUser(ctx context.Context, ids []int) error { return g.DB().Transaction(ctx, func(ctx context.Context, tx *gdb.TX) error { _, err := dao.SysUser.Ctx(ctx).TX(tx).Where(dao.SysUser.Columns.Id+" in(?)", ids).Delete() //删除对应权限 enforcer, err := service.Casbin.GetEnforcer() if err == nil { for _, v := range ids { enforcer.RemoveFilteredGroupingPolicy(0, fmt.Sprintf("%d", v)) } } //删除用户对应的岗位 _, err = dao.SysUserPost.Ctx(ctx).TX(tx).Delete(dao.SysUserPost.Columns.UserId+" in (?)", ids) return err }) } // SetAvatar 修改用户头像 func (s *sysUser) SetAvatar(userId uint64, avatarUrl string) error { _, err := dao.SysUser.WherePri(userId).Unscoped().Update(g.Map{ dao.SysUser.Columns.Avatar: avatarUrl, }) return err } // ProfileEdit 修改个人资料 func (s *sysUser) ProfileEdit(req *model.ProfileUpReq) error { _, err := dao.SysUser.WherePri(req.UserId).Unscoped().Update(req) return err } // ProfileUpdatePwd 修改个人密码 func (s *sysUser) ProfileUpdatePwd(req *model.ProfileUpdatePwdReq) error { userInfo, err := s.GetUserInfoById(req.UserId, true) if err != nil { return err } oldPassword := library.EncryptPassword(req.OldPassword, userInfo.UserSalt) if oldPassword != userInfo.UserPassword { return errors.New("原始密码错误!") } salt := grand.S(10) newPassword := library.EncryptPassword(req.NewPassword, salt) _, err = dao.SysUser.WherePri(req.UserId).Unscoped().Update(g.Map{ dao.SysUser.Columns.UserSalt: salt, dao.SysUser.Columns.UserPassword: newPassword, }) return err } // GetDataWhere 获取数据权限判断条件 func (s *sysUser) GetDataWhere(userInfo *dao.CtxUser, entity interface{}) (where g.Map, err error) { whereJustMe := g.Map{} //本人数据权限 t := reflect.TypeOf(entity) for i := 0; i < t.Elem().NumField(); i++ { if t.Elem().Field(i).Name == "CreatedBy" { //若存在用户id的字段,则生成判断数据权限的条件 //1、获取当前用户所属角色 allRoles := ([]*model.SysRole)(nil) allRoles, err = SysRole.GetRoleList() if err != nil { return nil, err } roles := ([]*model.SysRole)(nil) roles, err = s.GetAdminRole(userInfo.Id, allRoles) if err != nil { return nil, err } //2获取角色对应数据权限 deptIdArr := gset.New() for _, role := range roles { switch role.DataScope { case 1: //全部数据权限 return case 2: //自定数据权限 var deptIds []int64 deptIds, err = Dept.GetRoleDepts(gconv.Int64(role.Id)) if err != nil { return } deptIdArr.Add(gconv.Interfaces(deptIds)...) case 3: //本部门数据权限 deptIdArr.Add(gconv.Int64(userInfo.DeptId)) case 4: //本部门及以下数据权限 deptIdArr.Add(gconv.Int64(userInfo.DeptId)) //获取正常状态部门数据 depts := ([]*model.SysDept)(nil) depts, err = Dept.GetList(&dao.SysDeptSearchParams{Status: "1"}) if err != nil { return } var dList g.List for _, d := range depts { m := g.Map{ "id": d.DeptId, "pid": d.ParentId, "label": d.DeptName, } dList = append(dList, m) } l := library.FindSonByParentId(dList, gconv.Int(userInfo.DeptId), "pid", "id") for _, li := range l { deptIdArr.Add(gconv.Int64(li["id"])) } case 5: //仅本人数据权限 whereJustMe = g.Map{"user.id": userInfo.Id} } } if deptIdArr.Size() > 0 { where = g.Map{"user.dept_id": deptIdArr.Slice()} } else if len(whereJustMe) > 0 { where = whereJustMe } } } return } // GetUsers 通过用户ids查询多个用户信息 func (s *sysUser) GetUsers(ids []int) (users []*model.SysUserRes, err error) { if len(ids) == 0 { return } idsSet := gset.NewIntSetFrom(ids).Slice() err = dao.SysUser.Where(dao.SysUser.Columns.Id+" in(?)", idsSet).Fields(model.SysUserRes{}). Order(dao.SysUser.Columns.Id + " ASC").Scan(&users) return }