dashoo
/
opms_backend


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216
							package service

import (
	"dashoo.cn/micro/app/dao"
	"dashoo.cn/micro/app/model"
	"dashoo.cn/opms_libary/myerrors"
	"dashoo.cn/opms_libary/request"
	"github.com/gogf/gf/container/gset"
	"github.com/gogf/gf/frame/g"
	"github.com/gogf/gf/util/gconv"
)

// GetUserPermission 获取用户权限字符（角色、岗位、用户组）
func (s *UserService) GetUserPermission(userId int) ([]string, []string, []string, error) {
	s.userRoleDao = dao.NewSysUserRoleDao(s.Tenant)
	s.userPostDao = dao.NewSysUserPostDao(s.Tenant)
	s.userGroupDao = dao.NewSysUserGroupDao(s.Tenant)
	roleList, err := s.userRoleDao.As("user_role").LeftJoin(dao.SysRole.Table, "role", "user_role.role_id=role.id").
		Fields(dao.SysRole.C.RoleKey).Where(s.userRoleDao.C.UserId, userId).Array()
	if err != nil {
		g.Log().Error(err)
		return nil, nil, nil, err
	}
	postList, err := s.userPostDao.As("user_post").LeftJoin(dao.SysPost.Table, "post", "user_post.post_id=post.id").
		Fields(dao.SysPost.C.PostCode).Where(s.userPostDao.C.UserId, userId).Array()
	if err != nil {
		g.Log().Error(err)
		return nil, nil, nil, err
	}
	groupList, err := s.userGroupDao.As("user_group").LeftJoin(dao.SysGroup.Table, "group", "user_group.group_id=group.id").
		Fields(dao.SysGroup.C.GroupCode).Where(s.userGroupDao.C.UserId, userId).Array()
	if err != nil {
		g.Log().Error(err)
		return nil, nil, nil, err
	}

	return gconv.Strings(roleList), gconv.Strings(postList), gconv.Strings(groupList), err
}

// GetUserRoleIds 获取用户角色
func (s *UserService) GetUserRoleIds(userId int) (roleIds []int, err error) {
	s.userRoleDao = dao.NewSysUserRoleDao(s.Tenant)
	list, err := s.userRoleDao.Where(dao.SysUserRole.C.UserId, userId).Fields(dao.SysUserRole.C.RoleId).Array()
	if err != nil {
		g.Log().Error(err)
		return nil, myerrors.TipsError("获取用户岗位信息失败")
	}
	return gconv.Ints(list), nil
}

// GetUserPostIds 获取用户岗位
func (s *UserService) GetUserPostIds(userId int) (postIds []int, err error) {
	s.userPostDao = dao.NewSysUserPostDao(s.Tenant)
	list, err := s.userPostDao.Where(dao.SysUserPost.C.UserId, userId).Fields(dao.SysUserPost.C.PostId).Array()
	if err != nil {
		g.Log().Error(err)
		return nil, myerrors.TipsError("获取用户岗位信息失败")
	}
	return gconv.Ints(list), nil
}

// GetUserGroupIds 获取用户的用户组
func (s *UserService) GetUserGroupIds(userId int) (postIds []int, err error) {
	s.userGroupDao = dao.NewSysUserGroupDao(s.Tenant)
	list, err := s.userGroupDao.Where(dao.SysUserGroup.C.UserId, userId).Fields(dao.SysUserGroup.C.GroupId).Array()
	if err != nil {
		g.Log().Error(err)
		return nil, myerrors.TipsError("获取用户岗位信息失败")
	}
	return gconv.Ints(list), nil
}

// GetRolesByUserId 根据用户id获取角色信息详情
func (s *UserService) GetRolesByUserId(userId int) ([]*model.SysRole, error) {
	roleIds, err := s.GetUserRoleIds(userId)
	if err != nil {
		return nil, err
	}
	roles, err := dao.NewSysRoleDao(s.Tenant).WhereIn(dao.SysRole.C.Id, roleIds).All()
	return roles, err
}

// GetPostsByUserId 根据用户id获取岗位信息详情
func (s *UserService) GetPostsByUserId(userId int) ([]*model.SysPost, error) {
	postIds, err := s.GetUserPostIds(userId)
	if err != nil {
		return nil, err
	}
	posts, err := dao.NewSysPostDao(s.Tenant).Where(dao.SysPost.C.Id+" in (?)", postIds).All()
	return posts, err
}

// GetMaxRoleDataScopeByUser 获取用户所拥有的角色最高数据权限
func (s *UserService) GetMaxRoleDataScopeByUser(userId int) ([]*model.SysRole, error) {
	// 获取岗位角色
	postRoleIds, err := dao.NewSysPostRoleDao(s.Tenant).As("postRole").Fields(dao.SysPostRole.C.RoleId).
		WhereIn(dao.SysPostRole.C.PostId,
			dao.NewSysUserPostDao(s.Tenant).Fields(dao.SysUserPost.C.PostId).Where(dao.SysUserPost.C.UserId, userId).M,
		).Array()

	if err != nil {
		return nil, err
	}

	// 获取用户角色
	userRoleIds, err := dao.NewSysUserRoleDao(s.Tenant).Fields(dao.SysUserRole.C.RoleId).Where(dao.SysUserRole.C.UserId, userId).Array()
	if err != nil {
		return nil, err
	}

	roleIds := append(postRoleIds, userRoleIds...)
	roles, err := dao.NewSysRoleDao(s.Tenant).Distinct().Order(dao.SysRole.C.DataScope).WhereIn(s.Dao.C.Id, roleIds).All()
	if err != nil {
		return nil, err
	}
	if len(roles) == 0 {
		return nil, nil
	}

	return roles, err
}

// GetDataScope 获取某用户数据集合权限，返回Ids(用户Id列表)，返回-1表示无角色，返回-2表示有全部集合权限
func (s *UserService) GetDataScope(userInfo *request.UserInfo) (dataScope g.Map, err error) {
	userDao := s.Dao
	userId := userInfo.Id
	// 权限
	userInfo.Roles, userInfo.Posts, userInfo.Groups, err = s.GetUserPermission(userInfo.Id)
	if err != nil {
		g.Log().Error(err)
		return nil, myerrors.TipsError("获取用户权限失败")
	}

	// 产品线数据权限
	lineSrv, _ := NewLineService(s.Ctx)
	productLineList, err := lineSrv.getCurrentUserProductAuth(userId)
	if err != nil {
		return nil, err
	}
	// 大项目授权数据权限
	isBigProject, err := lineSrv.getCurrentUserBigProjectAuth(userId)
	if err != nil {
		return nil, err
	}

	// 地区数据权限
	regionSrv, _ := NewRegionService(s.Ctx)
	regionList, err := regionSrv.getCurrentUserRegionAuth(userId)
	if err != nil {
		return nil, err
	}

	// 获取角色
	roles, err := s.GetMaxRoleDataScopeByUser(userId)
	if err != nil {
		return nil, err
	}
	if len(roles) == 0 { // 无角色
		return g.Map{"userIds": userId}, nil
	}
	// 数据集合权限 10：全部数据权限 20：自定数据权限 30：本部门数据权限 40：本部门及以下数据权限 50：仅本人数据权限
	userIdArr := gset.NewIntSet()
	deptFlag, deptAndSonFlag := false, false
	for _, role := range roles {
		switch role.DataScope {
		case "10": // 所有数据权限
			return g.Map{"userIds": "-1"}, nil
		case "20": // 自定数据权限
			userIds, err := userDao.Fields(userDao.C.Id).WhereIn(
				userDao.C.DeptId, dao.NewSysRoleDeptDao(s.Tenant).Fields(dao.SysRoleDept.C.DeptId).WhereIn(dao.SysRoleDept.C.RoleId, role.Id).M,
			).Array()
			if err != nil {
				return nil, err
			}
			userIdArr.Add(gconv.Ints(userIds)...)
		case "30": // 本部门数据权限
			if deptAndSonFlag || deptFlag {
				continue
			}
			deptFlag = true
			userIds, err := userDao.Fields(userDao.C.Id).Where(userDao.C.DeptId, userInfo.DeptId).Array()
			if err != nil {
				return nil, err
			}
			userIdArr.Add(gconv.Ints(userIds)...)
		case "40": // 本部门及以下数据权限
			if deptAndSonFlag {
				continue
			}
			deptAndSonFlag = true
			deptSrv, _ := NewDeptService(s.Ctx)
			//获取下级部门数据
			deptIds, err := deptSrv.GetSonAndSelfIdByParentId(userInfo.DeptId)
			if err != nil {
				return nil, err
			}
			userIds, err := userDao.Fields(userDao.C.Id).WhereIn(userDao.C.DeptId, deptIds).Array()
			if err != nil {
				return nil, err
			}
			userIdArr.Add(gconv.Ints(userIds)...)
		case "50": // 仅本人数据权限
			userIdArr.Add(userId)
		}
	}
	if userIdArr.Size() == 0 {
		userIdArr.Add(userId)
	}
	dataScope = g.Map{"userIds": userIdArr.Slice(), "cust_city_id": regionList, "product_line": productLineList}
	if isBigProject != "" {
		dataScope["is_big"] = isBigProject
	}
	dataScope["roles"] = userInfo.Roles
	dataScope["posts"] = userInfo.Posts
	return dataScope, nil
}