feat : 增加模块权限验证

+package command
+
+import (
+	"fmt"
+	"github.com/beego/beego/v2/core/validation"
+	"gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/domain"
+)
+
+type CheckModuleAccessCommand struct {
+	// 操作人
+	Operator domain.Operator `json:"-"`
+	// 模块
+	Module string `json:"module"`
+	// 参数
+	Options []string `json:"options"`
+}
+
+func (cmd *CheckModuleAccessCommand) Valid(validation *validation.Validation) {
+
+}
+
+func (cmd *CheckModuleAccessCommand) ValidateCommand() error {
+	valid := validation.Validation{}
+	b, err := valid.Valid(cmd)
+	if err != nil {
+		return err
+	}
+	if !b {
+		for _, validErr := range valid.Errors {
+			return fmt.Errorf("%s  %s", validErr.Key, validErr.Message)
+		}
+	}
+	return nil
+}

+package dto
+
+// 数控中心报表
+type ModuleAccessToDigitalControlCentreDto struct {
+	// 用户的角色权限列表
+	UserRoles []string `json:"userRoles"`
+	// 列表
+	Allows []*ModuleAccessAllowItem `json:"modules"`
+}
+
+type ModuleAccessAllowItem struct {
+	Allow       bool     `json:"allow"`
+	SettingCode string   `json:"settingCode"`
+	ConfigRoles []string `json:"configRoles"`
+}

+package service
+
+import (
+	"fmt"
+	"github.com/linmadan/egglib-go/core/application"
+	"gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/application/auth/command"
+	"gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/application/auth/dto"
+	"gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/infrastructure/service_gateway/allied_creation_basic"
+	"gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/infrastructure/service_gateway/allied_creation_user"
+	"gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/log"
+	"strings"
+)
+
+func (svr AuthService) CheckModuleAccess(cmd *command.CheckModuleAccessCommand) (interface{}, error) {
+	var (
+		result interface{}
+		err    error
+	)
+
+	switch cmd.Module {
+	case "DigitalControlCentre":
+		result, err = svr.digitalControlCentreModuleAccess(cmd)
+		break
+	default:
+		return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, "unknown module "+cmd.Module)
+	}
+	if err != nil {
+		return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, err.Error())
+	}
+	return result, nil
+}
+
+func (svr AuthService) digitalControlCentreModuleAccess(cmd *command.CheckModuleAccessCommand) (interface{}, error) {
+	if len(cmd.Options) == 0 {
+		return nil, fmt.Errorf("options is empty")
+	}
+
+	alliedCreationBasic := allied_creation_basic.NewHttplibAlliedCreationBasic(cmd.Operator)
+
+	response := dto.ModuleAccessToDigitalControlCentreDto{
+		Allows: make([]*dto.ModuleAccessAllowItem, 0),
+	}
+	var mapAllowItem = make(map[string]*dto.ModuleAccessAllowItem)
+	for i := range cmd.Options {
+		allow := &dto.ModuleAccessAllowItem{
+			SettingCode: cmd.Options[i],
+			Allow:       false,
+			ConfigRoles: []string{},
+		}
+		response.Allows = append(response.Allows, allow)
+		mapAllowItem[allow.SettingCode] = allow
+	}
+
+	alliedCreationUser := allied_creation_user.NewHttplibAlliedCreationUser(cmd.Operator)
+	user, err := alliedCreationUser.UserGet(allied_creation_user.ReqGetUser{
+		UserId: int(cmd.Operator.UserId),
+	})
+	if err != nil {
+		log.Logger.Error(err.Error())
+		return nil, fmt.Errorf("user get fail")
+	}
+	roles := make([]string, 0)
+	for i := range user.UserRole {
+		role := user.UserRole[i]
+		roles = append(roles, role.RoleName)
+	}
+	if len(roles) == 0 {
+		return response, nil
+	}
+	response.UserRoles = roles
+
+	for _, code := range cmd.Options {
+		settingCode := code
+		if len(settingCode) == 0 {
+			return nil, fmt.Errorf("setting code is empty")
+		}
+		result, err := alliedCreationBasic.SystemSettingGet(allied_creation_basic.ReqSystemSettingGet{
+			SettingCode: settingCode,
+		})
+		if err != nil {
+			//log.Logger.Error(err.Error(), map[string]interface{}{"company": cmd.Operator.CompanyId})
+			//return nil, fmt.Errorf("system setting get fail")
+			continue
+		}
+		configRoles := strings.Split(result.Value, "|")
+		if len(configRoles) == 0 {
+			continue
+		}
+		var allow bool = false
+		for _, vi := range configRoles {
+			for _, vj := range roles {
+				if vi == vj {
+					allow = true
+					break
+				}
+			}
+			if allow {
+				break
+			}
+		}
+		if v, ok := mapAllowItem[settingCode]; ok {
+			v.Allow = allow
+			v.ConfigRoles = configRoles
+		}
+	}
+
+	return response, nil
+}

@@ -225,3 +225,16 @@ func (controller *AuthController) CaptchaInit() {
 	data, err := authService.CaptchaInit(cmd)
 	data, err := authService.CaptchaInit(cmd)
 	controller.Response(data, err)
 	controller.Response(data, err)
 }
 }
+
+func (controller *AuthController) CheckModuleAccessCommand() {
+	authService := service.AuthService{}
+	cmd := &command.CheckModuleAccessCommand{}
+	err := controller.Unmarshal(cmd)
+	if err != nil {
+		controller.Response(nil, err)
+		return
+	}
+	cmd.Operator = controller.GetOperator()
+	data, err := authService.CheckModuleAccess(cmd)
+	controller.Response(data, err)
+}

@@ -21,4 +21,6 @@ func init() {
 	web.Router("/v1/auth/user-sign-up", &controllers.AuthController{}, "Post:UserSignUp")
 	web.Router("/v1/auth/user-sign-up", &controllers.AuthController{}, "Post:UserSignUp")
 	web.Router("/v1/auth/reset-password", &controllers.AuthController{}, "Post:ResetPassword") //公司重置密码
 	web.Router("/v1/auth/reset-password", &controllers.AuthController{}, "Post:ResetPassword") //公司重置密码
 	web.Router("/v1/auth/org-switch", &controllers.AuthController{}, "Post:OrgSwitch")
 	web.Router("/v1/auth/org-switch", &controllers.AuthController{}, "Post:OrgSwitch")
+
+	web.Router("/v1/auth/check-module-access", &controllers.AuthController{}, "Post:CheckModuleAccessCommand")
 }
 }