作者 tangxuhui

Merge branch 'dev' into local-tangxvhui

... ... @@ -5,11 +5,13 @@ import (
"gitlab.fjmaimaimai.com/allied-creation/allied-creation-user/pkg/domain"
)
/***** 1.快速模块 *****/
// FastPgUser 快速返回领域用户
//
// transactionContext 事务
// userId 用户ID
func FastPgUser(transactionContext application.TransactionContext, userId int64) (domain.UserRepository, *domain.User, error) {
func FastPgUser(transactionContext application.TransactionContext, userId int64, options ...option) (domain.UserRepository, *domain.User, error) {
var rep domain.UserRepository
var mod *domain.User
var err error
... ... @@ -28,6 +30,9 @@ func FastPgUser(transactionContext application.TransactionContext, userId int64)
return nil, nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
}
if err = fastPgDataAuth(transactionContext, mod, options...); err != nil {
return nil, nil, err
}
return rep, mod, err
}
... ... @@ -61,7 +66,7 @@ func FastPgUserBase(transactionContext application.TransactionContext, userBaseI
//
// transactionContext 事务
// roleId 角色Id
func FastPgRole(transactionContext application.TransactionContext, roleId int64) (domain.RoleRepository, *domain.Role, error) {
func FastPgRole(transactionContext application.TransactionContext, roleId int64, options ...option) (domain.RoleRepository, *domain.Role, error) {
var rep domain.RoleRepository
var mod *domain.Role
var err error
... ... @@ -80,6 +85,9 @@ func FastPgRole(transactionContext application.TransactionContext, roleId int64)
return nil, nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
}
if err = fastPgDataAuth(transactionContext, mod, options...); err != nil {
return nil, nil, err
}
return rep, mod, err
}
... ... @@ -213,6 +221,49 @@ func FastPgAccountDestroyRecord(transactionContext application.TransactionContex
return rep, mod, err
}
func FastPgDataAuth(transactionContext application.TransactionContext, operateInfo *domain.OperateInfo) error {
// fastPgDataAuth 快速数据权限验证
//
// data 待认证的数据
// options 配置项
func fastPgDataAuth(transactionContext application.TransactionContext, data domain.AuthedData, options ...option) error {
option := NewFastOptions(options...)
if option.DataAuthRequired && data != nil {
if data.BelongOrg() != option.OperateInfo.OrgId {
return application.ThrowError(application.BUSINESS_ERROR, "当前登录的组织机构与操作数据组织机构不一致")
}
}
return nil
}
/***** 2.配置 *****/
type FastOptions struct {
DataAuthRequired bool
OperateInfo *domain.OperateInfo
}
func NewFastOptions(options ...option) *FastOptions {
o := &FastOptions{
DataAuthRequired: false,
}
for i := 0; i < len(options); i++ {
options[i](o)
}
return o
}
type option func(options *FastOptions)
// 需要数据权限
func WithDataAuthRequired() option {
return func(options *FastOptions) {
options.DataAuthRequired = true
}
}
// WithOperator 操作人
func WithOperator(op *domain.OperateInfo) option {
return func(options *FastOptions) {
options.OperateInfo = op
}
}
... ...
... ... @@ -144,7 +144,9 @@ func (orgService *OrgService) GetOrgSubDepartment(getOrgSubDepartmentQuery *quer
}()
orgRepository, org, err := factory.FastPgOrg(transactionContext, getOrgSubDepartmentQuery.OrgId)
if err != nil {
return nil, err
}
_, orgs, err := orgRepository.Find(map[string]interface{}{"companyId": org.CompanyId})
if err != nil {
return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, err.Error())
... ...
... ... @@ -29,7 +29,7 @@ type Menu struct {
// 菜单类别 (web:1、app:2)
//Category string `json:"category,omitempty"`
// 路径节点路径("0,11,12,")
//ParentPath string `json:"parentPath,omitempty"`
ParentPath string `json:"parentPath,omitempty"`
// 菜单是否公开状态,[1:显示],[2:隐藏],默认显示
//IsPublish int `json:"isPublish,omitempty"`
// 启用状态(启用:1 禁用:2),默认启用
... ... @@ -48,6 +48,7 @@ func (dto *UserAccessMenuDto) LoadDto(menus []*domain.Menu) error {
Icon: v.Icon,
Sort: v.Sort,
EnableStatus: v.EnableStatus,
ParentPath: v.ParentPath,
})
}
... ...
... ... @@ -623,7 +623,7 @@ func (userService *UserService) UpdateUser(updateUserCommand *command.UpdateUser
defer func() {
transactionContext.RollbackTransaction()
}()
_, user, err := factory.FastPgUser(transactionContext, updateUserCommand.UserId)
_, user, err := factory.FastPgUser(transactionContext, updateUserCommand.UserId, factory.WithDataAuthRequired(), factory.WithOperator(updateUserCommand.OperateInfo))
if err != nil {
return nil, err
}
... ...
... ... @@ -141,3 +141,8 @@ func (m *Role) CacheKeyFunc() string {
}
return fmt.Sprintf("%v:cache:role:id:%v", constant.CACHE_PREFIX, m.RoleId)
}
/***** 3.实现接口 AuthedData *****/
func (m *Role) BelongOrg() int64 {
return m.OrgId
}
... ...
... ... @@ -240,3 +240,8 @@ func (user *User) CacheKeyFunc() string {
}
return fmt.Sprintf("%v:cache:users:id:%v", constant.CACHE_PREFIX, user.UserId)
}
/***** 3.实现接口 AuthedData *****/
func (user *User) BelongOrg() int64 {
return user.OrganizationId
}
... ...
... ... @@ -17,6 +17,9 @@ type PgDataAuthService struct {
// options 数据参数
// data 需要验证权限的数据
func (ptr *PgDataAuthService) DataAuth(options domain.OperateInfo, data domain.AuthedData) error {
if data.BelongOrg() != options.OrgId {
return fmt.Errorf("当前登录的组织机构与操作数据组织机构不一致")
}
return nil
}
... ...