Merge branch 'dev' into local-tangxvhui

@@ -5,11 +5,13 @@ import (
 	"gitlab.fjmaimaimai.com/allied-creation/allied-creation-user/pkg/domain"
 )
 
+/*****   1.快速模块  *****/
+
 // FastPgUser  快速返回领域用户
 //
 // transactionContext 事务
 // userId  用户ID
-func FastPgUser(transactionContext application.TransactionContext, userId int64) (domain.UserRepository, *domain.User, error) {
+func FastPgUser(transactionContext application.TransactionContext, userId int64, options ...option) (domain.UserRepository, *domain.User, error) {
 	var rep domain.UserRepository
 	var mod *domain.User
 	var err error
@@ -28,6 +30,9 @@ func FastPgUser(transactionContext application.TransactionContext, userId int64)
 			return nil, nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
 		}
 	}
+	if err = fastPgDataAuth(transactionContext, mod, options...); err != nil {
+		return nil, nil, err
+	}
 	return rep, mod, err
 }
 
@@ -61,7 +66,7 @@ func FastPgUserBase(transactionContext application.TransactionContext, userBaseI
 //
 // transactionContext 事务
 // roleId  角色Id
-func FastPgRole(transactionContext application.TransactionContext, roleId int64) (domain.RoleRepository, *domain.Role, error) {
+func FastPgRole(transactionContext application.TransactionContext, roleId int64, options ...option) (domain.RoleRepository, *domain.Role, error) {
 	var rep domain.RoleRepository
 	var mod *domain.Role
 	var err error
@@ -80,6 +85,9 @@ func FastPgRole(transactionContext application.TransactionContext, roleId int64)
 			return nil, nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
 		}
 	}
+	if err = fastPgDataAuth(transactionContext, mod, options...); err != nil {
+		return nil, nil, err
+	}
 	return rep, mod, err
 }
 
@@ -213,6 +221,49 @@ func FastPgAccountDestroyRecord(transactionContext application.TransactionContex
 	return rep, mod, err
 }
 
-func FastPgDataAuth(transactionContext application.TransactionContext, operateInfo *domain.OperateInfo) error {
+// fastPgDataAuth  快速数据权限验证
+//
+// data 待认证的数据
+// options 配置项
+func fastPgDataAuth(transactionContext application.TransactionContext, data domain.AuthedData, options ...option) error {
+	option := NewFastOptions(options...)
+	if option.DataAuthRequired && data != nil {
+		if data.BelongOrg() != option.OperateInfo.OrgId {
+			return application.ThrowError(application.BUSINESS_ERROR, "当前登录的组织机构与操作数据组织机构不一致")
+		}
+	}
 	return nil
 }
+
+/*****   2.配置  *****/
+
+type FastOptions struct {
+	DataAuthRequired bool
+	OperateInfo      *domain.OperateInfo
+}
+
+func NewFastOptions(options ...option) *FastOptions {
+	o := &FastOptions{
+		DataAuthRequired: false,
+	}
+	for i := 0; i < len(options); i++ {
+		options[i](o)
+	}
+	return o
+}
+
+type option func(options *FastOptions)
+
+// 需要数据权限
+func WithDataAuthRequired() option {
+	return func(options *FastOptions) {
+		options.DataAuthRequired = true
+	}
+}
+
+// WithOperator 操作人
+func WithOperator(op *domain.OperateInfo) option {
+	return func(options *FastOptions) {
+		options.OperateInfo = op
+	}
+}

@@ -144,7 +144,9 @@ func (orgService *OrgService) GetOrgSubDepartment(getOrgSubDepartmentQuery *quer
 	}()
 
 	orgRepository, org, err := factory.FastPgOrg(transactionContext, getOrgSubDepartmentQuery.OrgId)
-
+	if err != nil {
+		return nil, err
+	}
 	_, orgs, err := orgRepository.Find(map[string]interface{}{"companyId": org.CompanyId})
 	if err != nil {
 		return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, err.Error())

@@ -29,7 +29,7 @@ type Menu struct {
 	// 菜单类别 （web:1、app:2）
 	//Category string `json:"category,omitempty"`
 	// 路径节点路径("0,11,12,")
-	//ParentPath string `json:"parentPath,omitempty"`
+	ParentPath string `json:"parentPath,omitempty"`
 	// 菜单是否公开状态，[1:显示],[2:隐藏],默认显示
 	//IsPublish int `json:"isPublish,omitempty"`
 	// 启用状态(启用:1 禁用:2),默认启用
@@ -48,6 +48,7 @@ func (dto *UserAccessMenuDto) LoadDto(menus []*domain.Menu) error {
 			Icon:         v.Icon,
 			Sort:         v.Sort,
 			EnableStatus: v.EnableStatus,
+			ParentPath:   v.ParentPath,
 		})
 	}
 

@@ -623,7 +623,7 @@ func (userService *UserService) UpdateUser(updateUserCommand *command.UpdateUser
 	defer func() {
 		transactionContext.RollbackTransaction()
 	}()
-	_, user, err := factory.FastPgUser(transactionContext, updateUserCommand.UserId)
+	_, user, err := factory.FastPgUser(transactionContext, updateUserCommand.UserId, factory.WithDataAuthRequired(), factory.WithOperator(updateUserCommand.OperateInfo))
 	if err != nil {
 		return nil, err
 	}

@@ -141,3 +141,8 @@ func (m *Role) CacheKeyFunc() string {
 	}
 	return fmt.Sprintf("%v:cache:role:id:%v", constant.CACHE_PREFIX, m.RoleId)
 }
+
+/*****   3.实现接口 AuthedData  *****/
+func (m *Role) BelongOrg() int64 {
+	return m.OrgId
+}

@@ -240,3 +240,8 @@ func (user *User) CacheKeyFunc() string {
 	}
 	return fmt.Sprintf("%v:cache:users:id:%v", constant.CACHE_PREFIX, user.UserId)
 }
+
+/*****   3.实现接口 AuthedData  *****/
+func (user *User) BelongOrg() int64 {
+	return user.OrganizationId
+}

@@ -17,6 +17,9 @@ type PgDataAuthService struct {
 // options 数据参数
 // data    需要验证权限的数据
 func (ptr *PgDataAuthService) DataAuth(options domain.OperateInfo, data domain.AuthedData) error {
+	if data.BelongOrg() != options.OrgId {
+		return fmt.Errorf("当前登录的组织机构与操作数据组织机构不一致")
+	}
 	return nil
 }