企业平台二次验证修改

@@ -43,3 +43,5 @@ h5_host = "http://mmm-web-open-test.fjmaimaimai.com"
 #审核中心
 #审核中心
 suplus_approve_host ="http://suplus-approve-dev.fjmaimaimai.com"
 suplus_approve_host ="http://suplus-approve-dev.fjmaimaimai.com"
 
 
+#企业平台
+BUSINESS_ADMIN_SERVICE_HOST ="${BUSINESS_ADMIN_SERVICE_HOST||http://suplus-business-admin-test.fjmaimaimai.com/}"

@@ -2,7 +2,7 @@ package v1
 
 
 import (
 import (
 	"encoding/json"
 	"encoding/json"
-
+	"github.com/astaxie/beego"
 	"opp/controllers"
 	"opp/controllers"
 	"opp/protocol"
 	"opp/protocol"
 	"opp/services/auth"
 	"opp/services/auth"
@@ -36,6 +36,10 @@ func (this *AuthController) Login() {
 		return
 		return
 	}
 	}
 	header := controllers.GetRequestHeader(this.Ctx)
 	header := controllers.GetRequestHeader(this.Ctx)
+	if beego.BConfig.RunMode == "prod" || beego.BConfig.RunMode == "test" {
+		msg = protocol.NewReturnResponse(auth.LoginV3(header, request))
+		return
+	}
 	msg = protocol.NewReturnResponse(auth.Login(header, request))
 	msg = protocol.NewReturnResponse(auth.Login(header, request))
 }
 }
 
 

@@ -2,6 +2,7 @@ package v1
 
 
 import (
 import (
 	"encoding/json"
 	"encoding/json"
+	"github.com/astaxie/beego"
 	"gitlab.fjmaimaimai.com/mmm-go/gocomm/pkg/log"
 	"gitlab.fjmaimaimai.com/mmm-go/gocomm/pkg/log"
 	"opp/controllers"
 	"opp/controllers"
 	"opp/protocol"
 	"opp/protocol"
@@ -157,6 +158,10 @@ func (this *UserController) UserInfo() {
 		return
 		return
 	}
 	}
 	header := controllers.GetRequestHeader(this.Ctx)
 	header := controllers.GetRequestHeader(this.Ctx)
+	if beego.BConfig.RunMode == "prod" || beego.BConfig.RunMode == "test" {
+		msg = protocol.NewReturnResponse(user.UserInfoV3(header, request))
+		return
+	}
 	msg = protocol.NewReturnResponse(user.UserInfo(header, request))
 	msg = protocol.NewReturnResponse(user.UserInfo(header, request))
 }
 }
 
 

@@ -94,6 +94,12 @@ spec:
               value: "stdout"
               value: "stdout"
             - name: aliyun_logs_access
             - name: aliyun_logs_access
               value: " /opt/logs/app.log"
               value: " /opt/logs/app.log"
+
+            - name: BUSINESS_ADMIN_SERVICE_HOST
+                valueFrom:
+                  configMapKeyRef:
+                    name: suplus-config
+                    key: service.businessadmin
       volumes:
       volumes:
         - name: accesslogs
         - name: accesslogs
           emptyDir: {}
           emptyDir: {}

@@ -129,3 +129,80 @@ func CheckUcenterResponse(message *protocol.Message) (err error) {
 	}
 	}
 	return
 	return
 }
 }
+
+/*******************企业平台****************/
+var MethodUserAuth = "auth/get-user-auth"
+
+//验证用户模块权限
+func CheckUserModuleAuth(uid int64) (auth bool) {
+	var req = NewRequest(fmt.Sprintf("%v%v", beego.AppConfig.String("BUSINESS_ADMIN_SERVICE_HOST"), MethodUserAuth), http.MethodPost)
+	var message = &protocol.Message{}
+	var request = struct {
+		UserId     string `json:"userId"`
+		PlatformId string `json:"platformId"`
+	}{UserId: fmt.Sprintf("%v", uid), PlatformId: "3"} //平台id：1素+；2问题；3机会；18价值
+	var response = struct {
+		UserAuth bool `json:"userAuth"`
+	}{}
+	if data, err := req.ActionDefault(request, &message); err != nil {
+		log.Error(err)
+		return false
+	} else {
+		log.Debug(req.Url, string(data))
+	}
+	if message.Errno != 0 {
+		log.Debug("CheckUserModuleAuth :", message.Errno, message.Errmsg)
+		return false
+	}
+	if err := json.Unmarshal(message.Data, &response); err != nil {
+		log.Error(err, message, string(message.Data))
+		return
+	}
+	return response.UserAuth
+}
+
+type Request struct {
+	HttpReq *httplib.BeegoHTTPRequest
+	Url     string
+}
+
+func NewRequest(url, httpMethod string) *Request {
+	var (
+		httpReq *httplib.BeegoHTTPRequest
+	)
+	if httpMethod == http.MethodGet {
+		httpReq = httplib.Get(url)
+	} else if httpMethod == http.MethodPost {
+		httpReq = httplib.Post(url)
+	} else if httpMethod == http.MethodPut {
+		httpReq = httplib.Put(url)
+	}
+	ret := &Request{
+		HttpReq: httpReq,
+		Url:     url,
+	}
+	return ret
+}
+
+func (req *Request) ActionDefault(request interface{}, message interface{}) (data []byte, err error) {
+	var (
+		httpRsp *http.Response
+	)
+	req.HttpReq.JSONBody(request)
+	req.HttpReq.Header("Content-Type", "application/json")
+	if httpRsp, err = req.HttpReq.DoRequest(); err != nil {
+		log.Error(err)
+		return
+	}
+	data, err = ioutil.ReadAll(httpRsp.Body)
+	defer httpRsp.Body.Close()
+	if err != nil {
+		log.Error(err)
+		return
+	}
+	if err = json.Unmarshal(data, message); err != nil {
+		log.Error(err)
+		return
+	}
+	return
+}

@@ -15,3 +15,9 @@ func Test_UcenterIsUserExists(t *testing.T) {
 		log.Fatal(err)
 		log.Fatal(err)
 	}
 	}
 }
 }
+
+func Test_CheckUserModuleAuth(t *testing.T) {
+	if ok := CheckUserModuleAuth(3649639319273472); !ok {
+		t.Fatal("CheckUserModuleAuth error")
+	}
+}

@@ -31,6 +31,142 @@ var (
 )
 )
 
 
 //登录
 //登录
+func LoginV3(header *protocol.RequestHeader, request *protocol.LoginRequest) (rsp *protocol.LoginResponse, err error) {
+	var (
+		user           *models.User
+		userAuth       *models.UserAuth
+		id                                                 = request.Uid
+		getUserRequest *protocol.UCenterServerLoginRequest = &protocol.UCenterServerLoginRequest{
+			Uid:   id,
+			Token: request.Token,
+			Type:  2,
+		}
+		getUserResponse *protocol.UCenterGetUserResponse
+		message         *protocol.Message
+		company         *models.Company
+		companys        []*models.Company
+	)
+	user, err = models.GetUserByUcenterId(id)
+	if err != nil {
+		log.Error(err)
+		err = protocol.NewErrWithMessage(2002, err) //账号不存在
+		return
+	}
+	if companys, err = models.GetCompanyByPermission(user.Id); err != nil {
+		log.Error(err)
+		err = protocol.NewErrWithMessage(2002, err) //账号不存在
+		return
+	}
+	if len(companys) == 0 {
+		err = protocol.NewErrWithMessage(2002, err) //账号不存在
+		return
+	}
+	if !utils.ValidVersion(header.Version, protocol.RequireVersion) {
+		log.Warn(fmt.Sprintf("版本不足 当前手机版本:%v 需要版本大于:%v", header.Version, protocol.RequireVersion))
+		err = protocol.NewCustomMessage(2002, "版本不足，请升级app") //账号不存在
+		return
+	}
+	//获取最后一次公司编号给统一用户中心
+	if u, e := models.GetUserAuthByUserId(user.Id, protocol.DeviceType); e == nil && user.UserCenterId == id {
+		if company, e = models.GetCompanyById(u.CurrentCompanyId); e == nil {
+			getUserRequest.CompanyId = company.UserCenterId
+		}
+	}
+	//验证 当前登录的公司是否有模块权限
+	/************后期移除************/
+	if ucIds, e := models.GetUserAllCompany(user.Id); e != nil {
+		log.Error(e)
+		err = protocol.NewErrWithMessage(2002, err) //账号不存在
+		return
+	} else {
+		var hasAuth bool = false
+		for i := 0; i < len(ucIds); i++ {
+			hasAuth = agg.CheckUserModuleAuth(ucIds[i].Id)
+			if hasAuth {
+				break
+			}
+		}
+		if !hasAuth {
+			err = protocol.NewErrWithMessage(2002, err) //账号不存在
+			return
+		}
+		return
+	}
+	/************后期移除************/
+
+	//从用户中心获取用户信息
+	if _, err = agg.RequestUserCenter(protocol.MethodServerLogin, http.MethodPost, getUserRequest, &message); err != nil {
+		log.Error(err)
+		return
+	}
+	log.Debug(fmt.Sprintf("ucenter_id:%v getuser response:", request.Uid), message.Errno, message.Errmsg)
+	if message.Errno == 0 && message.Errmsg == "ok" {
+		if err = message.Unmarshal(&getUserResponse); err != nil {
+			log.Error(err)
+			return
+		}
+	}
+	switch message.Errno {
+	case -1:
+		err = protocol.NewErrWithMessage(2002, err) //账号不存在
+		return
+	case 0:
+		goto Success
+	case 2002:
+		err = protocol.NewErrWithMessage(2002, err) //账号不存在
+		return
+	case 10001:
+		err = protocol.NewErrWithMessage(2002, err) //账号不存在
+		return
+	case 10003:
+		err = protocol.NewErrWithMessage(4140, err) //账号不存在
+		return
+	default:
+		log.Error("error_no:%v msg:%v", message.Errno, message.Errmsg)
+		err = protocol.NewErrWithMessage(4140, err)
+		return
+	}
+
+Success:
+	{
+		userAuth, err = models.GetUserAuthByUserId(user.Id, 1)
+		if err != nil {
+			if err == orm.ErrNoRows {
+				err = nil
+				userAuth = &models.UserAuth{
+					UserId:     user.Id,
+					DeviceType: 1, //int8(header.DeviceType),
+				}
+				models.AddUserAuth(userAuth)
+			} else {
+				log.Error(err)
+				return
+			}
+		}
+		userAuth.AuthCode = uid.NewV1().StringNoDash()
+
+		/*更新用户信息*/
+		user.CsAccount = getUserResponse.CustomerAccount
+		user.ImToken = getUserResponse.ImToken
+		user.Icon = getUserResponse.Avatar
+		user.NickName = getUserResponse.NickName
+		user.Accid = getUserResponse.Accid
+		user.UserCenterId = getUserResponse.Id
+		if err = models.UpdateUsersById(user); err != nil {
+			log.Error(err)
+			return
+		}
+		userAuth.AuthCodeExp = time.Now().Add(time.Second * protocol.TokenExpire)
+		if err = models.UpdateUserAuthById(userAuth); err != nil {
+			return
+		}
+		rsp = &protocol.LoginResponse{AuthCode: userAuth.AuthCode}
+	}
+	err = protocol.NewSuccessWithMessage("登录成功")
+	return
+}
+
+//登录
 func Login(header *protocol.RequestHeader, request *protocol.LoginRequest) (rsp *protocol.LoginResponse, err error) {
 func Login(header *protocol.RequestHeader, request *protocol.LoginRequest) (rsp *protocol.LoginResponse, err error) {
 	var (
 	var (
 		user           *models.User
 		user           *models.User

@@ -248,6 +248,10 @@ func SwitchCompany(header *protocol.RequestHeader, request *protocol.SwitchCompa
 		err = protocol.NewErrWithMessage(4201) //找不到这家公司
 		err = protocol.NewErrWithMessage(4201) //找不到这家公司
 		return
 		return
 	}
 	}
+	if hasAuth := agg.CheckUserModuleAuth(userCompany.Id); !hasAuth {
+		err = protocol.NewErrWithMessage(2002) //找不到这家公司
+		return
+	}
 	if auth, err = models.GetUserAuthByUserId(header.Uid, protocol.DeviceType); err != nil {
 	if auth, err = models.GetUserAuthByUserId(header.Uid, protocol.DeviceType); err != nil {
 		log.Error(err)
 		log.Error(err)
 		return
 		return
@@ -372,6 +376,130 @@ func UserInfo(header *protocol.RequestHeader, request *protocol.UserInfoRequest)
 	return
 	return
 }
 }
 
 
+//用户信息
+func UserInfoV3(header *protocol.RequestHeader, request *protocol.UserInfoRequest) (rsp *protocol.UserInfoResponse, err error) {
+	var (
+		companyId     int64
+		userCompany   *models.UserCompany
+		userAuth      *models.UserAuth
+		userBaseAgg   *protocol.UserBaseInfoAggregation
+		companys      []*models.Company
+		userCompanys  []*models.UserCompany
+		tmpCompanys   []*models.Company = make([]*models.Company, 0)
+		defaultUserId int64
+	)
+	if companys, err = models.GetCompanyByPermission(header.Uid); err != nil {
+		log.Error(err)
+		return
+	}
+	if userCompanys, err = models.GetUserAllCompany(header.Uid); err != nil {
+		log.Error(err)
+		return
+	}
+	for i := range userCompanys {
+		if hasAuth := agg.CheckUserModuleAuth(userCompanys[i].Id); !hasAuth {
+			log.Debug("检查公司权限：", userCompanys[i].Id, userCompanys[i].CompanyId, "无模块权限")
+			continue
+		}
+		if companyId == 0 { //取默认一个有权限的公司
+			companyId = userCompanys[i].CompanyId
+			defaultUserId = userCompanys[i].Id
+		}
+		for j := 0; j < len(companys); j++ {
+			if userCompanys[i].CompanyId == companys[j].Id {
+				tmpCompanys = append(tmpCompanys, companys[j])
+				break
+			}
+		}
+		if userCompanys[i].Id == header.UserId && userCompanys[i].CompanyId == header.CompanyId {
+			companyId = header.CompanyId
+			break
+		}
+	}
+	//公司列表是所有有权限的公司，企业平台
+	companys = tmpCompanys
+	if len(companys) == 0 {
+		err = protocol.NewErrWithMessage(2002, err) //账号不存在
+		return
+	}
+	if companyId == 0 {
+		if userCompany, err = models.GetUserCompanysFirst(header.Uid); err != nil {
+			log.Error(err)
+			return
+		}
+		if userAuth, err = models.GetUserAuthByUserId(header.Uid, protocol.DeviceType); err != nil {
+			log.Error(err)
+			return
+		}
+		if err = utils.UpdateTableByMap(&models.UserAuth{Id: userAuth.Id}, map[string]interface{}{
+			"CurrentCompanyId": userCompany.CompanyId, "CurrentUserCompanyId": userCompany.Id}); err != nil {
+			log.Error(err)
+			return
+		}
+		companyId = int64(userCompany.CompanyId)
+		header.UserId = userCompany.Id
+	}
+	if header.UserId == 0 {
+		header.UserId = defaultUserId
+	}
+	if userBaseAgg, err = agg.GetUserBaseInfoAggregation(header.UserId, companyId); err != nil {
+		return
+	}
+	rsp = &protocol.UserInfoResponse{
+		User: protocol.User{
+			UserId: header.UserId,
+			Name:   userBaseAgg.User.NickName,
+			Phone:  userBaseAgg.User.Phone,
+			Image: protocol.Picture{
+				Path: userBaseAgg.User.Icon,
+				H:    0,
+				W:    0,
+			},
+			ImToken:   userBaseAgg.User.ImToken,
+			CompanyId: int(companyId),
+			Company: protocol.Company{
+				Id:   userBaseAgg.Company.Id,
+				Name: userBaseAgg.Company.Name,
+				CId:  userBaseAgg.Company.UserCenterId,
+			},
+			Departments: make([]protocol.Dep, 0),
+			Positions:   make([]protocol.Job, 0),
+		},
+	}
+	for i := range companys {
+		rsp.User.Companys = append(rsp.User.Companys, protocol.Company{
+			Id:   companys[i].Id,
+			Name: companys[i].Name,
+			CId:  companys[i].UserCenterId,
+		})
+	}
+	newDep := func(item *protocol.Department) protocol.Dep {
+		return protocol.Dep{
+			Id:   item.DepartmentId,
+			Name: item.Name,
+		}
+	}
+	newPos := func(item *protocol.Position) protocol.Job {
+		return protocol.Job{
+			Id:   item.PositionId,
+			Name: item.Name,
+		}
+	}
+	for i := range userBaseAgg.Departments {
+		rsp.User.Departments = append(rsp.User.Departments, newDep(userBaseAgg.Departments[i]))
+	}
+	for i := range userBaseAgg.Positions {
+		rsp.User.Positions = append(rsp.User.Positions, newPos(userBaseAgg.Positions[i]))
+	}
+	if topDep := agg.GetTopDepartment(userBaseAgg.Departments); topDep.DepartmentId != 0 {
+		rsp.User.Department = newDep(topDep)
+	}
+	if topPos := agg.GetTopPosition(userBaseAgg.Positions); topPos.PositionId != 0 {
+		rsp.User.Position = newPos(topPos)
+	}
+	return
+}
+
 //用户中心-统计信息
 //用户中心-统计信息
 func UserStatistics(header *protocol.RequestHeader, request *protocol.UserStatisticsRequest) (rsp *protocol.UserStatisticsResponse, err error) {
 func UserStatistics(header *protocol.RequestHeader, request *protocol.UserStatisticsRequest) (rsp *protocol.UserStatisticsResponse, err error) {
 	var (
 	var (