机会列表数据进行权限过滤

@@ -6,6 +6,8 @@ import (
 	"oppmg/common/log"
 	"oppmg/common/log"
 	"oppmg/models"
 	"oppmg/models"
 	"oppmg/protocol"
 	"oppmg/protocol"
+	serverabc "oppmg/services/rbac"
+	"oppmg/storage/redisdata"
 	"oppmg/utils"
 	"oppmg/utils"
 	"strings"
 	"strings"
 	"time"
 	"time"
@@ -26,6 +28,105 @@ type SqlData struct {
 	Code            string    `orm:"column(code)"`
 	Code            string    `orm:"column(code)"`
 }
 }
 
 
+//根据权限获取机会列表
+func buildSqlForAuditList(usercompanyid int64, companyid int64, userid int64) string {
+	/*
+		OpportunityCheckLv1 int = 1
+		OpportunityCheckLv2 int = 2
+		OpportunityCheckLv3 int = 3
+		OpportunityCheckLv4 int = 4
+	*/
+	var (
+		//自己提交的
+		sql1 string = fmt.Sprintf(` SELECT id FROM chance  WHERE user_id=%d `, usercompanyid)
+		//自己可审核的
+		sql2 string = fmt.Sprintf(` SELECT a.id FROM chance AS a
+						JOIN audit_flow_process AS b ON a.id=b.chance_id
+						WHERE b.uid=%d AND a.review_status = 3 `, usercompanyid)
+		//公开到自己部门的
+		sql3 string = ` SELECT a.id FROM chance AS a 
+						JOIN chance_department AS b ON a.id=b.chance_id
+						WHERE b.department_id IN (%s) AND a.review_status = 3 `
+		//指定提交的部门
+		sql4 string = ` SELECT id FROM chance WHERE department_id IN (%s) and review_status =3 `
+		//全公司公开的
+		sql5 string = ` SELECT id FROM chance where publish_status = 1 AND review_status = 3 `
+
+		allsql           string = ` SELECT t.id FROM (%s) as t `
+		unionsql         string = ``
+		permissionObject serverabc.PermissionOptionObject
+		err              error
+	)
+	//获取权限
+	if ok := redisdata.ExistUserPermission(userid); !ok {
+		//尝试重数据库获取
+		permissionMap, err := serverabc.GetUserPermission(usercompanyid, serverabc.M_SYSTEM_OPPORTUNITY)
+		if err != nil {
+			log.Debug("从数据库未获得对应权限 ：%s", err)
+			unionsql = sql1 + " UNION " + sql2
+			return fmt.Sprintf(allsql, unionsql)
+		}
+		if v, ok := permissionMap[serverabc.M_SYSTEM_OPPORTUNITY]; !ok {
+			unionsql = sql1 + " UNION " + sql2
+			return fmt.Sprintf(allsql, unionsql)
+		} else {
+			permissionObject = v
+		}
+	} else {
+		//使用缓存
+		permissionObject, err = redisdata.GetUserPermission(userid, serverabc.M_SYSTEM_OPPORTUNITY)
+		if err != nil {
+			log.Debug("从缓存未获得对应权限 ：%s", err)
+			unionsql = sql1 + " UNION " + sql2
+			return fmt.Sprintf(allsql, unionsql)
+		}
+	}
+	var (
+		usrPermission *serverabc.OptionOpportunity
+		ok            bool
+		//预设仅可以查看自己
+		sqlslice = []string{sql1, sql2}
+	)
+	if usrPermission, ok = permissionObject.(*serverabc.OptionOpportunity); !ok {
+		log.Error("*serverabc.OptionOpportunity断言失败")
+		unionsql = sql1 + " UNION " + sql2
+		return fmt.Sprintf(allsql, unionsql)
+	}
+	log.Debug("获取到的权限规则：%v", usrPermission)
+	//进行权限判定
+	if _, ok := usrPermission.CheckMap[serverabc.OpportunityCheckLv4]; ok {
+		//查看所有
+		log.Debug("命中规则：查看所有")
+		return ""
+	}
+	if _, ok := usrPermission.CheckMap[serverabc.OpportunityCheckLv3]; ok {
+		//指定部门
+		ids := []string{}
+		for _, v := range usrPermission.CheckOption.Departments {
+			ids = append(ids, fmt.Sprint(v.Id))
+		}
+		if len(ids) > 0 {
+			log.Debug("命中规则：指定部门")
+			sqlslice = append(sqlslice, fmt.Sprintf(sql4, strings.Join(ids, ",")))
+		}
+	}
+	if _, ok := usrPermission.CheckMap[serverabc.OpportunityCheckLv2]; ok {
+		//公开到我的部门
+		ids := []string{}
+		sql6 := `SELECT a.id FROM department AS a WHERE a.id IN (
+					SELECT department_id FROM user_department WHERE user_company_id = ? AND enable_status = 1 
+				) `
+		utils.ExecuteQueryAll(&ids, sql6, usercompanyid)
+		if len(ids) > 0 {
+			log.Error("命中规则：公开到我的部门")
+			sqlslice = append(sqlslice, fmt.Sprintf(sql3, strings.Join(ids, ",")))
+		}
+	}
+	//添加规则全公司公开
+	sqlslice = append(sqlslice, sql5)
+	return fmt.Sprintf(allsql, strings.Join(sqlslice, " UNION "))
+}
+
 func GetAuditList(param protocol.RequestAuditList, companyid int64, userid int64) (protocol.ResponseAuditList, error) {
 func GetAuditList(param protocol.RequestAuditList, companyid int64, userid int64) (protocol.ResponseAuditList, error) {
 
 
 	var (
 	var (
@@ -35,7 +136,9 @@ func GetAuditList(param protocol.RequestAuditList, companyid int64, userid int64
 		cnt               int
 		cnt               int
 		err               error
 		err               error
 		cond              []interface{}
 		cond              []interface{}
+		sqlFromPermission string
 	)
 	)
+
 	returnData := protocol.ResponseAuditList{
 	returnData := protocol.ResponseAuditList{
 		ResponsePageInfo: protocol.ResponsePageInfo{
 		ResponsePageInfo: protocol.ResponsePageInfo{
 			TotalPage:   0,
 			TotalPage:   0,
@@ -43,16 +146,32 @@ func GetAuditList(param protocol.RequestAuditList, companyid int64, userid int64
 		},
 		},
 		List: make([]protocol.RspAuditList, 0),
 		List: make([]protocol.RspAuditList, 0),
 	}
 	}
-	datasql.WriteString(`SELECT a.id,a.user_id,a.department_id,a.audit_template_id,a.chance_type_id
+	usercompany, err := models.GetUserCompanyBy(userid, companyid)
+	if err != nil {
+		log.Error("GetUserCompanyBy(userid, companyid) err:%s", err)
+		return returnData, protocol.NewErrWithMessage("1")
+	}
+	sqlFromPermission = buildSqlForAuditList(usercompany.Id, usercompany.CompanyId, usercompany.UserId)
+	s1 := `SELECT a.id,a.user_id,a.department_id,a.audit_template_id,a.chance_type_id
 			,a.publish_status,a.create_at,a.review_status,a.enable_status
 			,a.publish_status,a.create_at,a.review_status,a.enable_status
 			,a.discovery_score,a.comment_total ,a.code,d.nick_name
 			,a.discovery_score,a.comment_total ,a.code,d.nick_name
 			FROM chance AS a
 			FROM chance AS a
 			JOIN user_company AS c ON c.id = a.user_id
 			JOIN user_company AS c ON c.id = a.user_id
 			JOIN user AS d ON c.user_id = d.id
 			JOIN user AS d ON c.user_id = d.id
-						where a.company_id=? `)
-
-	countsql.WriteString(`SELECT count(*) FROM chance as a
-						where a.company_id=? `)
+			%s
+			where a.company_id=? `
+	s2 := ` SELECT count(*) FROM chance as a
+			JOIN user_company AS c ON c.id = a.user_id
+			JOIN user AS d ON c.user_id = d.id
+	        %s
+			where a.company_id=?`
+	if len(sqlFromPermission) > 0 {
+		temp := fmt.Sprintf(`JOIN (%s) AS tt ON tt.id=a.id`, sqlFromPermission)
+		s1 = fmt.Sprintf(s1, temp)
+		s2 = fmt.Sprintf(s2, temp)
+	}
+	datasql.WriteString(s1)
+	countsql.WriteString(s2)
 	cond = append(cond, companyid)
 	cond = append(cond, companyid)
 	if param.ChanceTypeId > 0 {
 	if param.ChanceTypeId > 0 {
 		//一级分类过滤
 		//一级分类过滤

@@ -105,16 +105,19 @@ var CodePermissionObject = map[string]CodeToObject{
 	M_SYSTEM_ANNOUNCEMENT:         NewPermissionOptionBase, //公告管理
 	M_SYSTEM_ANNOUNCEMENT:         NewPermissionOptionBase, //公告管理
 }
 }
 
 
-func GetUserPermission(userCompanyid int64) (map[string]PermissionOptionObject, error) {
+func GetUserPermission(userCompanyid int64, code ...string) (map[string]PermissionOptionObject, error) {
 	type CodeOpptionData struct {
 	type CodeOpptionData struct {
 		Code    string `orm:"column(code)"`
 		Code    string `orm:"column(code)"`
 		Opption string `orm:"column(opption)"`
 		Opption string `orm:"column(opption)"`
 	}
 	}
-	const datasql string = `SELECT a.code,a.opption
+	var datasql string = `SELECT a.code,a.opption
 				FROM role_menu AS a
 				FROM role_menu AS a
 				JOIN user_role AS b ON a.role_id = b.role_id
 				JOIN user_role AS b ON a.role_id = b.role_id
 				JOIN role AS c ON a.role_id = c.id
 				JOIN role AS c ON a.role_id = c.id
-				WHERE b.user_company_id=? AND c.delete_at =0`
+				WHERE b.user_company_id=? AND c.delete_at =0 `
+	if len(code) > 0 {
+		datasql = datasql + fmt.Sprintf(` and a.code = "%s" `, code[0])
+	}
 	var (
 	var (
 		data   []CodeOpptionData
 		data   []CodeOpptionData
 		err    error
 		err    error
@@ -146,26 +149,3 @@ func GetUserPermission(userCompanyid int64) (map[string]PermissionOptionObject,
 	}
 	}
 	return objMap, nil
 	return objMap, nil
 }
 }
-
-// func ValidUserPermission(urlPath string, userid int64, companyid int64) bool {
-// 	var (
-// 		err            error
-// 		permissionbase PermissionBase
-// 		ok             bool = false
-// 		permissionObj  PermissionOptionObject
-// 	)
-// 	permissionbase, ok = RouterPermission[urlPath]
-// 	if !ok {
-// 		return true
-// 	}
-// 	permissionObj, err = redisdata.GetUserPermission(userid, permissionbase.CodeName)
-// 	if err != nil {
-// 		log.Error("未取到权限数据")
-// 		return false
-// 	}
-// 	ok = permissionObj.GetValidFunc(permissionbase.ActionName)
-// 	if ok {
-// 		return true
-// 	}
-// 	return false
-// }

@@ -106,9 +106,9 @@ type OptionOpportunity struct {
 /*
 /*
 机会管理高级设置中的 check
 机会管理高级设置中的 check
 1:禁止查看所有机会：禁止查看所有机会（除自己提交过的机会及可执行审核操作的机会）
 1:禁止查看所有机会：禁止查看所有机会（除自己提交过的机会及可执行审核操作的机会）
-2:仅查看自己部门和公开机会：查看对自己部门公开的机会+公司公开的机会
-3:特定部门的机会：自由配置选定部门的待审核、公司公开、部门公开的机会+查看对自己部门公开的机会
-4:查看所有机会：查看所有部门的待审核机会、公开机会及部门公开机会
+2:仅查看自己部门和公开机会：查看对自己所在部门公开的机会+公司公开的机会
+3:特定部门的机会：选定部门提交的公司公开、部门公开的机会；>只选择部门
+4:查看所有机会：查看所有部门的公开机会及部门公开机会；
 */
 */
 const (
 const (
 	OpportunityCheckLv1 int = 1
 	OpportunityCheckLv1 int = 1

@@ -134,3 +134,13 @@ func GetUserPermission(userid int64, field string) (rbac.PermissionOptionObject,
 	err = json.Unmarshal([]byte(str), permissionObj)
 	err = json.Unmarshal([]byte(str), permissionObj)
 	return permissionObj, err
 	return permissionObj, err
 }
 }
+
+func ExistUserPermission(userid int64) bool {
+	key := GetKeyUserPermission(userid)
+	client := redis.GetRedis()
+	value := client.Exists(key).Val()
+	if value > 0 {
+		return true
+	}
+	return false
+}