...
|
...
|
@@ -6,6 +6,8 @@ import ( |
|
|
"oppmg/common/log"
|
|
|
"oppmg/models"
|
|
|
"oppmg/protocol"
|
|
|
serverabc "oppmg/services/rbac"
|
|
|
"oppmg/storage/redisdata"
|
|
|
"oppmg/utils"
|
|
|
"strings"
|
|
|
"time"
|
...
|
...
|
@@ -26,6 +28,105 @@ type SqlData struct { |
|
|
Code string `orm:"column(code)"`
|
|
|
}
|
|
|
|
|
|
//根据权限获取机会列表
|
|
|
func buildSqlForAuditList(usercompanyid int64, companyid int64, userid int64) string {
|
|
|
/*
|
|
|
OpportunityCheckLv1 int = 1
|
|
|
OpportunityCheckLv2 int = 2
|
|
|
OpportunityCheckLv3 int = 3
|
|
|
OpportunityCheckLv4 int = 4
|
|
|
*/
|
|
|
var (
|
|
|
//自己提交的
|
|
|
sql1 string = fmt.Sprintf(` SELECT id FROM chance WHERE user_id=%d `, usercompanyid)
|
|
|
//自己可审核的
|
|
|
sql2 string = fmt.Sprintf(` SELECT a.id FROM chance AS a
|
|
|
JOIN audit_flow_process AS b ON a.id=b.chance_id
|
|
|
WHERE b.uid=%d AND a.review_status = 3 `, usercompanyid)
|
|
|
//公开到自己部门的
|
|
|
sql3 string = ` SELECT a.id FROM chance AS a
|
|
|
JOIN chance_department AS b ON a.id=b.chance_id
|
|
|
WHERE b.department_id IN (%s) AND a.review_status = 3 `
|
|
|
//指定提交的部门
|
|
|
sql4 string = ` SELECT id FROM chance WHERE department_id IN (%s) and review_status =3 `
|
|
|
//全公司公开的
|
|
|
sql5 string = ` SELECT id FROM chance where publish_status = 1 AND review_status = 3 `
|
|
|
|
|
|
allsql string = ` SELECT t.id FROM (%s) as t `
|
|
|
unionsql string = ``
|
|
|
permissionObject serverabc.PermissionOptionObject
|
|
|
err error
|
|
|
)
|
|
|
//获取权限
|
|
|
if ok := redisdata.ExistUserPermission(userid); !ok {
|
|
|
//尝试重数据库获取
|
|
|
permissionMap, err := serverabc.GetUserPermission(usercompanyid, serverabc.M_SYSTEM_OPPORTUNITY)
|
|
|
if err != nil {
|
|
|
log.Debug("从数据库未获得对应权限 :%s", err)
|
|
|
unionsql = sql1 + " UNION " + sql2
|
|
|
return fmt.Sprintf(allsql, unionsql)
|
|
|
}
|
|
|
if v, ok := permissionMap[serverabc.M_SYSTEM_OPPORTUNITY]; !ok {
|
|
|
unionsql = sql1 + " UNION " + sql2
|
|
|
return fmt.Sprintf(allsql, unionsql)
|
|
|
} else {
|
|
|
permissionObject = v
|
|
|
}
|
|
|
} else {
|
|
|
//使用缓存
|
|
|
permissionObject, err = redisdata.GetUserPermission(userid, serverabc.M_SYSTEM_OPPORTUNITY)
|
|
|
if err != nil {
|
|
|
log.Debug("从缓存未获得对应权限 :%s", err)
|
|
|
unionsql = sql1 + " UNION " + sql2
|
|
|
return fmt.Sprintf(allsql, unionsql)
|
|
|
}
|
|
|
}
|
|
|
var (
|
|
|
usrPermission *serverabc.OptionOpportunity
|
|
|
ok bool
|
|
|
//预设仅可以查看自己
|
|
|
sqlslice = []string{sql1, sql2}
|
|
|
)
|
|
|
if usrPermission, ok = permissionObject.(*serverabc.OptionOpportunity); !ok {
|
|
|
log.Error("*serverabc.OptionOpportunity断言失败")
|
|
|
unionsql = sql1 + " UNION " + sql2
|
|
|
return fmt.Sprintf(allsql, unionsql)
|
|
|
}
|
|
|
log.Debug("获取到的权限规则:%v", usrPermission)
|
|
|
//进行权限判定
|
|
|
if _, ok := usrPermission.CheckMap[serverabc.OpportunityCheckLv4]; ok {
|
|
|
//查看所有
|
|
|
log.Debug("命中规则:查看所有")
|
|
|
return ""
|
|
|
}
|
|
|
if _, ok := usrPermission.CheckMap[serverabc.OpportunityCheckLv3]; ok {
|
|
|
//指定部门
|
|
|
ids := []string{}
|
|
|
for _, v := range usrPermission.CheckOption.Departments {
|
|
|
ids = append(ids, fmt.Sprint(v.Id))
|
|
|
}
|
|
|
if len(ids) > 0 {
|
|
|
log.Debug("命中规则:指定部门")
|
|
|
sqlslice = append(sqlslice, fmt.Sprintf(sql4, strings.Join(ids, ",")))
|
|
|
}
|
|
|
}
|
|
|
if _, ok := usrPermission.CheckMap[serverabc.OpportunityCheckLv2]; ok {
|
|
|
//公开到我的部门
|
|
|
ids := []string{}
|
|
|
sql6 := `SELECT a.id FROM department AS a WHERE a.id IN (
|
|
|
SELECT department_id FROM user_department WHERE user_company_id = ? AND enable_status = 1
|
|
|
) `
|
|
|
utils.ExecuteQueryAll(&ids, sql6, usercompanyid)
|
|
|
if len(ids) > 0 {
|
|
|
log.Error("命中规则:公开到我的部门")
|
|
|
sqlslice = append(sqlslice, fmt.Sprintf(sql3, strings.Join(ids, ",")))
|
|
|
}
|
|
|
}
|
|
|
//添加规则全公司公开
|
|
|
sqlslice = append(sqlslice, sql5)
|
|
|
return fmt.Sprintf(allsql, strings.Join(sqlslice, " UNION "))
|
|
|
}
|
|
|
|
|
|
func GetAuditList(param protocol.RequestAuditList, companyid int64, userid int64) (protocol.ResponseAuditList, error) {
|
|
|
|
|
|
var (
|
...
|
...
|
@@ -35,7 +136,9 @@ func GetAuditList(param protocol.RequestAuditList, companyid int64, userid int64 |
|
|
cnt int
|
|
|
err error
|
|
|
cond []interface{}
|
|
|
sqlFromPermission string
|
|
|
)
|
|
|
|
|
|
returnData := protocol.ResponseAuditList{
|
|
|
ResponsePageInfo: protocol.ResponsePageInfo{
|
|
|
TotalPage: 0,
|
...
|
...
|
@@ -43,16 +146,32 @@ func GetAuditList(param protocol.RequestAuditList, companyid int64, userid int64 |
|
|
},
|
|
|
List: make([]protocol.RspAuditList, 0),
|
|
|
}
|
|
|
datasql.WriteString(`SELECT a.id,a.user_id,a.department_id,a.audit_template_id,a.chance_type_id
|
|
|
usercompany, err := models.GetUserCompanyBy(userid, companyid)
|
|
|
if err != nil {
|
|
|
log.Error("GetUserCompanyBy(userid, companyid) err:%s", err)
|
|
|
return returnData, protocol.NewErrWithMessage("1")
|
|
|
}
|
|
|
sqlFromPermission = buildSqlForAuditList(usercompany.Id, usercompany.CompanyId, usercompany.UserId)
|
|
|
s1 := `SELECT a.id,a.user_id,a.department_id,a.audit_template_id,a.chance_type_id
|
|
|
,a.publish_status,a.create_at,a.review_status,a.enable_status
|
|
|
,a.discovery_score,a.comment_total ,a.code,d.nick_name
|
|
|
FROM chance AS a
|
|
|
JOIN user_company AS c ON c.id = a.user_id
|
|
|
JOIN user AS d ON c.user_id = d.id
|
|
|
where a.company_id=? `)
|
|
|
|
|
|
countsql.WriteString(`SELECT count(*) FROM chance as a
|
|
|
where a.company_id=? `)
|
|
|
%s
|
|
|
where a.company_id=? `
|
|
|
s2 := ` SELECT count(*) FROM chance as a
|
|
|
JOIN user_company AS c ON c.id = a.user_id
|
|
|
JOIN user AS d ON c.user_id = d.id
|
|
|
%s
|
|
|
where a.company_id=?`
|
|
|
if len(sqlFromPermission) > 0 {
|
|
|
temp := fmt.Sprintf(`JOIN (%s) AS tt ON tt.id=a.id`, sqlFromPermission)
|
|
|
s1 = fmt.Sprintf(s1, temp)
|
|
|
s2 = fmt.Sprintf(s2, temp)
|
|
|
}
|
|
|
datasql.WriteString(s1)
|
|
|
countsql.WriteString(s2)
|
|
|
cond = append(cond, companyid)
|
|
|
if param.ChanceTypeId > 0 {
|
|
|
//一级分类过滤
|
...
|
...
|
|