作者 tangxvhui

机会列表数据进行权限过滤

... ... @@ -6,6 +6,8 @@ import (
"oppmg/common/log"
"oppmg/models"
"oppmg/protocol"
serverabc "oppmg/services/rbac"
"oppmg/storage/redisdata"
"oppmg/utils"
"strings"
"time"
... ... @@ -26,6 +28,105 @@ type SqlData struct {
Code string `orm:"column(code)"`
}
//根据权限获取机会列表
func buildSqlForAuditList(usercompanyid int64, companyid int64, userid int64) string {
/*
OpportunityCheckLv1 int = 1
OpportunityCheckLv2 int = 2
OpportunityCheckLv3 int = 3
OpportunityCheckLv4 int = 4
*/
var (
//自己提交的
sql1 string = fmt.Sprintf(` SELECT id FROM chance WHERE user_id=%d `, usercompanyid)
//自己可审核的
sql2 string = fmt.Sprintf(` SELECT a.id FROM chance AS a
JOIN audit_flow_process AS b ON a.id=b.chance_id
WHERE b.uid=%d AND a.review_status = 3 `, usercompanyid)
//公开到自己部门的
sql3 string = ` SELECT a.id FROM chance AS a
JOIN chance_department AS b ON a.id=b.chance_id
WHERE b.department_id IN (%s) AND a.review_status = 3 `
//指定提交的部门
sql4 string = ` SELECT id FROM chance WHERE department_id IN (%s) and review_status =3 `
//全公司公开的
sql5 string = ` SELECT id FROM chance where publish_status = 1 AND review_status = 3 `
allsql string = ` SELECT t.id FROM (%s) as t `
unionsql string = ``
permissionObject serverabc.PermissionOptionObject
err error
)
//获取权限
if ok := redisdata.ExistUserPermission(userid); !ok {
//尝试重数据库获取
permissionMap, err := serverabc.GetUserPermission(usercompanyid, serverabc.M_SYSTEM_OPPORTUNITY)
if err != nil {
log.Debug("从数据库未获得对应权限 :%s", err)
unionsql = sql1 + " UNION " + sql2
return fmt.Sprintf(allsql, unionsql)
}
if v, ok := permissionMap[serverabc.M_SYSTEM_OPPORTUNITY]; !ok {
unionsql = sql1 + " UNION " + sql2
return fmt.Sprintf(allsql, unionsql)
} else {
permissionObject = v
}
} else {
//使用缓存
permissionObject, err = redisdata.GetUserPermission(userid, serverabc.M_SYSTEM_OPPORTUNITY)
if err != nil {
log.Debug("从缓存未获得对应权限 :%s", err)
unionsql = sql1 + " UNION " + sql2
return fmt.Sprintf(allsql, unionsql)
}
}
var (
usrPermission *serverabc.OptionOpportunity
ok bool
//预设仅可以查看自己
sqlslice = []string{sql1, sql2}
)
if usrPermission, ok = permissionObject.(*serverabc.OptionOpportunity); !ok {
log.Error("*serverabc.OptionOpportunity断言失败")
unionsql = sql1 + " UNION " + sql2
return fmt.Sprintf(allsql, unionsql)
}
log.Debug("获取到的权限规则:%v", usrPermission)
//进行权限判定
if _, ok := usrPermission.CheckMap[serverabc.OpportunityCheckLv4]; ok {
//查看所有
log.Debug("命中规则:查看所有")
return ""
}
if _, ok := usrPermission.CheckMap[serverabc.OpportunityCheckLv3]; ok {
//指定部门
ids := []string{}
for _, v := range usrPermission.CheckOption.Departments {
ids = append(ids, fmt.Sprint(v.Id))
}
if len(ids) > 0 {
log.Debug("命中规则:指定部门")
sqlslice = append(sqlslice, fmt.Sprintf(sql4, strings.Join(ids, ",")))
}
}
if _, ok := usrPermission.CheckMap[serverabc.OpportunityCheckLv2]; ok {
//公开到我的部门
ids := []string{}
sql6 := `SELECT a.id FROM department AS a WHERE a.id IN (
SELECT department_id FROM user_department WHERE user_company_id = ? AND enable_status = 1
) `
utils.ExecuteQueryAll(&ids, sql6, usercompanyid)
if len(ids) > 0 {
log.Error("命中规则:公开到我的部门")
sqlslice = append(sqlslice, fmt.Sprintf(sql3, strings.Join(ids, ",")))
}
}
//添加规则全公司公开
sqlslice = append(sqlslice, sql5)
return fmt.Sprintf(allsql, strings.Join(sqlslice, " UNION "))
}
func GetAuditList(param protocol.RequestAuditList, companyid int64, userid int64) (protocol.ResponseAuditList, error) {
var (
... ... @@ -35,7 +136,9 @@ func GetAuditList(param protocol.RequestAuditList, companyid int64, userid int64
cnt int
err error
cond []interface{}
sqlFromPermission string
)
returnData := protocol.ResponseAuditList{
ResponsePageInfo: protocol.ResponsePageInfo{
TotalPage: 0,
... ... @@ -43,16 +146,32 @@ func GetAuditList(param protocol.RequestAuditList, companyid int64, userid int64
},
List: make([]protocol.RspAuditList, 0),
}
datasql.WriteString(`SELECT a.id,a.user_id,a.department_id,a.audit_template_id,a.chance_type_id
usercompany, err := models.GetUserCompanyBy(userid, companyid)
if err != nil {
log.Error("GetUserCompanyBy(userid, companyid) err:%s", err)
return returnData, protocol.NewErrWithMessage("1")
}
sqlFromPermission = buildSqlForAuditList(usercompany.Id, usercompany.CompanyId, usercompany.UserId)
s1 := `SELECT a.id,a.user_id,a.department_id,a.audit_template_id,a.chance_type_id
,a.publish_status,a.create_at,a.review_status,a.enable_status
,a.discovery_score,a.comment_total ,a.code,d.nick_name
FROM chance AS a
JOIN user_company AS c ON c.id = a.user_id
JOIN user AS d ON c.user_id = d.id
where a.company_id=? `)
countsql.WriteString(`SELECT count(*) FROM chance as a
where a.company_id=? `)
%s
where a.company_id=? `
s2 := ` SELECT count(*) FROM chance as a
JOIN user_company AS c ON c.id = a.user_id
JOIN user AS d ON c.user_id = d.id
%s
where a.company_id=?`
if len(sqlFromPermission) > 0 {
temp := fmt.Sprintf(`JOIN (%s) AS tt ON tt.id=a.id`, sqlFromPermission)
s1 = fmt.Sprintf(s1, temp)
s2 = fmt.Sprintf(s2, temp)
}
datasql.WriteString(s1)
countsql.WriteString(s2)
cond = append(cond, companyid)
if param.ChanceTypeId > 0 {
//一级分类过滤
... ...
... ... @@ -105,16 +105,19 @@ var CodePermissionObject = map[string]CodeToObject{
M_SYSTEM_ANNOUNCEMENT: NewPermissionOptionBase, //公告管理
}
func GetUserPermission(userCompanyid int64) (map[string]PermissionOptionObject, error) {
func GetUserPermission(userCompanyid int64, code ...string) (map[string]PermissionOptionObject, error) {
type CodeOpptionData struct {
Code string `orm:"column(code)"`
Opption string `orm:"column(opption)"`
}
const datasql string = `SELECT a.code,a.opption
var datasql string = `SELECT a.code,a.opption
FROM role_menu AS a
JOIN user_role AS b ON a.role_id = b.role_id
JOIN role AS c ON a.role_id = c.id
WHERE b.user_company_id=? AND c.delete_at =0`
WHERE b.user_company_id=? AND c.delete_at =0 `
if len(code) > 0 {
datasql = datasql + fmt.Sprintf(` and a.code = "%s" `, code[0])
}
var (
data []CodeOpptionData
err error
... ... @@ -146,26 +149,3 @@ func GetUserPermission(userCompanyid int64) (map[string]PermissionOptionObject,
}
return objMap, nil
}
// func ValidUserPermission(urlPath string, userid int64, companyid int64) bool {
// var (
// err error
// permissionbase PermissionBase
// ok bool = false
// permissionObj PermissionOptionObject
// )
// permissionbase, ok = RouterPermission[urlPath]
// if !ok {
// return true
// }
// permissionObj, err = redisdata.GetUserPermission(userid, permissionbase.CodeName)
// if err != nil {
// log.Error("未取到权限数据")
// return false
// }
// ok = permissionObj.GetValidFunc(permissionbase.ActionName)
// if ok {
// return true
// }
// return false
// }
... ...
... ... @@ -106,9 +106,9 @@ type OptionOpportunity struct {
/*
机会管理高级设置中的 check
1:禁止查看所有机会:禁止查看所有机会(除自己提交过的机会及可执行审核操作的机会)
2:仅查看自己部门和公开机会:查看对自己部门公开的机会+公司公开的机会
3:特定部门的机会:自由配置选定部门的待审核、公司公开、部门公开的机会+查看对自己部门公开的机会
4:查看所有机会:查看所有部门的待审核机会、公开机会及部门公开机会
2:仅查看自己部门和公开机会:查看对自己所在部门公开的机会+公司公开的机会
3:特定部门的机会:选定部门提交的公司公开、部门公开的机会;>只选择部门
4:查看所有机会:查看所有部门的公开机会及部门公开机会;
*/
const (
OpportunityCheckLv1 int = 1
... ...
... ... @@ -134,3 +134,13 @@ func GetUserPermission(userid int64, field string) (rbac.PermissionOptionObject,
err = json.Unmarshal([]byte(str), permissionObj)
return permissionObj, err
}
func ExistUserPermission(userid int64) bool {
key := GetKeyUserPermission(userid)
client := redis.GetRedis()
value := client.Exists(key).Val()
if value > 0 {
return true
}
return false
}
... ...