作者 唐旭辉

认证bug修复,部门管理各种数据校验

@@ -28,8 +28,8 @@ log_level = "${LOG_LEVEL||error}" @@ -28,8 +28,8 @@ log_level = "${LOG_LEVEL||error}"
28 ##统一用户中心相关配置 28 ##统一用户中心相关配置
29 ucenter_check_alt = "rsF0pL!6DwjBO735" 29 ucenter_check_alt = "rsF0pL!6DwjBO735"
30 ucenter_base_url = "http://suplus-ucenter-dev.fjmaimaimai.com" 30 ucenter_base_url = "http://suplus-ucenter-dev.fjmaimaimai.com"
31 -ucenter_app_key = "39aefef9e22744a3b2d2d3791824ae7b"  
32 -ucenter_secret = "39aefef9e22744a3b2d2d3791824ae7b" 31 +ucenter_app_key = "0692f2b7e8d6dbd8526579864b87e3bfbc5d5c31"
  32 +ucenter_secret = "0692f2b7e8d6dbd8526579864b87e3bfbc5d5c31"
33 # 审批流程修改 消息发布 33 # 审批流程修改 消息发布
34 message_publish = "audit_change" 34 message_publish = "audit_change"
35 #---自定义配置 结束---- 35 #---自定义配置 结束----
@@ -28,8 +28,8 @@ log_level = "${LOG_LEVEL||error}" @@ -28,8 +28,8 @@ log_level = "${LOG_LEVEL||error}"
28 ##统一用户中心相关配置 28 ##统一用户中心相关配置
29 ucenter_check_alt = "rsF0pL!6DwjBO735" 29 ucenter_check_alt = "rsF0pL!6DwjBO735"
30 ucenter_base_url = "http://suplus-ucenter-dev.fjmaimaimai.com" 30 ucenter_base_url = "http://suplus-ucenter-dev.fjmaimaimai.com"
31 -ucenter_app_key = "39aefef9e22744a3b2d2d3791824ae7b"  
32 -ucenter_secret = "39aefef9e22744a3b2d2d3791824ae7b" 31 +ucenter_app_key = "0692f2b7e8d6dbd8526579864b87e3bfbc5d5c31"
  32 +ucenter_secret = "0692f2b7e8d6dbd8526579864b87e3bfbc5d5c31"
33 # 审批流程修改 消息发布 33 # 审批流程修改 消息发布
34 message_publish = "audit_change" 34 message_publish = "audit_change"
35 #---自定义配置 结束---- 35 #---自定义配置 结束----
@@ -78,6 +78,19 @@ func (c *CompanyController) DepartmentAdd() { @@ -78,6 +78,19 @@ func (c *CompanyController) DepartmentAdd() {
78 msg = protocol.BadRequestParam("1") 78 msg = protocol.BadRequestParam("1")
79 return 79 return
80 } 80 }
  81 + s := []rune(param.Name)
  82 + if len(s) == 0 {
  83 + msg = protocol.BadRequestParam("10044")
  84 + return
  85 + }
  86 + if len(s) > 20 {
  87 + msg = protocol.BadRequestParam("10043")
  88 + return
  89 + }
  90 + if param.ParentID <= 0 {
  91 + msg = protocol.BadRequestParam("10042")
  92 + return
  93 + }
81 param.CompanyID = c.GetCompanyId() 94 param.CompanyID = c.GetCompanyId()
82 if param.CompanyID <= 0 { 95 if param.CompanyID <= 0 {
83 log.Error("param.CompanyID <= 0") 96 log.Error("param.CompanyID <= 0")
@@ -103,6 +116,15 @@ func (c *CompanyController) DepartmentUpdate() { @@ -103,6 +116,15 @@ func (c *CompanyController) DepartmentUpdate() {
103 msg = protocol.BadRequestParam("1") 116 msg = protocol.BadRequestParam("1")
104 return 117 return
105 } 118 }
  119 + s := []rune(param.Name)
  120 + if len(s) == 0 {
  121 + msg = protocol.BadRequestParam("10044")
  122 + return
  123 + }
  124 + if len(s) > 20 {
  125 + msg = protocol.BadRequestParam("10043")
  126 + return
  127 + }
106 param.CompanyID = c.GetCompanyId() 128 param.CompanyID = c.GetCompanyId()
107 if param.ID <= 0 { 129 if param.ID <= 0 {
108 log.Error(" param.ID <= 0 ") 130 log.Error(" param.ID <= 0 ")
@@ -40,9 +40,7 @@ var AuthToken = func(ctx *context.Context) { @@ -40,9 +40,7 @@ var AuthToken = func(ctx *context.Context) {
40 accesstoken := ctx.Input.Header(protocol.HeaderAccessToken) 40 accesstoken := ctx.Input.Header(protocol.HeaderAccessToken)
41 refreshToken := ctx.Input.Header(protocol.HeaderRefreshToken) 41 refreshToken := ctx.Input.Header(protocol.HeaderRefreshToken)
42 mtoken, err = serveauth.ValidJWTToken(accesstoken) 42 mtoken, err = serveauth.ValidJWTToken(accesstoken)
43 - if beego.BConfig.RunMode != "prod" {  
44 - return  
45 - } 43 +
46 if err == nil { 44 if err == nil {
47 storetoken, err = redisdata.GetLoginToken(mtoken.UID) 45 storetoken, err = redisdata.GetLoginToken(mtoken.UID)
48 if err != nil { 46 if err != nil {
@@ -21,6 +21,7 @@ type Department struct { @@ -21,6 +21,7 @@ type Department struct {
21 DeleteAt time.Time `orm:"column(delete_at);type(timestamp)" description:"删除时间"` 21 DeleteAt time.Time `orm:"column(delete_at);type(timestamp)" description:"删除时间"`
22 UpdateAt time.Time `orm:"column(update_at);type(timestamp)" description:"更新时间"` 22 UpdateAt time.Time `orm:"column(update_at);type(timestamp)" description:"更新时间"`
23 Manages string `orm:"column(managers)" description:"部门负责人id列表 json 数组 []"` //存user_company_id 23 Manages string `orm:"column(managers)" description:"部门负责人id列表 json 数组 []"` //存user_company_id
  24 + IsTop int8 `orm:"column(is_top)" `
24 } 25 }
25 26
26 func (t *Department) TableName() string { 27 func (t *Department) TableName() string {
@@ -105,6 +106,13 @@ func (t *Department) GetMembers() []protocol.DepartmentMember { @@ -105,6 +106,13 @@ func (t *Department) GetMembers() []protocol.DepartmentMember {
105 return managesdata 106 return managesdata
106 } 107 }
107 108
  109 +func (t *Department) IsTopDepartment() bool {
  110 + if t.IsTop == 1 {
  111 + return true
  112 + }
  113 + return false
  114 +}
  115 +
108 // AddDepartment insert a new Department into database and returns 116 // AddDepartment insert a new Department into database and returns
109 // last inserted Id on success. 117 // last inserted Id on success.
110 func AddDepartment(m *Department, om ...orm.Ormer) (id int64, err error) { 118 func AddDepartment(m *Department, om ...orm.Ormer) (id int64, err error) {
@@ -119,10 +119,14 @@ func EnableUserCompany(userid int64, companyid int64) error { @@ -119,10 +119,14 @@ func EnableUserCompany(userid int64, companyid int64) error {
119 } 119 }
120 120
121 func GetUserCompanyReal(ids []int64) ([]UserCompany, error) { 121 func GetUserCompanyReal(ids []int64) ([]UserCompany, error) {
  122 +
122 var ( 123 var (
123 err error 124 err error
124 data []UserCompany 125 data []UserCompany
125 ) 126 )
  127 + if len(ids) == 0 {
  128 + return data, nil
  129 + }
126 o := orm.NewOrm() 130 o := orm.NewOrm()
127 _, err = o.QueryTable(&UserCompany{}). 131 _, err = o.QueryTable(&UserCompany{}).
128 Filter("id__in", ids). 132 Filter("id__in", ids).
@@ -63,42 +63,43 @@ func AddUserDepartment(m *UserDepartment) (id int64, err error) { @@ -63,42 +63,43 @@ func AddUserDepartment(m *UserDepartment) (id int64, err error) {
63 63
64 // GetUserDepartmentById retrieves UserDepartment by Id. Returns error if 64 // GetUserDepartmentById retrieves UserDepartment by Id. Returns error if
65 // Id doesn't exist 65 // Id doesn't exist
66 -func GetUserDepartmentById(id int64) (v *UserDepartment, err error) {  
67 - o := orm.NewOrm()  
68 - v = &UserDepartment{Id: id}  
69 - if err = o.Read(v); err == nil {  
70 - return v, nil  
71 - }  
72 - return nil, err  
73 -} 66 +// func GetUserDepartmentById(id int64) (v *UserDepartment, err error) {
  67 +// o := orm.NewOrm()
  68 +// v = &UserDepartment{Id: id}
  69 +// if err = o.Read(v); err == nil {
  70 +// return v, nil
  71 +// }
  72 +// return nil, err
  73 +// }
74 74
75 // UpdateUserDepartment updates UserDepartment by Id and returns error if 75 // UpdateUserDepartment updates UserDepartment by Id and returns error if
76 // the record to be updated doesn't exist 76 // the record to be updated doesn't exist
77 -func UpdateUserDepartmentById(m *UserDepartment) (err error) {  
78 - o := orm.NewOrm()  
79 - v := UserDepartment{Id: m.Id}  
80 - // ascertain id exists in the database  
81 - if err = o.Read(&v); err == nil {  
82 - var num int64  
83 - if num, err = o.Update(m); err == nil {  
84 - fmt.Println("Number of records updated in database:", num)  
85 - }  
86 - }  
87 - return  
88 -}  
89 -func GetUserDepartment(userid, companyid int64) ([]*UserDepartment, error) {  
90 - o := orm.NewOrm()  
91 - var (  
92 - err error  
93 - result []*UserDepartment  
94 - )  
95 - _, err = o.QueryTable(&UserDepartment{}).  
96 - Filter("user_id", userid).  
97 - Filter("company_id", companyid).  
98 - Filter("enable_status", 1).  
99 - All(&result)  
100 - return result, err  
101 -} 77 +// func UpdateUserDepartmentById(m *UserDepartment) (err error) {
  78 +// o := orm.NewOrm()
  79 +// v := UserDepartment{Id: m.Id}
  80 +// // ascertain id exists in the database
  81 +// if err = o.Read(&v); err == nil {
  82 +// var num int64
  83 +// if num, err = o.Update(m); err == nil {
  84 +// fmt.Println("Number of records updated in database:", num)
  85 +// }
  86 +// }
  87 +// return
  88 +// }
  89 +
  90 +// func GetUserDepartment(userid, companyid int64) ([]*UserDepartment, error) {
  91 +// o := orm.NewOrm()
  92 +// var (
  93 +// err error
  94 +// result []*UserDepartment
  95 +// )
  96 +// _, err = o.QueryTable(&UserDepartment{}).
  97 +// Filter("user_id", userid).
  98 +// Filter("company_id", companyid).
  99 +// Filter("enable_status", 1).
  100 +// All(&result)
  101 +// return result, err
  102 +// }
102 103
103 func CountUserDepartByDepart(departid int64) (int64, error) { 104 func CountUserDepartByDepart(departid int64) (int64, error) {
104 var ( 105 var (
@@ -125,3 +126,16 @@ func GetUserDepartmentIds(companyId, dId int) (v []int64, err error) { @@ -125,3 +126,16 @@ func GetUserDepartmentIds(companyId, dId int) (v []int64, err error) {
125 } 126 }
126 return 127 return
127 } 128 }
  129 +
  130 +func ExistUserDepart(departid int64, usercompanyid int64) bool {
  131 + var (
  132 + ok bool
  133 + )
  134 + o := orm.NewOrm()
  135 + ok = o.QueryTable(&UserDepartment{}).
  136 + Filter("department_id", departid).
  137 + Filter("user_company_id", usercompanyid).
  138 + Filter("delete_at", 0).
  139 + Exist()
  140 + return ok
  141 +}
@@ -27,6 +27,11 @@ var errmessge ErrorMap = map[string]string{ @@ -27,6 +27,11 @@ var errmessge ErrorMap = map[string]string{
27 "10037": "用户的部门必填", 27 "10037": "用户的部门必填",
28 "10038": "用户的角色必填", 28 "10038": "用户的角色必填",
29 "10039": "用户已存在", 29 "10039": "用户已存在",
  30 + //部门相关
  31 + "10041": "无效的主管设置",
  32 + "10042": "无效的上级部门",
  33 + "10043": "部门名称限制不超过20个字符",
  34 + "10044": "部门名称必填",
30 } 35 }
31 36
32 //错误码转换 ,兼容需要 37 //错误码转换 ,兼容需要
@@ -12,7 +12,7 @@ func init() { @@ -12,7 +12,7 @@ func init() {
12 nsV1 := beego.NewNamespace("v1", 12 nsV1 := beego.NewNamespace("v1",
13 beego.NSBefore(middleware.AllowOption), 13 beego.NSBefore(middleware.AllowOption),
14 beego.NSBefore(middleware.LogRequestData), 14 beego.NSBefore(middleware.LogRequestData),
15 - //beego.NSBefore(middleware.AuthToken), 15 + beego.NSBefore(middleware.AuthToken),
16 beego.NSNamespace("/department", 16 beego.NSNamespace("/department",
17 beego.NSRouter("/list", &controllers.CompanyController{}, "post:DepartmentList"), 17 beego.NSRouter("/list", &controllers.CompanyController{}, "post:DepartmentList"),
18 beego.NSRouter("/add", &controllers.CompanyController{}, "post:DepartmentAdd"), 18 beego.NSRouter("/add", &controllers.CompanyController{}, "post:DepartmentAdd"),
@@ -226,7 +226,7 @@ func LoginAuthByUCenter(account, password string) (protocol.LoginAuthToken, erro @@ -226,7 +226,7 @@ func LoginAuthByUCenter(account, password string) (protocol.LoginAuthToken, erro
226 var ( 226 var (
227 err error 227 err error
228 logintoken protocol.LoginAuthToken 228 logintoken protocol.LoginAuthToken
229 - uclientReturn ucenter.ResponseLogin 229 +
230 companys []companybase 230 companys []companybase
231 companyid int64 231 companyid int64
232 userdata *models.User 232 userdata *models.User
@@ -253,6 +253,7 @@ func LoginAuthByUCenter(account, password string) (protocol.LoginAuthToken, erro @@ -253,6 +253,7 @@ func LoginAuthByUCenter(account, password string) (protocol.LoginAuthToken, erro
253 return logintoken, protocol.NewErrWithMessage("10021") 253 return logintoken, protocol.NewErrWithMessage("10021")
254 } 254 }
255 companyid = companys[0].Id 255 companyid = companys[0].Id
  256 + var uclientReturn ucenter.ResponseLogin
256 param := ucenter.RequesLogin{ 257 param := ucenter.RequesLogin{
257 Phone: account, 258 Phone: account,
258 Password: password, 259 Password: password,
@@ -283,27 +284,28 @@ type companybase struct { @@ -283,27 +284,28 @@ type companybase struct {
283 } 284 }
284 285
285 //getUserCompanyReal 获取用户有效的公司id 286 //getUserCompanyReal 获取用户有效的公司id
286 -func getUserCompanyReal(userid int64) (companyids []companybase, err error) { 287 +func getUserCompanyReal(userid int64) ([]companybase, error) {
287 const ( 288 const (
288 datasql0 string = `SELECT b.company_id FROM user_company AS b 289 datasql0 string = `SELECT b.company_id FROM user_company AS b
289 WHERE b.delete_at=0 AND b.enable = 1 AND b.user_id=?` 290 WHERE b.delete_at=0 AND b.enable = 1 AND b.user_id=?`
290 - datasql2 string = `SELECT b.id,a.name,a.logo FROM company AS b 291 + datasql2 string = `SELECT b.id,b.name,b.logo FROM company AS b
291 WHERE b.delete_at=0 AND b.enable = 1 AND b.id in (%s) ` 292 WHERE b.delete_at=0 AND b.enable = 1 AND b.id in (%s) `
292 ) 293 )
293 var ( 294 var (
294 companys []companybase 295 companys []companybase
295 ids []string 296 ids []string
  297 + err error
296 ) 298 )
297 err = utils.ExecuteQueryAll(&ids, datasql0, userid) 299 err = utils.ExecuteQueryAll(&ids, datasql0, userid)
298 if err != nil { 300 if err != nil {
299 log.Error("EXECUTE SQL err:%s", err) 301 log.Error("EXECUTE SQL err:%s", err)
300 return nil, err 302 return nil, err
301 } 303 }
302 - if len(companys) == 0 { 304 + if len(ids) == 0 {
303 return nil, nil 305 return nil, nil
304 } 306 }
305 datasql3 := fmt.Sprintf(datasql2, strings.Join(ids, ",")) 307 datasql3 := fmt.Sprintf(datasql2, strings.Join(ids, ","))
306 - err = utils.ExecuteQueryAll(&companyids, datasql3) 308 + err = utils.ExecuteQueryAll(&companys, datasql3)
307 if err != nil { 309 if err != nil {
308 log.Error("EXECUTE SQL err:%s", err) 310 log.Error("EXECUTE SQL err:%s", err)
309 return nil, err 311 return nil, err
@@ -18,6 +18,10 @@ func DepartmentAdd(param protocol.RequestDepartmentAdd) (protocol.ResponseDepart @@ -18,6 +18,10 @@ func DepartmentAdd(param protocol.RequestDepartmentAdd) (protocol.ResponseDepart
18 returndata protocol.ResponseDepartmenrAdd 18 returndata protocol.ResponseDepartmenrAdd
19 err error 19 err error
20 ) 20 )
  21 + if param.ParentID == 0 {
  22 + //部门必定有上级部门 ,至少是公司一级
  23 + return returndata, protocol.NewErrWithMessage("10042")
  24 + }
21 if param.ParentID > 0 { 25 if param.ParentID > 0 {
22 parentDepart, err = models.GetDepartmentById(param.ParentID) 26 parentDepart, err = models.GetDepartmentById(param.ParentID)
23 if err != nil { 27 if err != nil {
@@ -100,22 +104,46 @@ func DepartmentEdit(param protocol.RequestDepartmentEdit) error { @@ -100,22 +104,46 @@ func DepartmentEdit(param protocol.RequestDepartmentEdit) error {
100 log.Error(e.Error()) 104 log.Error(e.Error())
101 return protocol.NewErrWithMessage("1", e) 105 return protocol.NewErrWithMessage("1", e)
102 } 106 }
  107 + //校验数据
  108 + if ok := departUpdate.IsTopDepartment(); ok {
  109 + //公司一级不能修改上级,不能修改名称
  110 + param.Name = departUpdate.Name
  111 + param.ParentID = departUpdate.ParentId
  112 + } else {
  113 + if param.ParentID <= 0 {
  114 + return protocol.NewErrWithMessage("10042")
  115 + }
  116 + }
103 //确认部门主管变更情况 117 //确认部门主管变更情况
104 var ( 118 var (
105 - oldmanage []int64 119 + newManage []int64
106 ) 120 )
107 - oldmanage = departUpdate.GetManagesIds()  
108 - diffmanage := utils.ArrayInt64Diff(param.Managers, oldmanage)  
109 - for i := range diffmanage {  
110 - _, err = models.GetUserCompanyBy(diffmanage[i], param.CompanyID) 121 + //oldmanage = departUpdate.GetManagesIds()
  122 + //diffmanage := utils.ArrayInt64Diff(param.Managers, oldmanage)
  123 + uc, err := models.GetUserCompanyReal(param.Managers)
111 if err != nil { 124 if err != nil {
112 - e := fmt.Errorf("GetUserCompanyBy(userid,companyid)[%d,%d] err:%s", diffmanage[i], param.CompanyID, err) 125 + e := fmt.Errorf("GetUserCompanyReal err:%s", err)
113 log.Error(e.Error()) 126 log.Error(e.Error())
114 - return protocol.NewErrWithMessage("1", e) 127 + return protocol.NewErrWithMessage("10041")
  128 + }
  129 + for i := range uc {
  130 + if uc[i].CompanyId != param.CompanyID {
  131 + e := fmt.Errorf("managers err")
  132 + log.Error(e.Error())
  133 + return protocol.NewErrWithMessage("10041")
115 } 134 }
  135 + //检查设置的主管是否是部门下的人员
  136 + ok := models.ExistUserDepart(param.ID, uc[i].Id)
  137 + if !ok {
  138 + log.Error("false=aExistUserDepart(departid,usercompanyid) [%d,%d]", param.ID, uc[i].Id)
  139 + return protocol.NewErrWithMessage("10041")
116 } 140 }
117 - departUpdate.SetManages(param.Managers) 141 + newManage = append(newManage, uc[i].Id)
  142 + }
  143 + departUpdate.SetManages(newManage)
  144 +
118 departUpdate.Name = param.Name 145 departUpdate.Name = param.Name
  146 +
119 departUpdate.UpdateAt = time.Now() 147 departUpdate.UpdateAt = time.Now()
120 err = models.UpdateDepartmentById(departUpdate, []string{"Manages", "Name", "UpdateAt"}) 148 err = models.UpdateDepartmentById(departUpdate, []string{"Manages", "Name", "UpdateAt"})
121 if err != nil { 149 if err != nil {
@@ -127,7 +155,9 @@ func DepartmentEdit(param protocol.RequestDepartmentEdit) error { @@ -127,7 +155,9 @@ func DepartmentEdit(param protocol.RequestDepartmentEdit) error {
127 var ( 155 var (
128 newparent *models.Department 156 newparent *models.Department
129 ) 157 )
  158 +
130 if departUpdate.ParentId != param.ParentID { 159 if departUpdate.ParentId != param.ParentID {
  160 + //检查上级部门是否合法
131 newparent, err = models.GetDepartmentById(param.ParentID) 161 newparent, err = models.GetDepartmentById(param.ParentID)
132 if err != nil { 162 if err != nil {
133 e := fmt.Errorf("GetDepartmentById(%d) err:%s", param.ParentID, err) 163 e := fmt.Errorf("GetDepartmentById(%d) err:%s", param.ParentID, err)
@@ -195,7 +225,7 @@ func departmentRelationUpdate(departUpdate *models.Department, newparent *models @@ -195,7 +225,7 @@ func departmentRelationUpdate(departUpdate *models.Department, newparent *models
195 o.Rollback() 225 o.Rollback()
196 e := fmt.Errorf("departSubset[i].Id == newparent.Id") 226 e := fmt.Errorf("departSubset[i].Id == newparent.Id")
197 log.Error(e.Error()) 227 log.Error(e.Error())
198 - return protocol.NewErrWithMessage("1", e) 228 + return protocol.NewErrWithMessage("10042")
199 } 229 }
200 //重建关系树 230 //重建关系树
201 s := strings.TrimPrefix(departSubset[i].Relation, oldRelation) 231 s := strings.TrimPrefix(departSubset[i].Relation, oldRelation)
@@ -234,6 +264,10 @@ func DepartmentDelete(param protocol.RequestDepartmentDelete) error { @@ -234,6 +264,10 @@ func DepartmentDelete(param protocol.RequestDepartmentDelete) error {
234 log.Error(e.Error()) 264 log.Error(e.Error())
235 return protocol.NewErrWithMessage("1", e) 265 return protocol.NewErrWithMessage("1", e)
236 } 266 }
  267 + //一级部门不能删除
  268 + if ok := p.IsTopDepartment(); ok {
  269 + continue
  270 + }
237 if p.CompanyId != param.CompanyID { 271 if p.CompanyId != param.CompanyID {
238 e := fmt.Errorf("CompanyID err") 272 e := fmt.Errorf("CompanyID err")
239 log.Error(e.Error()) 273 log.Error(e.Error())