调整数据校验

唐旭辉
controllers/rbac.go
models/role.go
protocol/message.go
services/rbac/role.go
--- a/controllers/rbac.go
查看文件 @80327c1
+++ b/controllers/rbac.go
查看文件 @80327c1
@@ -175,7 +175,7 @@ func (c *RbacController) RoleGroupUpdate() {
 		msg = protocol.BadRequestParam("10081")
 		return
 	}
- 	roleinfo, err := serverbac.RoleGroupEdit(param.ID, param.Name)
+ 	roleinfo, err := serverbac.RoleGroupEdit(companyid, param.ID, param.Name)
 	msg = protocol.NewReturnResponse(roleinfo, err)
 	return
 }
--- a/models/role.go
查看文件 @80327c1
+++ b/models/role.go
查看文件 @80327c1
@@ -64,9 +64,7 @@ func (t *Role) ValidatePid() (*Role, error) {
 	if err != nil {
 		return nil, err
 	}
- 
 	if roledata.DeleteAt.Unix() > 0 {
- 
 		return nil, errors.New("roledata Delete")
 	}
 	if roledata.Types != ROLETYPES_GROUP {
--- a/protocol/message.go
查看文件 @80327c1
+++ b/protocol/message.go
查看文件 @80327c1
@@ -15,6 +15,8 @@ var errmessge ErrorMap = map[string]string{
 	"10008": "角色名称最多10个字符",
 	"10009": "角色名称必填",
 	"10081": "角色组名称必填",
+ 	"10082": "管理员组角色不能移出",
+ 	"10083": "不能将角色添加进管理员组",
 	//职位相关
 	"10011": "该职位已被使用无法删除",
 	"10012": "超过10级的职位限制，请重新选择",
--- a/services/rbac/role.go
查看文件 @80327c1
+++ b/services/rbac/role.go
查看文件 @80327c1
@@ -90,54 +90,80 @@ func RoleDelete(param protocol.RequestRoleDelete) error {
 	return nil
 }
 
+ ///编辑角色
 func RoleEdit(param protocol.RequestRoleEdit) (*protocol.ResponseRoleInfo, error) {
 	var (
- 		role *models.Role
+ 		roleinfo *models.Role
 		err      error
 	)
- 	role, err = models.GetRoleById(param.ID)
+ 	roleinfo, err = models.GetRoleById(param.ID)
 	if err != nil {
 		e := fmt.Errorf("GetRoleById err:%s", err)
 		log.Error(e.Error())
 		return nil, protocol.NewErrWithMessage("1", e)
 	}
- 	if ok := role.IsDefaultRole(); ok && role.Types == models.ROLETYPES_ROLE {
- 		return nil, protocol.NewErrWithMessage("10006")
- 	}
- 
- 	if role.CompanyId != param.CompanyID {
- 		e := fmt.Errorf("role.CompanyId(%d) != param.CompanyID(%d)", role.CompanyId, param.CompanyID)
+ 	if roleinfo.CompanyId != param.CompanyID {
+ 		e := fmt.Errorf("role.CompanyId(%d) != param.CompanyID(%d)", roleinfo.CompanyId, param.CompanyID)
 		log.Error(e.Error())
 		return nil, protocol.NewErrWithMessage("1", e)
 	}
- 	if role.Name != param.Name {
+ 	if ok := roleinfo.IsDefaultRole(); ok && roleinfo.Types == models.ROLETYPES_ROLE {
+ 		//默认角色不能编辑
+ 		return nil, protocol.NewErrWithMessage("10006")
+ 	}
+ 	if roleinfo.Name != param.Name {
 		ok := models.ExistRoleName(param.CompanyID, param.Name, param.Types)
 		if ok {
 			return nil, protocol.NewErrWithMessage("10004")
 		}
- 		role.Name = param.Name
+ 		roleinfo.Name = param.Name
+ 	}
+ 	if roleinfo.Pid != param.Pid {
+ 		newParent, err := models.GetRoleById(param.Pid)
+ 		if err != nil {
+ 			log.Error("获取新父级数据失败；%s", err)
+ 			return nil, protocol.NewErrWithMessage("1")
+ 		}
+ 		if newParent.Types != models.ROLETYPES_GROUP {
+ 			log.Error("不是角色组")
+ 			return nil, protocol.NewErrWithMessage("1")
+ 		}
+ 		if newParent.CompanyId != roleinfo.CompanyId {
+ 			log.Error("角色组公司不匹配")
+ 			return nil, protocol.NewErrWithMessage("1")
+ 		}
+ 		if yes := newParent.IsDefaultRole(); yes {
+ 			log.Error("非默认组成员不能进主管组")
+ 			return nil, protocol.NewErrWithMessage("10083")
+ 		}
+ 		//获取原来的父级
+ 		var oldParent *models.Role
+ 		oldParent, err = models.GetRoleById(param.Pid)
+ 		if err != nil {
+ 			log.Error("获取父级数据失败；%s", err)
+ 			return nil, protocol.NewErrWithMessage("1")
+ 		}
+ 		if yes := oldParent.IsDefaultRole(); yes {
+ 			log.Error("默认角色组成员不能移动")
+ 			return nil, protocol.NewErrWithMessage("10082")
 		}
- 
- 	role.Pid = param.Pid
- 	if _, err = role.ValidatePid(); err != nil {
- 		e := fmt.Errorf("ValidatePid err:%s", err)
- 		log.Error(e.Error())
- 		return nil, protocol.NewErrWithMessage("1", e)
 	}
- 	if err = models.UpdateRoleById(role, []string{"Descript", "Name", "Pid"}); err != nil {
+ 	roleinfo.Pid = param.Pid
+ 
+ 	if err = models.UpdateRoleById(roleinfo, []string{"Descript", "Name", "Pid"}); err != nil {
 		e := fmt.Errorf("UpdateRoleById err:%s", err)
 		log.Error(e.Error())
 		return nil, protocol.NewErrWithMessage("1", e)
 	}
 	r := &protocol.ResponseRoleInfo{
- 		ID:    role.Id,
- 		Name:  role.Name,
- 		Types: role.Types,
+ 		ID:    roleinfo.Id,
+ 		Name:  roleinfo.Name,
+ 		Types: roleinfo.Types,
 	}
 	return r, nil
 }
 
- func RoleGroupEdit(id int64, name string) (*protocol.ResponseRoleInfo, error) {
+ func RoleGroupEdit(companyid int64, id int64, name string) (*protocol.ResponseRoleInfo, error) {
 	var (
 		err      error
 		roleinfo *models.Role
@@ -147,6 +173,10 @@ func RoleGroupEdit(id int64, name string) (*protocol.ResponseRoleInfo, error) {
 		log.Error("获取角色数据失败：%s", err)
 		return nil, protocol.NewErrWithMessage("1")
 	}
+ 	if roleinfo.CompanyId != companyid {
+ 		log.Error("公司不一致")
+ 		return nil, protocol.NewErrWithMessage("1")
+ 	}
 	if roleinfo.Types != models.ROLETYPES_GROUP {
 		log.Error("不是角色组")
 		return nil, protocol.NewErrWithMessage("1")