添加 请求时的权限校验

@@ -28,8 +28,11 @@ func (this *BaseController) Prepare() {
 		this.Ctx.WriteString("")
 		this.Ctx.WriteString("")
 		return
 		return
 	}
 	}
-	p := this.Ctx.Input.GetData("RouterPattern")
-	fmt.Println("====>r:", p)
+	// p := this.Ctx.Input.GetData("RouterPattern")
+	// userid := this.GetUserId()
+	// companyid := this.GetCompanyId()
+	//权限校验
+
 }
 }
 
 
 func (this *BaseController) GetAppHead() (appHead protocol.BaseHeader) {
 func (this *BaseController) GetAppHead() (appHead protocol.BaseHeader) {

@@ -117,6 +117,3 @@ var LogRouter = func(ctx *context.Context) {
 }
 }
 
 
 //CheckOperation 检查操作权限,beforeController
 //CheckOperation 检查操作权限,beforeController
-var CheckOperation = func(ctx *context.Context) {
-
-}

@@ -8,6 +8,7 @@ import (
 	"oppmg/common/log"
 	"oppmg/common/log"
 	"oppmg/models"
 	"oppmg/models"
 	"oppmg/protocol"
 	"oppmg/protocol"
+	serverbac "oppmg/services/rbac"
 	"oppmg/services/ucenter"
 	"oppmg/services/ucenter"
 	"oppmg/storage/redisdata"
 	"oppmg/storage/redisdata"
 	"oppmg/utils"
 	"oppmg/utils"
@@ -237,6 +238,8 @@ func LoginAuthByUCenter(account, password string) (protocol.LoginAuthToken, erro
 	if err != nil {
 	if err != nil {
 		log.Error("更新用户数据失败：%s", err)
 		log.Error("更新用户数据失败：%s", err)
 	}
 	}
+
+	InitPermission(usercompanyid)
 	return logintoken, err
 	return logintoken, err
 }
 }
 
 
@@ -474,6 +477,7 @@ func LoginAuthBySmsCode(phone string, code string) (protocol.LoginAuthToken, err
 	if err != nil {
 	if err != nil {
 		log.Error("更新用户数据失败：%s", err)
 		log.Error("更新用户数据失败：%s", err)
 	}
 	}
+	InitPermission(usercompanyid)
 	return logintoken, err
 	return logintoken, err
 }
 }
 
 
@@ -504,7 +508,42 @@ func SmsCodeCheck(phone string, code string) error {
 }
 }
 
 
 //InitPermission  登录时权限初始化
 //InitPermission  登录时权限初始化
-func InitPermission(usercompanyid int, userid int64) error {
-
+func InitPermission(usercompanyid int64) error {
+	var (
+		err           error
+		permissionMap map[string]serverbac.PermissionOptionObject
+	)
+	permissionMap, err = serverbac.GetUserPermission(usercompanyid)
+	if err != nil {
+		log.Error("获取用户的权限失败")
+		return err
+	}
+	err = redisdata.SetUserPermission(permissionMap, usercompanyid)
+	if err != nil {
+		log.Error("缓存用户权限失败:%s", err)
+	}
 	return nil
 	return nil
 }
 }
+
+func ValidUserPermission(urlPath string, userid int64, companyid int64) bool {
+	var (
+		err            error
+		permissionbase serverbac.PermissionBase
+		ok             bool = false
+		permissionObj  serverbac.PermissionOptionObject
+	)
+	permissionbase, ok = serverbac.RouterPermission[urlPath]
+	if !ok {
+		return true
+	}
+	permissionObj, err = redisdata.GetUserPermission(userid, permissionbase.CodeName)
+	if err != nil {
+		log.Error("未取到权限数据")
+		return false
+	}
+	ok = permissionObj.GetValidFunc(permissionbase.ActionName)
+	if ok {
+		return true
+	}
+	return false
+}

@@ -35,7 +35,7 @@ type PermissionBase struct {
 	ActionName string
 	ActionName string
 }
 }
 
 
-var routerPermission = map[string]PermissionBase{
+var RouterPermission = map[string]PermissionBase{
 	"/v1/department/list":            PermissionBase{CodeName: M_ENTERPRISE_ORGANIZATION, ActionName: "default"},
 	"/v1/department/list":            PermissionBase{CodeName: M_ENTERPRISE_ORGANIZATION, ActionName: "default"},
 	"/v1/department/add":             PermissionBase{CodeName: M_ENTERPRISE_ORGANIZATION, ActionName: "default"},
 	"/v1/department/add":             PermissionBase{CodeName: M_ENTERPRISE_ORGANIZATION, ActionName: "default"},
 	"/v1/department/edit":            PermissionBase{CodeName: M_ENTERPRISE_ORGANIZATION, ActionName: "default"},
 	"/v1/department/edit":            PermissionBase{CodeName: M_ENTERPRISE_ORGANIZATION, ActionName: "default"},
@@ -133,7 +133,7 @@ func GetUserPermission(userCompanyid int64) (map[string]PermissionOptionObject,
 		if fn, ok := CodePermissionObject[v.Code]; ok {
 		if fn, ok := CodePermissionObject[v.Code]; ok {
 			obj := fn()
 			obj := fn()
 			if err = json.Unmarshal([]byte(v.Opption), obj); err != nil {
 			if err = json.Unmarshal([]byte(v.Opption), obj); err != nil {
-				log.Debug("解析权限配置option 失败%s", err)
+				log.Debug("解析权限配置option:%s %s失败%s", v.Code, v.Opption, err)
 			}
 			}
 			objMap[v.Code] = obj
 			objMap[v.Code] = obj
 		} else {
 		} else {

@@ -32,3 +32,8 @@ func GetKeyCaptchAuth(phone string) string {
 	key := fmt.Sprintf("%s%s:%s", KEY_PREFIX, KEY_CAPTCHA_AUTH, phone)
 	key := fmt.Sprintf("%s%s:%s", KEY_PREFIX, KEY_CAPTCHA_AUTH, phone)
 	return key
 	return key
 }
 }
+
+func GetKeyUserPermission(userid int64) string {
+	key := fmt.Sprintf("%s%s:%d", KEY_PREFIX, KEY_USER_PERMISSION, userid)
+	return key
+}

@@ -2,10 +2,13 @@ package redisdata
 
 
 import (
 import (
 	"encoding/json"
 	"encoding/json"
+	"errors"
 	"oppmg/common/log"
 	"oppmg/common/log"
 	"oppmg/common/redis"
 	"oppmg/common/redis"
 	"oppmg/protocol"
 	"oppmg/protocol"
+	"oppmg/services/rbac"
 	"strings"
 	"strings"
+	"time"
 )
 )
 
 
 func SetLoginToken(param protocol.LoginAuthToken, userid int64, companyid int64) error {
 func SetLoginToken(param protocol.LoginAuthToken, userid int64, companyid int64) error {
@@ -96,3 +99,38 @@ func GetCaptchAuth(phone string) (string, error) {
 	r, err := client.Get(key).Result()
 	r, err := client.Get(key).Result()
 	return r, err
 	return r, err
 }
 }
+
+func SetUserPermission(objMap map[string]rbac.PermissionOptionObject, usercompanyid int64) error {
+	key := GetKeyUserPermission(usercompanyid)
+	client := redis.GetRedis()
+	for k := range objMap {
+		s, err := json.Marshal(objMap[k])
+		if err != nil {
+			log.Error("解析错误:%s", err)
+			continue
+		}
+		err = client.HSet(key, k, s).Err()
+		if err != nil {
+			log.Error("设置权限缓存失败：%s", err)
+		}
+	}
+	client.Expire(key, 60*60*6*time.Second)
+	return nil
+}
+
+func GetUserPermission(userid int64, field string) (rbac.PermissionOptionObject, error) {
+	key := GetKeyUserPermission(userid)
+	client := redis.GetRedis()
+	str, err := client.HGet(key, field).Result()
+	if err != nil {
+		return nil, err
+	}
+	var permissionObj rbac.PermissionOptionObject
+	fn, ok := rbac.CodePermissionObject[field]
+	if !ok {
+		return nil, errors.New("cannot get object")
+	}
+	permissionObj = fn()
+	err = json.Unmarshal([]byte(str), permissionObj)
+	return permissionObj, err
+}