添加请求时的权限校验

唐旭辉
controllers/base.go
middleware/middle.go
services/auth/auth.go
services/rbac/permission.go
storage/redisdata/key.go
storage/redisdata/redis.go
--- a/controllers/base.go
查看文件 @f888b0f
+++ b/controllers/base.go
查看文件 @f888b0f
@@ -28,8 +28,11 @@ func (this *BaseController) Prepare() {
 		this.Ctx.WriteString("")
 		return
 	}
- 	p := this.Ctx.Input.GetData("RouterPattern")
- 	fmt.Println("====>r:", p)
+ 	// p := this.Ctx.Input.GetData("RouterPattern")
+ 	// userid := this.GetUserId()
+ 	// companyid := this.GetCompanyId()
+ 	//权限校验
+ 
 }
 
 func (this *BaseController) GetAppHead() (appHead protocol.BaseHeader) {
--- a/middleware/middle.go
查看文件 @f888b0f
+++ b/middleware/middle.go
查看文件 @f888b0f
@@ -117,6 +117,3 @@ var LogRouter = func(ctx *context.Context) {
 }
 
 //CheckOperation 检查操作权限,beforeController
- var CheckOperation = func(ctx *context.Context) {
- 
- }
--- a/services/auth/auth.go
查看文件 @f888b0f
+++ b/services/auth/auth.go
查看文件 @f888b0f
@@ -8,6 +8,7 @@ import (
 	"oppmg/common/log"
 	"oppmg/models"
 	"oppmg/protocol"
+ 	serverbac "oppmg/services/rbac"
 	"oppmg/services/ucenter"
 	"oppmg/storage/redisdata"
 	"oppmg/utils"
@@ -237,6 +238,8 @@ func LoginAuthByUCenter(account, password string) (protocol.LoginAuthToken, erro
 	if err != nil {
 		log.Error("更新用户数据失败：%s", err)
 	}
+ 
+ 	InitPermission(usercompanyid)
 	return logintoken, err
 }
 
@@ -474,6 +477,7 @@ func LoginAuthBySmsCode(phone string, code string) (protocol.LoginAuthToken, err
 	if err != nil {
 		log.Error("更新用户数据失败：%s", err)
 	}
+ 	InitPermission(usercompanyid)
 	return logintoken, err
 }
 
@@ -504,7 +508,42 @@ func SmsCodeCheck(phone string, code string) error {
 }
 
 //InitPermission  登录时权限初始化
- func InitPermission(usercompanyid int, userid int64) error {
- 
+ func InitPermission(usercompanyid int64) error {
+ 	var (
+ 		err           error
+ 		permissionMap map[string]serverbac.PermissionOptionObject
+ 	)
+ 	permissionMap, err = serverbac.GetUserPermission(usercompanyid)
+ 	if err != nil {
+ 		log.Error("获取用户的权限失败")
+ 		return err
+ 	}
+ 	err = redisdata.SetUserPermission(permissionMap, usercompanyid)
+ 	if err != nil {
+ 		log.Error("缓存用户权限失败:%s", err)
+ 	}
 	return nil
 }
+ 
+ func ValidUserPermission(urlPath string, userid int64, companyid int64) bool {
+ 	var (
+ 		err            error
+ 		permissionbase serverbac.PermissionBase
+ 		ok             bool = false
+ 		permissionObj  serverbac.PermissionOptionObject
+ 	)
+ 	permissionbase, ok = serverbac.RouterPermission[urlPath]
+ 	if !ok {
+ 		return true
+ 	}
+ 	permissionObj, err = redisdata.GetUserPermission(userid, permissionbase.CodeName)
+ 	if err != nil {
+ 		log.Error("未取到权限数据")
+ 		return false
+ 	}
+ 	ok = permissionObj.GetValidFunc(permissionbase.ActionName)
+ 	if ok {
+ 		return true
+ 	}
+ 	return false
+ }
--- a/services/rbac/permission.go
查看文件 @f888b0f
+++ b/services/rbac/permission.go
查看文件 @f888b0f
@@ -35,7 +35,7 @@ type PermissionBase struct {
 	ActionName string
 }
 
- var routerPermission = map[string]PermissionBase{
+ var RouterPermission = map[string]PermissionBase{
 	"/v1/department/list":            PermissionBase{CodeName: M_ENTERPRISE_ORGANIZATION, ActionName: "default"},
 	"/v1/department/add":             PermissionBase{CodeName: M_ENTERPRISE_ORGANIZATION, ActionName: "default"},
 	"/v1/department/edit":            PermissionBase{CodeName: M_ENTERPRISE_ORGANIZATION, ActionName: "default"},
@@ -133,7 +133,7 @@ func GetUserPermission(userCompanyid int64) (map[string]PermissionOptionObject, 
 		if fn, ok := CodePermissionObject[v.Code]; ok {
 			obj := fn()
 			if err = json.Unmarshal([]byte(v.Opption), obj); err != nil {
- 				log.Debug("解析权限配置option 失败%s", err)
+ 				log.Debug("解析权限配置option:%s %s失败%s", v.Code, v.Opption, err)
 			}
 			objMap[v.Code] = obj
 		} else {
--- a/storage/redisdata/key.go
查看文件 @f888b0f
+++ b/storage/redisdata/key.go
查看文件 @f888b0f
@@ -32,3 +32,8 @@ func GetKeyCaptchAuth(phone string) string {
 	key := fmt.Sprintf("%s%s:%s", KEY_PREFIX, KEY_CAPTCHA_AUTH, phone)
 	return key
 }
+ 
+ func GetKeyUserPermission(userid int64) string {
+ 	key := fmt.Sprintf("%s%s:%d", KEY_PREFIX, KEY_USER_PERMISSION, userid)
+ 	return key
+ }
--- a/storage/redisdata/redis.go
查看文件 @f888b0f
+++ b/storage/redisdata/redis.go
查看文件 @f888b0f
@@ -2,10 +2,13 @@ package redisdata
 
 import (
 	"encoding/json"
+ 	"errors"
 	"oppmg/common/log"
 	"oppmg/common/redis"
 	"oppmg/protocol"
+ 	"oppmg/services/rbac"
 	"strings"
+ 	"time"
 )
 
 func SetLoginToken(param protocol.LoginAuthToken, userid int64, companyid int64) error {
@@ -96,3 +99,38 @@ func GetCaptchAuth(phone string) (string, error) {
 	r, err := client.Get(key).Result()
 	return r, err
 }
+ 
+ func SetUserPermission(objMap map[string]rbac.PermissionOptionObject, usercompanyid int64) error {
+ 	key := GetKeyUserPermission(usercompanyid)
+ 	client := redis.GetRedis()
+ 	for k := range objMap {
+ 		s, err := json.Marshal(objMap[k])
+ 		if err != nil {
+ 			log.Error("解析错误:%s", err)
+ 			continue
+ 		}
+ 		err = client.HSet(key, k, s).Err()
+ 		if err != nil {
+ 			log.Error("设置权限缓存失败：%s", err)
+ 		}
+ 	}
+ 	client.Expire(key, 60*60*6*time.Second)
+ 	return nil
+ }
+ 
+ func GetUserPermission(userid int64, field string) (rbac.PermissionOptionObject, error) {
+ 	key := GetKeyUserPermission(userid)
+ 	client := redis.GetRedis()
+ 	str, err := client.HGet(key, field).Result()
+ 	if err != nil {
+ 		return nil, err
+ 	}
+ 	var permissionObj rbac.PermissionOptionObject
+ 	fn, ok := rbac.CodePermissionObject[field]
+ 	if !ok {
+ 		return nil, errors.New("cannot get object")
+ 	}
+ 	permissionObj = fn()
+ 	err = json.Unmarshal([]byte(str), permissionObj)
+ 	return permissionObj, err
+ }