be.ems/src/framework/reqctx/auth.go

package reqctx

import (
	"fmt"
	"strings"

	"github.com/gin-gonic/gin"

	"be.ems/src/framework/config"
	"be.ems/src/framework/constants"
	"be.ems/src/framework/vo"
)

// LoginUser 登录用户信息
func LoginUser(c *gin.Context) (vo.LoginUser, error) {
	value, exists := c.Get(constants.CTX_LOGIN_USER)
	if exists && value != nil {
		return value.(vo.LoginUser), nil
	}
	return vo.LoginUser{}, fmt.Errorf("invalid login user information")
}

// LoginUserToUserID 登录用户信息-用户ID
func LoginUserToUserID(c *gin.Context) string {
	info, err := LoginUser(c)
	if err != nil {
		return ""
	}
	return info.UserID
}

// LoginUserToUserName 登录用户信息-用户名称
func LoginUserToUserName(c *gin.Context) string {
	info, err := LoginUser(c)
	if err != nil {
		return ""
	}
	return info.User.UserName
}

// LoginUserByContainRoles 登录用户信息-包含角色KEY
func LoginUserByContainRoles(c *gin.Context, target string) bool {
	info, err := LoginUser(c)
	if err != nil {
		return false
	}
	if config.IsAdmin(info.UserID) {
		return true
	}
	roles := info.User.Roles
	for _, item := range roles {
		if item.RoleKey == target {
			return true
		}
	}
	return false
}

// LoginUserByContainPerms 登录用户信息-包含权限标识
func LoginUserByContainPerms(c *gin.Context, target string) bool {
	loginUser, err := LoginUser(c)
	if err != nil {
		return false
	}
	if config.IsAdmin(loginUser.UserID) {
		return true
	}
	perms := loginUser.Permissions
	for _, str := range perms {
		if str == target {
			return true
		}
	}
	return false
}

// LoginUserToDataScopeSQL 登录用户信息-角色数据范围过滤SQL字符串
func LoginUserToDataScopeSQL(c *gin.Context, deptAlias string, userAlias string) string {
	dataScopeSQL := ""
	// 登录用户信息
	info, err := LoginUser(c)
	if err != nil {
		return dataScopeSQL
	}
	userInfo := info.User

	// 如果是系统管理员，则不过滤数据
	if config.IsAdmin(userInfo.UserID) {
		return dataScopeSQL
	}
	// 无用户角色
	if len(userInfo.Roles) <= 0 {
		return dataScopeSQL
	}

	// 记录角色权限范围定义添加过, 非自定数据权限不需要重复拼接SQL
	var scopeKeys []string
	var conditions []string
	for _, role := range userInfo.Roles {
		dataScope := role.DataScope

		if constants.ROLE_SCOPE_ALL == dataScope {
			break
		}

		if constants.ROLE_SCOPE_CUSTOM != dataScope {
			hasKey := false
			for _, key := range scopeKeys {
				if key == dataScope {
					hasKey = true
					break
				}
			}
			if hasKey {
				continue
			}
		}

		if constants.ROLE_SCOPE_CUSTOM == dataScope {
			sql := fmt.Sprintf(`%s.dept_id IN 
			( SELECT dept_id FROM sys_role_dept WHERE role_id = %s ) 
			AND %s.dept_id NOT IN 
			( 
			SELECT d.parent_id FROM sys_dept d 
			INNER JOIN sys_role_dept rd ON rd.dept_id = d.dept_id 
			AND rd.role_id = %s 
			)`, deptAlias, role.RoleID, deptAlias, role.RoleID)
			conditions = append(conditions, sql)
		}

		if constants.ROLE_SCOPE_DEPT == dataScope {
			sql := fmt.Sprintf("%s.dept_id = %s", deptAlias, userInfo.DeptID)
			conditions = append(conditions, sql)
		}

		if constants.ROLE_SCOPE_DEPT_CHILD == dataScope {
			sql := fmt.Sprintf("%s.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = %s OR find_in_set(%s, ancestors ) )", deptAlias, userInfo.DeptID, userInfo.DeptID)
			conditions = append(conditions, sql)
		}

		if constants.ROLE_SCOPE_SELF == dataScope {
			if userAlias == "" {
				sql := fmt.Sprintf("%s.dept_id = %s", deptAlias, userInfo.DeptID)
				conditions = append(conditions, sql)
			} else {
				sql := fmt.Sprintf("%s.user_id = %s", userAlias, userInfo.UserID)
				conditions = append(conditions, sql)
			}
		}

		// 记录角色范围
		scopeKeys = append(scopeKeys, dataScope)
	}

	// 构建查询条件语句
	if len(conditions) > 0 {
		dataScopeSQL = fmt.Sprintf(" ( %s ) ", strings.Join(conditions, " OR "))
	}
	return dataScopeSQL
}