添加角色规则限制

controllers/gen/SystemController_gen.go

@@ -739,18 +739,6 @@ func (c *SystemController) RoleAll(ctx *gin.Context) {
 	partial.System_RoleAll(&entitys.CtrlContext{c.apiengine, ctx, db, c.apiengine.PlatformOrmEngine})
 }
 
-// FindPermissions
-// @Title FindPermissions
-// @Description 查找用户权限
-// @Success 200 {object} sysReturn
-// @Failure 403 :id is empty
-// @router /find_permissions  [post,get,put]
-func (c *SystemController) FindPermissions(ctx *gin.Context) {
-	//
-	db := c.apiengine.BusinessOrmEngine[ctx.GetString("domain")]
-	partial.System_FindPermissions(&entitys.CtrlContext{c.apiengine, ctx, db, c.apiengine.PlatformOrmEngine})
-}
-
 // AddMenu
 // @Title AddMenu
 // @Description 添加菜单
@@ -986,3 +974,54 @@ func (c *SystemController) GetOptionsetByCode(ctx *gin.Context) {
 	db := c.apiengine.BusinessOrmEngine[ctx.GetString("domain")]
 	partial.System_GetOptionsetByCode(&entitys.CtrlContext{c.apiengine, ctx, db, c.apiengine.PlatformOrmEngine})
 }
+
+// AddDataPermission
+// @Title AddDataPermission
+// @Description 添加数据权限
+// @Param	    string  false  "数据权限"
+// @Success 200 {object} sysReturn
+// @Failure 403 :id is empty
+// @router /add_data_permission  [post,get,put]
+func (c *SystemController) AddDataPermission(ctx *gin.Context) {
+	//
+	db := c.apiengine.BusinessOrmEngine[ctx.GetString("domain")]
+	partial.System_AddDataPermission(&entitys.CtrlContext{c.apiengine, ctx, db, c.apiengine.PlatformOrmEngine})
+}
+
+// DelDataPermission
+// @Title DelDataPermission
+// @Description 删除数据权限
+// @Param	id    string  false  "数据权限ID"
+// @Success 200 {object} sysReturn
+// @Failure 403 :id is empty
+// @router /del_data_permission  [post,get,put]
+func (c *SystemController) DelDataPermission(ctx *gin.Context) {
+	//
+	db := c.apiengine.BusinessOrmEngine[ctx.GetString("domain")]
+	partial.System_DelDataPermission(&entitys.CtrlContext{c.apiengine, ctx, db, c.apiengine.PlatformOrmEngine})
+}
+
+// UpdateDataPermission
+// @Title UpdateDataPermission
+// @Description 更新数据权限
+// @Param	    string  false  "数据权限"
+// @Success 200 {object} sysReturn
+// @Failure 403 :id is empty
+// @router /update_data_permission  [post,get,put]
+func (c *SystemController) UpdateDataPermission(ctx *gin.Context) {
+	//
+	db := c.apiengine.BusinessOrmEngine[ctx.GetString("domain")]
+	partial.System_UpdateDataPermission(&entitys.CtrlContext{c.apiengine, ctx, db, c.apiengine.PlatformOrmEngine})
+}
+
+// FindDataPermissionPage
+// @Title FindDataPermissionPage
+// @Description 分页获取数据权限
+// @Success 200 {object} sysReturn
+// @Failure 403 :id is empty
+// @router /find_data_permission_page  [get,post]
+func (c *SystemController) FindDataPermissionPage(ctx *gin.Context) {
+	//
+	db := c.apiengine.BusinessOrmEngine[ctx.GetString("domain")]
+	partial.System_FindDataPermissionPage(&entitys.CtrlContext{c.apiengine, ctx, db, c.apiengine.PlatformOrmEngine})
+}

controllers/partial/SystemController.go

@@ -8,6 +8,7 @@ import (
 	sysmodel "git.qianqiusoft.com/qianqiusoft/light-apiengine/models"
 	sysutils "git.qianqiusoft.com/qianqiusoft/light-apiengine/utils"
 	"html/template"
+
 	"strconv"
 	"strings"
 	"time"
@@ -107,7 +108,25 @@ func System_FindUserPage(c *entitys.CtrlContext) {
 	org_id := c.Ctx.DefaultQuery("org_id", "")
 	cn_org_id := c.Ctx.DefaultQuery("cn_org_id", "")
 
-	paramMap_i_t := map[string]interface{}{"page": page, "rows": rows, "name": name, "login_id": login_id, "org_id": org_id, "cn_org_id": cn_org_id}
+	var roleRule interface{}
+	rule_code := "org_rule"
+	user_id := c.Ctx.GetString("user_id")
+	exist, _ := c.Db.Table("sys_user_role").Where("user_id = ? and role_id = ?", user_id, "5c38ee66-c5e6-40a7-b190-86d115bae3e5").Exist()
+	//如果是管理员
+	if exist {
+		user_id = ""
+	} else if rule_code != "" {
+		var roleRules []models.SysDataPermissionDetail
+		// 根据rule_code获取角色对应的接口规则
+		err := c.Db.SqlMapClient("get_user_rule_by_code", user_id).Find(&roleRules)
+		if err != nil {
+			roleRule = ""
+		} else {
+			roleRule = sysutils.ParseRule(roleRules)
+		}
+	}
+
+	paramMap_i_t := map[string]interface{}{"page": page, "rows": rows, "name": name, "login_id": login_id, "org_id": org_id, "cn_org_id": cn_org_id, "role_rule": roleRule}
 	result, err := sysutils.PageSearch(c.Db, "system", "find_user_page", "sys_user", paramMap_i_t)
 
 	if err != nil {
@@ -148,15 +167,25 @@ func System_FindUserPage(c *entitys.CtrlContext) {
 // @Success 200 {object} Account
 // @Failure 403 :id is empty
 func System_GetOrgTree(c *entitys.CtrlContext) {
+	var roleRule interface{}
+	rule_code := "org_rule"
 	// 管理员角色ID 5c38ee66-c5e6-40a7-b190-86d115bae3e5,如果是管理员，可以看所有，否则只看到本部门
-	user_id := c.Ctx.DefaultQuery("user_id", "")
+	user_id := c.Ctx.GetString("user_id")
 	exist, _ := c.Db.Table("sys_user_role").Where("user_id = ? and role_id = ?", user_id, "5c38ee66-c5e6-40a7-b190-86d115bae3e5").Exist()
 	//如果是管理员
 	if exist {
 		user_id = ""
+	} else if rule_code != "" {
+		var roleRules []models.SysDataPermissionDetail
+		// 根据rule_code获取角色对应的接口规则
+		err := c.Db.SqlMapClient("get_user_rule_by_code", user_id).Find(&roleRules)
+		if err != nil {
+			roleRule = ""
+		} else {
+			roleRule = sysutils.ParseRule(roleRules)
+		}
 	}
-
-	paramMap_i_t := map[string]interface{}{"sort": "name", "user_id": user_id}
+	paramMap_i_t := map[string]interface{}{"sort": "name", "user_id": user_id, "role_rule": roleRule}
 	result, err := sysutils.TreeSearch(c.Db, "system", "get_org_tree", "sys_org", paramMap_i_t)
 
 	if err == nil {
@@ -2360,6 +2389,77 @@ func System_GetOptionsetByCode(c *entitys.CtrlContext) {
 	}
 }
 
+// _AddDataPermission
+// @Title _AddDataPermission
+// @Description 添加数据权限
+// @Param	    string  false  "数据权限"
+// @Success 200 {object} Account
+// @Failure 403 :id is empty
+func System_AddDataPermission(c *entitys.CtrlContext) {
+	var paramObj0 models.SysDataPermission
+	c.Ctx.BindJSON(&paramObj0)
+	ret := __none_func_system__(paramObj0)
+	if ret {
+		c.Ctx.JSON(200, sysmodel.SysReturn{200, "", nil})
+	} else {
+		c.Ctx.JSON(500, sysmodel.SysReturn{500, "", nil})
+	}
+}
+
+// _DelDataPermission
+// @Title _DelDataPermission
+// @Description 删除数据权限
+// @Param	id    string  false  "数据权限ID"
+// @Success 200 {object} Account
+// @Failure 403 :id is empty
+func System_DelDataPermission(c *entitys.CtrlContext) {
+	id := c.Ctx.Query("id")
+
+	ret := __none_func_system__(id)
+	if ret {
+		c.Ctx.JSON(200, sysmodel.SysReturn{200, "", nil})
+	} else {
+		c.Ctx.JSON(500, sysmodel.SysReturn{500, "", nil})
+	}
+}
+
+// _UpdateDataPermission
+// @Title _UpdateDataPermission
+// @Description 更新数据权限
+// @Param	    string  false  "数据权限"
+// @Success 200 {object} Account
+// @Failure 403 :id is empty
+func System_UpdateDataPermission(c *entitys.CtrlContext) {
+	var paramObj0 models.SysDataPermission
+	c.Ctx.BindJSON(&paramObj0)
+	ret := __none_func_system__(paramObj0)
+	if ret {
+		c.Ctx.JSON(200, sysmodel.SysReturn{200, "", nil})
+	} else {
+		c.Ctx.JSON(500, sysmodel.SysReturn{500, "", nil})
+	}
+}
+
+// _FindDataPermissionPage
+// @Title _FindDataPermissionPage
+// @Description 分页获取数据权限
+// @Success 200 {object} Account
+// @Failure 403 :id is empty
+func System_FindDataPermissionPage(c *entitys.CtrlContext) {
+
+	page, _ := strconv.Atoi(c.Ctx.DefaultQuery("page", "1"))
+	rows, _ := strconv.Atoi(c.Ctx.DefaultQuery("rows", "10"))
+
+	paramMap_i_t := map[string]interface{}{"page": page, "rows": rows}
+	result, err := sysutils.PageSearch(c.Db, "system", "find_data_permission_page", "data_permission", paramMap_i_t)
+	if err == nil {
+		c.Ctx.JSON(200, sysmodel.SysReturn{200, "", result})
+	} else {
+		c.Ctx.JSON(500, sysmodel.SysReturn{500, err.Error(), nil})
+	}
+
+}
+
 func __none_func_system__(params ...interface{}) bool {
 	return true
 }

light-apiengine.xml

@@ -395,12 +395,6 @@
                     <failure ref="$sys_return"></failure>
                 </return>
             </api>
-            <api name="find_permissions" desc="查找用户权限" method="post,get,put">
-                <return>
-                    <success ref="$sys_return"></success>
-                    <failure ref="$sys_return"></failure>
-                </return>
-            </api>
             <api name="add_menu" desc="添加菜单" method="post,get,put">
                 <param name="" ref="$sys_menu" type="string" desc="菜单"/>
                 <return>
@@ -531,6 +525,29 @@
                     <failure ref="$sys_return"></failure>
                 </return>
             </api>
+            <api name="add_data_permission" desc="添加数据权限" method="post,get,put">
+                <param name="" ref="$sys_data_permission" type="string" desc="数据权限"/>
+                <return>
+                    <success ref="$sys_return"></success>
+                    <failure ref="$sys_return"></failure>
+                </return>
+            </api>
+            <api name="del_data_permission" desc="删除数据权限" method="post,get,put">
+                <param name="id"  type="string" desc="数据权限ID"/>
+                <return>
+                    <success ref="$sys_return"></success>
+                    <failure ref="$sys_return"></failure>
+                </return>
+            </api>
+            <api name="update_data_permission" desc="更新数据权限" method="post,get,put">
+                <param name="" ref="$sys_data_permission" type="string" desc="数据权限"/>
+                <return>
+                    <success ref="$sys_return"></success>
+                    <failure ref="$sys_return"></failure>
+                </return>
+            </api>
+            <api name="find_data_permission_page" desc="分页获取数据权限" function="page" table="data_permission" method="get,post" >
+            </api>
         </controller>
         <controller name="api" desc="api接口">
             <api name="api_doc" method="get" desc="api文档">
@@ -847,35 +864,49 @@
             <column isNull="false" name="last_update_time" caption="最后更新时间" type="int64" />
             <column isNull="false" name="del_flag" caption="是否删除 1：删除   0：正常" type="int32"/>
         </table>
-        <table name="sys_permission" desc="权限表">
+        <table name="sys_data_permission" desc="数据权限表">
             <column isNull="false" isPK="true" name="id" caption="主键" dbtype="varchar(36)"
                     type="string" size="36">
                 <auto value="$uuid" update="false">
                 </auto>
             </column>
-            <column isNull="false" name="perms" caption="权限标识" type="string" size="100" dbtype="varchar(100)"/>
-            <column isNull="false" name="domain" caption="域" type="string" size="50" />
+            <column isNull="false" name="name" caption="数据权限名称" type="string" size="36" dbtype="varchar(36)"/>
+            <column isNull="false" name="code" caption="编码" type="string" size="36" dbtype="varchar(36)"/>
             <column isNull="false" name="create_by" caption="创建人" type="string" size="36" dbtype="varchar(36)"/>
             <column isNull="false" name="create_time" caption="创建时间" type="datetime" />
             <column isNull="false" name="last_update_by" caption="最后更新人" type="string" size="36" dbtype="varchar(36)"/>
             <column isNull="false" name="last_update_time" caption="最后更新时间" type="int64" />
             <column isNull="false" name="del_flag" caption="是否删除 1：删除   0：正常" type="int32"/>
         </table>
-        <table name="sys_role_permission" desc="角色权限表">
+        <table name="sys_data_permission_detail" desc="数据权限表明细">
             <column isNull="false" isPK="true" name="id" caption="主键" dbtype="varchar(36)"
                     type="string" size="36">
                 <auto value="$uuid" update="false">
                 </auto>
             </column>
-            <column isNull="false" name="permission_id" caption="权限ID" type="string" size="36" dbtype="varchar(36)"/>
+            <column isNull="false" name="data_permission_id" caption="数据权限表ID" type="string" size="36" dbtype="varchar(36)"/>
             <column isNull="false" name="role_id" caption="角色ID" type="string" size="36" dbtype="varchar(36)"/>
-            <column isNull="false" name="domain" caption="域" type="string" size="50" />
+            <column isNull="false" name="rule" caption="权限规则" type="string" size="1000" dbtype="varchar(1000)"/>
             <column isNull="false" name="create_by" caption="创建人" type="string" size="36" dbtype="varchar(36)"/>
             <column isNull="false" name="create_time" caption="创建时间" type="datetime" />
             <column isNull="false" name="last_update_by" caption="最后更新人" type="string" size="36" dbtype="varchar(36)"/>
             <column isNull="false" name="last_update_time" caption="最后更新时间" type="int64" />
             <column isNull="false" name="del_flag" caption="是否删除 1：删除   0：正常" type="int32"/>
         </table>
+        <!--<table name="sys_role_data_permission" desc="角色数据权限表">-->
+            <!--<column isNull="false" isPK="true" name="id" caption="主键" dbtype="varchar(36)"-->
+                    <!--type="string" size="36">-->
+                <!--<auto value="$uuid" update="false">-->
+                <!--</auto>-->
+            <!--</column>-->
+            <!--<column isNull="false" name="data_permission_id" caption="权限ID" type="string" size="36" dbtype="varchar(36)"/>-->
+            <!--<column isNull="false" name="role_id" caption="角色ID" type="string" size="36" dbtype="varchar(36)"/>-->
+            <!--<column isNull="false" name="create_by" caption="创建人" type="string" size="36" dbtype="varchar(36)"/>-->
+            <!--<column isNull="false" name="create_time" caption="创建时间" type="datetime" />-->
+            <!--<column isNull="false" name="last_update_by" caption="最后更新人" type="string" size="36" dbtype="varchar(36)"/>-->
+            <!--<column isNull="false" name="last_update_time" caption="最后更新时间" type="int64" />-->
+            <!--<column isNull="false" name="del_flag" caption="是否删除 1：删除   0：正常" type="int32"/>-->
+        <!--</table>-->
         <table name="sys_attachment" desc="附件表">
             <column isNull="false" isPK="true" name="id" caption="主键" dbtype="varchar(36)"
                     type="string" size="36">

models/SysDataPermissionDetail_gen.go

@@ -0,0 +1,36 @@
+package models
+
+import (
+	"time"
+	//__import_packages__
+)
+
+type SysDataPermissionDetail struct {
+	//主键
+	Id string `xorm:"'id' varchar(36) pk notnull "json:"id"`
+	//数据权限表ID
+	DataPermissionId string `xorm:"'data_permission_id' varchar(36) notnull "json:"data_permission_id"`
+	//角色ID
+	RoleId string `xorm:"'role_id' varchar(36) notnull "json:"role_id"`
+	//权限规则
+	Rule string `xorm:"'rule' varchar(1000) notnull "json:"rule"`
+	//创建人
+	CreateBy string `xorm:"'create_by' varchar(36) notnull "json:"create_by"`
+	//创建时间
+	CreateTime time.Time `xorm:"'create_time' notnull "json:"create_time"`
+	//最后更新人
+	LastUpdateBy string `xorm:"'last_update_by' varchar(36) notnull "json:"last_update_by"`
+	//最后更新时间
+	LastUpdateTime int64 `xorm:"'last_update_time' notnull "json:"last_update_time"`
+	//是否删除 1：删除   0：正常
+	DelFlag int32 `xorm:"'del_flag' notnull "json:"del_flag"`
+}
+
+func (t *SysDataPermissionDetail) TableName() string {
+	return "sys_data_permission_detail"
+}
+
+func init() {
+	AddTableName("sys_data_permission_detail")
+	RegisterModel(new(SysDataPermissionDetail))
+}

models/SysDataPermission_gen.go

@@ -0,0 +1,34 @@
+package models
+
+import (
+	"time"
+	//__import_packages__
+)
+
+type SysDataPermission struct {
+	//主键
+	Id string `xorm:"'id' varchar(36) pk notnull "json:"id"`
+	//数据权限名称
+	Name string `xorm:"'name' varchar(36) notnull "json:"name"`
+	//编码
+	Code string `xorm:"'code' varchar(36) notnull "json:"code"`
+	//创建人
+	CreateBy string `xorm:"'create_by' varchar(36) notnull "json:"create_by"`
+	//创建时间
+	CreateTime time.Time `xorm:"'create_time' notnull "json:"create_time"`
+	//最后更新人
+	LastUpdateBy string `xorm:"'last_update_by' varchar(36) notnull "json:"last_update_by"`
+	//最后更新时间
+	LastUpdateTime int64 `xorm:"'last_update_time' notnull "json:"last_update_time"`
+	//是否删除 1：删除   0：正常
+	DelFlag int32 `xorm:"'del_flag' notnull "json:"del_flag"`
+}
+
+func (t *SysDataPermission) TableName() string {
+	return "sys_data_permission"
+}
+
+func init() {
+	AddTableName("sys_data_permission")
+	RegisterModel(new(SysDataPermission))
+}

models/SysRoleDataPermission_gen.go

@@ -0,0 +1,34 @@
+package models
+
+import (
+	"time"
+	//__import_packages__
+)
+
+type SysRoleDataPermission struct {
+	//主键
+	Id string `xorm:"'id' varchar(36) pk notnull "json:"id"`
+	//权限ID
+	DataPermissionId string `xorm:"'data_permission_id' varchar(36) notnull "json:"data_permission_id"`
+	//角色ID
+	RoleId string `xorm:"'role_id' varchar(36) notnull "json:"role_id"`
+	//创建人
+	CreateBy string `xorm:"'create_by' varchar(36) notnull "json:"create_by"`
+	//创建时间
+	CreateTime time.Time `xorm:"'create_time' notnull "json:"create_time"`
+	//最后更新人
+	LastUpdateBy string `xorm:"'last_update_by' varchar(36) notnull "json:"last_update_by"`
+	//最后更新时间
+	LastUpdateTime int64 `xorm:"'last_update_time' notnull "json:"last_update_time"`
+	//是否删除 1：删除   0：正常
+	DelFlag int32 `xorm:"'del_flag' notnull "json:"del_flag"`
+}
+
+func (t *SysRoleDataPermission) TableName() string {
+	return "sys_role_data_permission"
+}
+
+func init() {
+	AddTableName("sys_role_data_permission")
+	RegisterModel(new(SysRoleDataPermission))
+}

routers/system_gen.go

@@ -178,9 +178,6 @@ func registerSystemRouter(e *engine.ApiEngine) {
 	v1.GET("/role_all", ctrler.RoleAll)
 	v1.POST("/role_all", ctrler.RoleAll)
 
-	v1.GET("/find_permissions", ctrler.FindPermissions)
-	v1.POST("/find_permissions", ctrler.FindPermissions)
-
 	v1.GET("/add_menu", ctrler.AddMenu)
 	v1.POST("/add_menu", ctrler.AddMenu)
 
@@ -235,4 +232,16 @@ func registerSystemRouter(e *engine.ApiEngine) {
 	v1.GET("/get_optionset_by_code", ctrler.GetOptionsetByCode)
 	//v1.POST("/get_optionset_by_code",ctrler.GetOptionsetByCode)
 
+	v1.GET("/add_data_permission", ctrler.AddDataPermission)
+	v1.POST("/add_data_permission", ctrler.AddDataPermission)
+
+	v1.GET("/del_data_permission", ctrler.DelDataPermission)
+	v1.POST("/del_data_permission", ctrler.DelDataPermission)
+
+	v1.GET("/update_data_permission", ctrler.UpdateDataPermission)
+	v1.POST("/update_data_permission", ctrler.UpdateDataPermission)
+
+	v1.GET("/find_data_permission_page", ctrler.FindDataPermissionPage)
+	v1.POST("/find_data_permission_page", ctrler.FindDataPermissionPage)
+
 }

sqlconfig/light-apiengine-develop/sys_data_permission.xml

@@ -0,0 +1,12 @@
+<sqlMap>
+    <sql id="get_user_rule_by_code">
+        SELECT
+            sys_data_permission_detail.*
+        FROM
+            `sys_data_permission`, `sys_data_permission_detail`,`sys_user_role`
+        WHERE
+            sys_data_permission.id = sys_data_permission_detail.data_permission_id
+            AND sys_user_role.role_id = sys_data_permission_detail.role_id
+            AND sys_user_role.user_id = ?
+    </sql>
+</sqlMap>

sqlconfig/system_controller/system_find_data_permission_page_count.tpl

@@ -0,0 +1,7 @@
+
+select
+    count(*) records
+from
+    data_permission
+where
+	del_flag = 0

sqlconfig/system_controller/system_find_data_permission_page_select.tpl

@@ -0,0 +1,8 @@
+
+select
+    data_permission.*
+from
+    data_permission
+where
+    del_flag = 0
+LIMIT {{.rows}} OFFSET {{.offset}}

sqlconfig/system_controller/system_find_user_page_count.tpl

@@ -18,3 +18,6 @@ where
 {{if ne .cn_org_id ""}}
     and sys_org.inheritance like '%{{.cn_org_id}}%'
 {{end}}
+{{if ne .role_rule ""}}
+    and {{.role_rule}}
+{{end}}

sqlconfig/system_controller/system_find_user_page_select.tpl

@@ -28,5 +28,8 @@ where
 {{if ne .cn_org_id ""}}
     and sys_org.inheritance like '%{{.cn_org_id}}%'
 {{end}}
+{{if ne .role_rule ""}}
+    and {{.role_rule}}
+{{end}}
 GROUP BY sys_user.id
 LIMIT {{.rows}} OFFSET {{.offset}}

sqlconfig/system_controller/system_get_org_tree.tpl

@@ -8,7 +8,7 @@ left join
 on sys_user.org_id = sys_org.id
 where
     sys_org.del_flag = 0
-{{if ne .user_id ""}}
-    and sys_user.id = '{{.user_id}}'
+{{if ne .role_rule ""}}
+    and {{.role_rule}}
 {{end}}
 GROUP BY sys_org.id

utils/data_permission_parse_rule.go

@@ -0,0 +1,23 @@
+package utils
+
+import (
+	"git.qianqiusoft.com/qianqiusoft/light-apiengine/models"
+	"html/template"
+)
+
+func ParseRule(roleRules []models.SysDataPermissionDetail) interface{} {
+	roleRule := ""
+	for i, rule := range roleRules {
+		switch i {
+		case 0:
+			roleRule = rule.Rule
+
+		case len(roleRules):
+			roleRule += rule.Rule
+		default:
+			roleRule += " or " + rule.Rule
+		}
+	}
+
+	return template.HTML(roleRule)
+}