2 Achegas 4564b19352 ... f2b94988ee

Autor SHA1 Mensaxe Data
  Roc f2b94988ee Merge branch 'pool/286' hai 2 semanas
  Roc f1ca3a005d 修复了非超管用户查询报告的权限问题 hai 2 meses
Modificáronse 5 ficheiros con 179 adicións e 156 borrados
  1. 101 119
      controllers/report_chapter.go
  2. 23 14
      controllers/report_v2.go
  3. 27 13
      services/report_chapter.go
  4. 18 10
      services/report_v2.go
  5. 10 0
      utils/common.go

+ 101 - 119
controllers/report_chapter.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"eta/eta_api/models"
 	"eta/eta_api/models/report"
+	"eta/eta_api/models/system"
 	"eta/eta_api/services"
 	"eta/eta_api/services/data"
 	"eta/eta_api/utils"
@@ -332,38 +333,12 @@ func (this *ReportController) EditDayWeekChapter() {
 	}
 
 	// 操作权限校验
-	{
-		// 如果不是创建人,那么就要去查看是否授权
-		if reportInfo.AdminId != sysUser.AdminId {
-			// 授权用户权限校验
-			chapterGrantObj := report.ReportChapterGrant{}
-			_, tmpErr := chapterGrantObj.GetGrantByIdAndAdmin(reportChapterInfo.ReportChapterId, sysUser.AdminId)
-			if tmpErr != nil {
-				if tmpErr.Error() == utils.ErrNoRow() {
-					br.Msg = "没有权限"
-					br.ErrMsg = "没有权限"
-					br.IsSendEmail = false
-					return
-				}
-				br.Msg = "获取章节id授权用户失败"
-				br.ErrMsg = "获取章节id授权用户失败, Err: " + tmpErr.Error()
-				return
-			}
-		}
-
-		// 标记更新中
-		{
-			markStatus, err := services.UpdateReportEditMark(reportChapterInfo.ReportId, reportChapterInfo.ReportChapterId, sysUser.AdminId, 1, sysUser.RealName, this.Lang)
-			if err != nil {
-				br.Msg = err.Error()
-				return
-			}
-			if markStatus.Status == 1 {
-				br.Msg = markStatus.Msg
-				br.IsSendEmail = false
-				return
-			}
-		}
+	hasAuth, msg, errMsg, isSendEmail := checkOpPermission(sysUser, reportInfo, reportChapterInfo, true, this.Lang)
+	if !hasAuth {
+		br.Msg = msg
+		br.ErrMsg = errMsg
+		br.IsSendEmail = isSendEmail
+		return
 	}
 
 	if reportInfo.State == 2 {
@@ -530,38 +505,12 @@ func (this *ReportController) DelChapter() {
 	}
 
 	// 操作权限校验
-	{
-		// 如果不是创建人,那么就要去查看是否授权
-		if reportInfo.AdminId != sysUser.AdminId {
-			// 授权用户权限校验
-			chapterGrantObj := report.ReportChapterGrant{}
-			_, tmpErr := chapterGrantObj.GetGrantByIdAndAdmin(reportChapterInfo.ReportChapterId, sysUser.AdminId)
-			if tmpErr != nil {
-				if tmpErr.Error() == utils.ErrNoRow() {
-					br.Msg = "没有权限"
-					br.ErrMsg = "没有权限"
-					br.IsSendEmail = false
-					return
-				}
-				br.Msg = "获取章节id授权用户失败"
-				br.ErrMsg = "获取章节id授权用户失败, Err: " + tmpErr.Error()
-				return
-			}
-		}
-
-		// 标记更新中
-		{
-			markStatus, err := services.UpdateReportEditMark(reportChapterInfo.ReportId, reportChapterInfo.ReportChapterId, sysUser.AdminId, 1, sysUser.RealName, this.Lang)
-			if err != nil {
-				br.Msg = err.Error()
-				return
-			}
-			if markStatus.Status == 1 {
-				br.Msg = markStatus.Msg
-				br.IsSendEmail = false
-				return
-			}
-		}
+	hasAuth, msg, errMsg, isSendEmail := checkOpPermission(sysUser, reportInfo, reportChapterInfo, true, this.Lang)
+	if !hasAuth {
+		br.Msg = msg
+		br.ErrMsg = errMsg
+		br.IsSendEmail = isSendEmail
+		return
 	}
 
 	if reportInfo.State == 2 {
@@ -572,7 +521,7 @@ func (this *ReportController) DelChapter() {
 	}
 
 	// 删除章节
-	err, errMsg := services.DelChapter(reportInfo, reportChapterInfo, sysUser)
+	err, errMsg = services.DelChapter(reportInfo, reportChapterInfo, sysUser)
 	if err != nil {
 		br.Msg = "删除失败"
 		if errMsg != "" {
@@ -629,7 +578,7 @@ func (this *ReportController) GetReportChapterList() {
 	}
 
 	// 权限校验
-	isAuth, err := services.CheckReportAuthByReportChapterInfo(sysUser.AdminId, reportInfo.AdminId, reportId)
+	isAuth, err := services.CheckReportAuthByReportId(sysUser, reportInfo.AdminId, reportId)
 	if err != nil {
 		br.Msg = "获取报告权限失败"
 		br.ErrMsg = "获取报告权限失败,Err:" + err.Error()
@@ -757,7 +706,7 @@ func (this *ReportController) GetReportChapterList() {
 			}
 
 			// 报告章节的操作权限
-			tmpChapterItem.IsAuth = services.CheckChapterAuthByAdminIdList(sysUser.AdminId, reportInfo.AdminId, tmpChapterIdGrandList)
+			tmpChapterItem.IsAuth = services.CheckChapterAuthByAdminIdList(sysUser, reportInfo.AdminId, tmpChapterIdGrandList)
 
 			resp = append(resp, tmpChapterItem)
 		}
@@ -811,7 +760,7 @@ func (this *ReportController) GetDayWeekChapter() {
 	}
 
 	// 权限校验
-	isAuth, err := services.CheckReportAuthByReportChapterInfo(sysUser.AdminId, reportInfo.AdminId, reportInfo.Id)
+	isAuth, err := services.CheckReportAuthByReportId(sysUser, reportInfo.AdminId, reportInfo.Id)
 	if err != nil {
 		br.Msg = "获取报告权限失败"
 		br.ErrMsg = "获取报告权限失败,Err:" + err.Error()
@@ -986,24 +935,12 @@ func (this *ReportController) EditChapterTrendTag() {
 	}
 
 	// 操作权限校验
-	{
-		// 如果不是创建人,那么就要去查看是否授权
-		if reportInfo.AdminId != sysUser.AdminId {
-			// 授权用户权限校验
-			chapterGrantObj := report.ReportChapterGrant{}
-			_, tmpErr := chapterGrantObj.GetGrantByIdAndAdmin(chapterInfo.ReportChapterId, sysUser.AdminId)
-			if tmpErr != nil {
-				if tmpErr.Error() == utils.ErrNoRow() {
-					br.Msg = "没有权限"
-					br.ErrMsg = "没有权限"
-					br.IsSendEmail = false
-					return
-				}
-				br.Msg = "获取章节id授权用户失败"
-				br.ErrMsg = "获取章节id授权用户失败, Err: " + tmpErr.Error()
-				return
-			}
-		}
+	hasAuth, msg, errMsg, isSendEmail := checkOpPermission(sysUser, reportInfo, chapterInfo, false, this.Lang)
+	if !hasAuth {
+		br.Msg = msg
+		br.ErrMsg = errMsg
+		br.IsSendEmail = isSendEmail
+		return
 	}
 
 	// 更新章节标签
@@ -1129,7 +1066,7 @@ func (this *ReportController) VoiceUpload() {
 	}
 
 	// 权限校验
-	isAuth, err := services.CheckChapterAuthByReportChapterInfo(this.SysUser.AdminId, reportInfo.AdminId, reportChapterInfo)
+	isAuth, err := services.CheckChapterAuthByReportChapterInfo(this.SysUser, reportInfo.AdminId, reportChapterInfo)
 	if err != nil {
 		br.Msg = "获取报告权限失败"
 		br.ErrMsg = "获取报告权限失败,Err:" + err.Error()
@@ -1557,38 +1494,12 @@ func (this *ReportController) EditChapterTitle() {
 	}
 
 	// 操作权限校验
-	{
-		// 如果不是创建人,那么就要去查看是否授权
-		if reportInfo.AdminId != sysUser.AdminId {
-			// 授权用户权限校验
-			chapterGrantObj := report.ReportChapterGrant{}
-			_, tmpErr := chapterGrantObj.GetGrantByIdAndAdmin(reportChapterInfo.ReportChapterId, sysUser.AdminId)
-			if tmpErr != nil {
-				if tmpErr.Error() == utils.ErrNoRow() {
-					br.Msg = "没有权限"
-					br.ErrMsg = "没有权限"
-					br.IsSendEmail = false
-					return
-				}
-				br.Msg = "获取章节id授权用户失败"
-				br.ErrMsg = "获取章节id授权用户失败, Err: " + tmpErr.Error()
-				return
-			}
-		}
-
-		// 标记更新中
-		{
-			markStatus, err := services.UpdateReportEditMark(reportChapterInfo.ReportId, reportChapterInfo.ReportChapterId, sysUser.AdminId, 1, sysUser.RealName, this.Lang)
-			if err != nil {
-				br.Msg = err.Error()
-				return
-			}
-			if markStatus.Status == 1 {
-				br.Msg = markStatus.Msg
-				br.IsSendEmail = false
-				return
-			}
-		}
+	hasAuth, msg, errMsg, isSendEmail := checkOpPermission(sysUser, reportInfo, reportChapterInfo, true, this.Lang)
+	if !hasAuth {
+		br.Msg = msg
+		br.ErrMsg = errMsg
+		br.IsSendEmail = isSendEmail
+		return
 	}
 
 	if reportInfo.State == 2 {
@@ -1726,3 +1637,74 @@ func (this *ReportController) CancelPublishReportChapter() {
 	br.Success = true
 	br.Msg = "撤销成功"
 }
+
+// checkOpPermission
+// @Description: 操作权限校验
+// @author: Roc
+// @datetime 2024-11-12 09:58:34
+// @param sysUser *system.Admin
+// @param reportInfo *models.Report
+// @param reportChapterInfo *models.ReportChapter
+// @param isMarkStatus bool
+// @param lang string
+// @return hasAuth bool
+// @return msg string
+// @return errMsg string
+// @return isSendEmail bool
+func checkOpPermission(sysUser *system.Admin, reportInfo *models.Report, reportChapterInfo *models.ReportChapter, isMarkStatus bool, lang string) (hasAuth bool, msg, errMsg string, isSendEmail bool) {
+	isSendEmail = true
+
+	// 权限校验
+	isAuth, err := services.CheckChapterAuthByReportChapterInfo(sysUser, reportInfo.AdminId, reportChapterInfo)
+	if err != nil {
+		msg = "获取报告权限失败"
+		errMsg = "获取报告权限失败,Err:" + err.Error()
+		return
+	}
+	if !isAuth {
+		msg = "没有权限"
+		errMsg = "没有权限"
+		isSendEmail = false
+		return
+	}
+
+	// 如果不是创建人,那么就要去查看是否授权
+	//if reportInfo.AdminId != sysUser.AdminId && !utils.IsAdminRole(sysUser.RoleTypeCode) {
+	//	// 授权用户权限校验
+	//	chapterGrantObj := report.ReportChapterGrant{}
+	//	_, tmpErr := chapterGrantObj.GetGrantByIdAndAdmin(reportChapterInfo.ReportChapterId, sysUser.AdminId)
+	//	if tmpErr != nil {
+	//		if tmpErr.Error() == utils.ErrNoRow() {
+	//			msg = "没有权限"
+	//			errMsg = "没有权限"
+	//			isSendEmail = false
+	//			return
+	//		}
+	//		msg = "获取章节id授权用户失败"
+	//		errMsg = "获取章节id授权用户失败, Err: " + tmpErr.Error()
+	//		return
+	//	}
+	//}
+
+	// 标记更新中
+	if isMarkStatus {
+		markStatus, err := services.UpdateReportEditMark(reportChapterInfo.ReportId, reportChapterInfo.ReportChapterId, sysUser.AdminId, 1, sysUser.RealName, lang)
+		if err != nil {
+			msg = err.Error()
+			errMsg = err.Error()
+			return
+		}
+		if markStatus.Status == 1 {
+			msg = markStatus.Msg
+			errMsg = markStatus.Msg
+			isSendEmail = false
+			return
+		}
+	}
+
+	// 有权限
+	hasAuth = true
+
+	return
+}
+

+ 23 - 14
controllers/report_v2.go

@@ -134,11 +134,17 @@ func (this *ReportController) ListReport() {
 		pars = append(pars, 1)
 		condition += `  AND a.state in (2,6) `
 	case 3:
-		condition += ` AND a.admin_id = ? `
-		pars = append(pars, this.SysUser.AdminId)
+		// 如果不是超管,那么就看自己有权限的
+		if !utils.IsAdminRole(this.SysUser.RoleTypeCode) {
+			condition += ` AND a.admin_id = ? `
+			pars = append(pars, this.SysUser.AdminId)
+		}
 	case 2:
-		condition += ` AND (a.admin_id = ? or b.admin_id = ?) `
-		pars = append(pars, this.SysUser.AdminId, this.SysUser.AdminId)
+		// 如果不是超管,那么就看自己有权限的
+		if !utils.IsAdminRole(this.SysUser.RoleTypeCode) {
+			condition += ` AND (a.admin_id = ? or b.admin_id = ?) `
+			pars = append(pars, this.SysUser.AdminId, this.SysUser.AdminId)
+		}
 	}
 
 	// 共享报告需要连表查询,所以需要单独写
@@ -902,18 +908,21 @@ func (this *ReportController) AuthorizedListReport() {
 	var err error
 	var total int
 
-	orCondition := `AND ( (a.is_public_publish = ? AND a.state in (2,6)) or a.admin_id = ? `
-	pars = append(pars, 1, this.SysUser.AdminId)
+	// 如果不是超管,那么只能看到有权限的报告
+	if !utils.IsAdminRole(this.SysUser.RoleTypeCode) {
+		orCondition := `AND ( (a.is_public_publish = ? AND a.state in (2,6)) or a.admin_id = ? `
+		pars = append(pars, 1, this.SysUser.AdminId)
 
-	// 当前用户有权限的报告id列表
-	num := len(grantReportIdList)
-	if num > 0 {
-		orCondition += ` OR a.id in (` + utils.GetOrmInReplace(num) + `)`
-		pars = append(pars, grantReportIdList)
-	}
-	orCondition += ` ) `
+		// 当前用户有权限的报告id列表
+		num := len(grantReportIdList)
+		if num > 0 {
+			orCondition += ` OR a.id in (` + utils.GetOrmInReplace(num) + `)`
+			pars = append(pars, grantReportIdList)
+		}
+		orCondition += ` ) `
 
-	condition += orCondition
+		condition += orCondition
+	}
 
 	total, err = models.GetReportListCountByAuthorized(condition, pars)
 	if err != nil {

+ 27 - 13
services/report_chapter.go

@@ -3,6 +3,7 @@ package services
 import (
 	"eta/eta_api/models"
 	"eta/eta_api/models/report"
+	"eta/eta_api/models/system"
 	"eta/eta_api/utils"
 	"fmt"
 	"time"
@@ -173,18 +174,23 @@ func moveReportChapter(reportChapter, prevReportChapter, nextReportChapter *mode
 // @Description: 根据管理员id列表,判断当前用户是否有章节权限
 // @author: Roc
 // @datetime 2024-06-13 11:03:10
-// @param adminId int
+// @param sysUser *system.Admin
 // @param createAdminId int
 // @param grantAdminIdList []int
 // @return isAuth bool
-func CheckChapterAuthByAdminIdList(adminId, createAdminId int, grantAdminIdList []int) (isAuth bool) {
+func CheckChapterAuthByAdminIdList(sysUser *system.Admin, createAdminId int, grantAdminIdList []int) (isAuth bool) {
 	// 如果是自己创建的报告,那么就有权限
-	if adminId == createAdminId {
+	if sysUser.AdminId == createAdminId {
+		isAuth = true
+		return
+	}
+	// 如果本人是超管,那么就有权限
+	if utils.IsAdminRole(sysUser.RoleTypeCode) {
 		isAuth = true
 		return
 	}
 	// 如果是授权用户,那么就有权限
-	if utils.IsCheckInList(grantAdminIdList, adminId) {
+	if utils.IsCheckInList(grantAdminIdList, sysUser.AdminId) {
 		isAuth = true
 		return
 	}
@@ -201,24 +207,32 @@ func CheckChapterAuthByAdminIdList(adminId, createAdminId int, grantAdminIdList
 // @param reportChapterInfo *models.ReportChapter
 // @return isAuth bool
 // @return err error
-func CheckChapterAuthByReportChapterInfo(adminId, createAdminId int, reportChapterInfo *models.ReportChapter) (isAuth bool, err error) {
+func CheckChapterAuthByReportChapterInfo(sysUser *system.Admin, createAdminId int, reportChapterInfo *models.ReportChapter) (isAuth bool, err error) {
 	// 如果是自己创建的报告,那么就有权限
-	if adminId == createAdminId {
+	if sysUser.AdminId == createAdminId {
 		isAuth = true
 		return
 	}
-
-	chapterGrantObj := report.ReportChapterGrant{}
-	chapterGrantList, err := chapterGrantObj.GetGrantListById(reportChapterInfo.ReportChapterId)
-	if err != nil {
+	// 如果本人是超管,那么就有权限
+	if utils.IsAdminRole(sysUser.RoleTypeCode) {
+		isAuth = true
 		return
 	}
 
-	for _, v := range chapterGrantList {
-		if v.AdminId == adminId {
-			isAuth = true
+	chapterGrantObj := report.ReportChapterGrant{}
+	item, err := chapterGrantObj.GetGrantByIdAndAdmin(reportChapterInfo.ReportChapterId, sysUser.AdminId)
+	if err != nil {
+		// 如果是没找到数据,那么就是无权限
+		if err.Error() == utils.ErrNoRow() {
+			err = nil
 			return
 		}
+		// sql报错了
+		return
+	}
+	// 用户id一致就有权限
+	if item.AdminId == sysUser.AdminId {
+		isAuth = true
 	}
 
 	return

+ 18 - 10
services/report_v2.go

@@ -1049,7 +1049,7 @@ func CheckReportAuthByAdminIdList(adminId, createAdminId int, grantAdminIdList [
 	return
 }
 
-// CheckReportAuthByReportChapterInfo
+// CheckReportAuthByReportId
 // @Description: 根据报告ID,判断当前用户是否有报告权限
 // @author: Roc
 // @datetime 2024-06-13 16:21:28
@@ -1057,24 +1057,32 @@ func CheckReportAuthByAdminIdList(adminId, createAdminId int, grantAdminIdList [
 // @param reportInfoId int
 // @return isAuth bool
 // @return err error
-func CheckReportAuthByReportChapterInfo(adminId, createAdminId int, reportInfoId int) (isAuth bool, err error) {
+func CheckReportAuthByReportId(sysUser *system.Admin, createAdminId int, reportInfoId int) (isAuth bool, err error) {
 	// 如果是自己创建的报告,那么就有权限
-	if adminId == createAdminId {
+	if sysUser.AdminId == createAdminId {
 		isAuth = true
 		return
 	}
-
-	obj := report.ReportGrant{}
-	chapterGrantList, err := obj.GetGrantListById(reportInfoId)
-	if err != nil {
+	// 如果本人是超管,那么就有权限
+	if utils.IsAdminRole(sysUser.RoleTypeCode) {
+		isAuth = true
 		return
 	}
 
-	for _, v := range chapterGrantList {
-		if v.AdminId == adminId {
-			isAuth = true
+	obj := report.ReportGrant{}
+	item, err := obj.GetGrantByIdAndAdmin(reportInfoId, sysUser.AdminId)
+	if err != nil {
+		// 如果是没找到数据,那么就是无权限
+		if err.Error() == utils.ErrNoRow() {
+			err = nil
 			return
 		}
+		// sql报错了
+		return
+	}
+	// 用户id一致就有权限
+	if item.AdminId == sysUser.AdminId {
+		isAuth = true
 	}
 
 	return

+ 10 - 0
utils/common.go

@@ -2804,3 +2804,13 @@ func FindMinMax(numbers []float64) (min float64, max float64) {
 
 	return min, max
 }
+
+// IsAdminRole
+// @Description: 判断是否管理员角色
+// @author: Roc
+// @datetime 2024-11-12 09:40:48
+// @param roleTypeCode string
+// @return bool
+func IsAdminRole(roleTypeCode string) bool {
+	return roleTypeCode == ROLE_TYPE_CODE_ADMIN
+}