消息订阅增加多个消息支持，优化文件选择器清空操作，添加后台用户时增加角色部门验证

2025-08-28 05:12:32 +08:00 · 2023-07-27 17:09:29 +08:00
parent 471f069295
commit 465e48d7bc
10 changed files with 637 additions and 544 deletions
--- a/server/internal/logic/admin/cash.go
+++ b/server/internal/logic/admin/cash.go
@@ -37,6 +37,7 @@ func init() {

 // View 获取指定提现信息
 func (s *sAdminCash) View(ctx context.Context, in *adminin.CashViewInp) (res *adminin.CashViewModel, err error) {
+	// 这里做了强制限制非超管不允许访问，如果你想通过菜单权限控制，请注释掉以下验证
 	if !service.AdminMember().VerifySuperId(ctx, contexts.GetUserId(ctx)) {
 		err = gerror.New("没有访问权限")
 		return
@@ -153,12 +154,12 @@ func (s *sAdminCash) Apply(ctx context.Context, in *adminin.CashApplyInp) (err e
 	}

 	if err = dao.AdminMember.Ctx(ctx).Where("id", in.MemberId).Scan(&member); err != nil {
-		err = gerror.Newf("获取管理员信息失败:%+v", err.Error())
+		err = gerror.Newf("获取用户信息失败:%+v", err.Error())
 		return
 	}

 	if member == nil {
-		err = gerror.Newf("获取管理员信息失败")
+		err = gerror.Newf("获取用户信息失败")
 		return
 	}

--- a/server/internal/logic/admin/dept.go
+++ b/server/internal/logic/admin/dept.go
@@ -20,6 +20,7 @@ import (
 	"hotgo/internal/service"
 	"hotgo/utility/convert"
 	"hotgo/utility/tree"
+	"hotgo/utility/validate"
 )

 type sAdminDept struct{}
@@ -333,3 +334,35 @@ func (s *sAdminDept) treeList(pid int64, nodes []*entity.AdminDept) (list []*adm
 	}
 	return
 }
+
+// VerifyDeptId 验证部门ID
+func (s *sAdminDept) VerifyDeptId(ctx context.Context, id int64) (err error) {
+	var (
+		pid int64 = 0
+		mb        = contexts.GetUser(ctx)
+		mod       = dao.AdminDept.Ctx(ctx).Fields(dao.AdminDept.Columns().Id)
+	)
+
+	if mb == nil {
+		err = gerror.New("用户信息获取失败！")
+		return
+	}
+
+	// 非超管只获取下级
+	if !service.AdminMember().VerifySuperId(ctx, mb.Id) {
+		pid = mb.DeptId
+		mod = mod.WhereLike(dao.AdminDept.Columns().Tree, "%"+tree.GetIdLabel(pid)+"%")
+	}
+
+	columns, err := mod.Array()
+	if err != nil {
+		return err
+	}
+
+	ids := g.NewVar(columns).Int64s()
+	if !validate.InSlice(ids, id) {
+		err = gerror.New("部门ID是无效的")
+		return
+	}
+	return
+}
--- a/server/internal/logic/admin/member.go
+++ b/server/internal/logic/admin/member.go
@@ -401,7 +401,7 @@ func (s *sAdminMember) VerifyUnique(ctx context.Context, in *adminin.VerifyUniqu
 	return
 }

-// Delete 删除
+// Delete 删除用户
 func (s *sAdminMember) Delete(ctx context.Context, in *adminin.MemberDeleteInp) (err error) {
 	if s.VerifySuperId(ctx, gconv.Int64(in.Id)) {
 		err = gerror.New("超管账号禁止删除！")
@@ -438,7 +438,7 @@ func (s *sAdminMember) Delete(ctx context.Context, in *adminin.MemberDeleteInp)
 	})
 }

-// Edit 修改/新增
+// Edit 修改/新增用户
 func (s *sAdminMember) Edit(ctx context.Context, in *adminin.MemberEditInp) (err error) {
 	opMemberId := contexts.GetUserId(ctx)
 	if opMemberId <= 0 {
@@ -464,6 +464,16 @@ func (s *sAdminMember) Edit(ctx context.Context, in *adminin.MemberEditInp) (err
 		return
 	}

+	// 验证角色ID
+	if err = service.AdminRole().VerifyRoleId(ctx, in.RoleId); err != nil {
+		return
+	}
+
+	// 验证部门ID
+	if err = service.AdminDept().VerifyDeptId(ctx, in.DeptId); err != nil {
+		return
+	}
+
 	config, err := service.SysConfig().GetLogin(ctx)
 	if err != nil {
 		return
@@ -564,7 +574,7 @@ func (s *sAdminMember) View(ctx context.Context, in *adminin.MemberViewInp) (res
 	return
 }

-// List 获取列表
+// List 获取用户列表
 func (s *sAdminMember) List(ctx context.Context, in *adminin.MemberListInp) (list []*adminin.MemberListModel, totalCount int, err error) {
 	mod := s.FilterAuthModel(ctx, contexts.GetUserId(ctx))
 	cols := dao.AdminMember.Columns()
--- a/server/internal/logic/admin/role.go
+++ b/server/internal/logic/admin/role.go
@@ -22,6 +22,7 @@ import (
 	"hotgo/internal/service"
 	"hotgo/utility/convert"
 	"hotgo/utility/tree"
+	"hotgo/utility/validate"
 	"sort"
 )

@@ -53,7 +54,7 @@ func (s *sAdminRole) Verify(ctx context.Context, path, method string) bool {

 	ok, err := casbin.Enforcer.Enforce(user.RoleKey, path, method)
 	if err != nil {
-		g.Log().Infof(ctx, "admin Verify Enforce  err:%+v", err)
+		g.Log().Infof(ctx, "admin Verify Enforce err:%+v", err)
 		return false
 	}
 	return ok
@@ -91,11 +92,7 @@ func (s *sAdminRole) List(ctx context.Context, in *adminin.RoleListInp) (res *ad

 // GetName 获取指定角色的名称
 func (s *sAdminRole) GetName(ctx context.Context, id int64) (name string, err error) {
-	r, err := dao.AdminRole.Ctx(ctx).
-		Fields("name").
-		WherePri(id).
-		Order("id desc").
-		Value()
+	r, err := dao.AdminRole.Ctx(ctx).Fields("name").WherePri(id).Order("id desc").Value()
 	if err != nil {
 		err = gerror.Wrap(err, consts.ErrorORM)
 		return
@@ -313,3 +310,35 @@ func (s *sAdminRole) treeList(pid int64, nodes []*entity.AdminRole) (list []*adm
 	}
 	return
 }
+
+// VerifyRoleId 验证角色ID
+func (s *sAdminRole) VerifyRoleId(ctx context.Context, id int64) (err error) {
+	var (
+		pid int64 = 0
+		mb        = contexts.GetUser(ctx)
+		mod       = dao.AdminRole.Ctx(ctx).Fields(dao.AdminRole.Columns().Id)
+	)
+
+	if mb == nil {
+		err = gerror.New("用户信息获取失败！")
+		return
+	}
+
+	// 非超管只获取下级
+	if !service.AdminMember().VerifySuperId(ctx, mb.Id) {
+		pid = mb.RoleId
+		mod = mod.WhereLike(dao.AdminRole.Columns().Tree, "%"+tree.GetIdLabel(pid)+"%")
+	}
+
+	columns, err := mod.Array()
+	if err != nil {
+		return err
+	}
+
+	ids := g.NewVar(columns).Int64s()
+	if !validate.InSlice(ids, id) {
+		err = gerror.New("角色ID是无效的")
+		return
+	}
+	return
+}