修复部权限更新sql错误，修复后台用户时增加角色部门验证

2025-01-23 10:50:24 +08:00 · 2023-07-27 18:13:20 +08:00 · 2023-07-27 18:13:20 +08:00 · e941e52d3e
commit e941e52d3e
parent 465e48d7bc
3 changed files with 13 additions and 7 deletions
--- a/server/internal/library/hgorm/handler/filter_auth.go
+++ b/server/internal/library/hgorm/handler/filter_auth.go
@ -63,17 +63,23 @@ func FilterAuthWithField(filterField string) func(m *gdb.Model) *gdb.Model {
 			g.Log().Panic(ctx, "failed to role information roleModel == nil")
 		}

-		sq := g.Model("admin_member").Fields("id")
+		getDeptIds := func(in interface{}) []gdb.Value {
+			ds, err := g.Model("admin_member").Fields("id").Where("dept_id", in).Array()
+			if err != nil {
+				g.Log().Panic(ctx, "failed to get member dept data")
+			}
+			return ds
+		}

 		switch role.DataScope {
 		case consts.RoleDataAll: // 全部权限
 			// ...
 		case consts.RoleDataNowDept: // 当前部门
-			m = m.WhereIn(filterField, sq.Where("dept_id", co.User.DeptId))
-		case consts.RoleDataDeptAndSub: // 当前部门及以下部门
-			m = m.WhereIn(filterField, sq.WhereIn("dept_id", GetDeptAndSub(co.User.DeptId)))
+			m = m.WhereIn(filterField, getDeptIds(co.User.DeptId))
+		case consts.RoleDataDeptAndSub: // 当前部门及以下部门ds
+			m = m.WhereIn(filterField, getDeptIds(GetDeptAndSub(co.User.DeptId)))
 		case consts.RoleDataDeptCustom: // 自定义部门
-			m = m.WhereIn(filterField, sq.WhereIn("dept_id", role.CustomDept.Var().Ints()))
+			m = m.WhereIn(filterField, getDeptIds(role.CustomDept.Var().Ints()))
 		case consts.RoleDataSelf: // 仅自己
 			m = m.Where(filterField, co.User.Id)
 		case consts.RoleDataSelfAndSub: // 自己和直属下级
--- a/server/internal/logic/admin/dept.go
+++ b/server/internal/logic/admin/dept.go
@ -351,7 +351,7 @@ func (s *sAdminDept) VerifyDeptId(ctx context.Context, id int64) (err error) {
 	// 非超管只获取下级
 	if !service.AdminMember().VerifySuperId(ctx, mb.Id) {
 		pid = mb.DeptId
-		mod = mod.WhereLike(dao.AdminDept.Columns().Tree, "%"+tree.GetIdLabel(pid)+"%")
+		mod = mod.WhereNot(dao.AdminDept.Columns().Id, pid).WhereLike(dao.AdminDept.Columns().Tree, "%"+tree.GetIdLabel(pid)+"%")
 	}

 	columns, err := mod.Array()
--- a/server/internal/logic/admin/role.go
+++ b/server/internal/logic/admin/role.go
@ -327,7 +327,7 @@ func (s *sAdminRole) VerifyRoleId(ctx context.Context, id int64) (err error) {
 	// 非超管只获取下级
 	if !service.AdminMember().VerifySuperId(ctx, mb.Id) {
 		pid = mb.RoleId
-		mod = mod.WhereLike(dao.AdminRole.Columns().Tree, "%"+tree.GetIdLabel(pid)+"%")
+		mod = mod.WhereNot(dao.AdminRole.Columns().Id, pid).WhereLike(dao.AdminRole.Columns().Tree, "%"+tree.GetIdLabel(pid)+"%")
 	}

 	columns, err := mod.Array()