feats

log/common.log

@@ -0,0 +1,22 @@
+2018/08/19 11:00:44 [E] 用户登录失败: 账户不存在
+2018/08/19 11:02:08 [E] 用户登录失败: 账户不存在
+2018/08/19 11:02:30 [E] 用户登录失败: 账户不存在
+2018/08/19 11:04:13 [E] 用户登录失败: 账户不存在
+2018/08/19 11:04:23 [E] 用户登录失败: 账户不存在
+2018/08/19 11:04:53 [E] 用户登录失败: 账户不存在
+2018/08/19 12:40:59 [E] 用户登录失败: 账户不存在
+2018/08/19 12:41:32 [E] 用户登录失败: 账户不存在
+2018/08/19 12:53:00 [E] 用户登录失败: 账户不存在
+2018/08/19 12:53:39 [E] 用户登录失败: 账户不存在
+2018/08/19 12:53:59 [E] 用户登录失败: 账户不存在
+2018/08/19 12:56:51 [E] 用户登录失败: 账户不存在
+2018/08/19 12:57:10 [E] 用户登录失败: 账户不存在
+2018/08/19 12:58:27 [E] 用户登录失败: 账户不存在
+2018/08/19 13:00:08 [E] 用户登录失败: 账户不存在
+2018/08/19 13:33:36 [E] 用户登录失败: 账户不存在
+2018/08/19 13:51:39 [E] 用户登录失败: 账户不存在
+2018/08/19 13:51:48 [E] 用户登录失败: 账户不存在
+2018/08/19 13:52:14 [E] 用户登录失败: 用户密码不正确
+2018/08/19 13:52:14 [E] 用户登录失败: 账户不存在
+2018/08/19 13:52:20 [E] 用户登录失败: 账户不存在
+2018/08/19 13:52:27 [E] 用户登录失败: 账户不存在

models/cases/cases.go

@@ -1,7 +1,7 @@
 package cases
 
 import (
-	"jcjy/demo/models"
+	"spaceofcheng/services/models"
 	"spaceofcheng/services/models/model"
 	"spaceofcheng/services/utils"
 	"strconv"

models/sys.go

@@ -139,3 +139,18 @@ func (m *SysDAO) UpdateUserMapping(user *model.TaUserMapping) error {
 		Update(&user)
 	return err
 }
+
+// GetCaseByContext 获取案场
+func GetCaseByContext(ctx *utils.Context) (string, error) {
+	csRaw := ctx.Get("currentCase")
+	if csRaw == nil {
+		return "", errors.New("当前人员无案场权限")
+	}
+
+	cs := csRaw.(model.SysUserCase)
+	if cs.CaseId == "" || cs.Status == STATUS_DEL {
+		return "", errors.New("当前人员无案场权限")
+	}
+
+	return cs.CaseId, nil
+}

routers/common.go

@@ -91,22 +91,22 @@ func getCommonRoutes() beego.LinkNamespace {
 		beego.NSRouter("/case", &cases.CaseController{}, "put:SaveCase"),
 		beego.NSRouter("/case/:id", &cases.CaseController{}, "delete:DelCase"),
 
-		beego.NSRouter("/key", &cases.CaseController{}, "get:GetKeyList"),
-		beego.NSRouter("/key", &cases.CaseController{}, "post:AddKeys"),
-		beego.NSRouter("/unlock/:keyid", &cases.CaseController{}, "put:UnLockKey"),
-		beego.NSRouter("/key/:id", &cases.CaseController{}, "delete:DelKey"),
-
-		beego.NSRouter("/area", &cases.CaseController{}, "get:GetCaseArea"),
-		beego.NSRouter("/area/:areaid", &cases.CaseController{}, "get:GetCaseAreaByID"),
-		beego.NSRouter("/area", &cases.CaseController{}, "post:SaveCaseArea"),
-		beego.NSRouter("/area", &cases.CaseController{}, "put:SaveCaseArea"),
-		beego.NSRouter("/area/:areaid", &cases.CaseController{}, "delete:DelCaseArea"),
-
-		beego.NSRouter("/table", &cases.CaseController{}, "get:GetCaseTable"),
-		beego.NSRouter("/table/:tableid", &cases.CaseController{}, "get:GetCaseTableByID"),
-		beego.NSRouter("/table", &cases.CaseController{}, "post:SaveCaseTable"),
-		beego.NSRouter("/table", &cases.CaseController{}, "put:SaveCaseTable"),
-		beego.NSRouter("/table/:tableid", &cases.CaseController{}, "delete:DelCaseTable"),
+		beego.NSRouter("/casekey", &cases.CaseController{}, "get:GetKeyList"),
+		beego.NSRouter("/casekey", &cases.CaseController{}, "post:AddKeys"),
+		beego.NSRouter("/caseunlock/:keyid", &cases.CaseController{}, "put:UnLockKey"),
+		beego.NSRouter("/casekey/:id", &cases.CaseController{}, "delete:DelKey"),
+
+		beego.NSRouter("/casearea", &cases.CaseController{}, "get:GetCaseArea"),
+		beego.NSRouter("/casearea/:areaid", &cases.CaseController{}, "get:GetCaseAreaByID"),
+		beego.NSRouter("/casearea", &cases.CaseController{}, "post:SaveCaseArea"),
+		beego.NSRouter("/casearea", &cases.CaseController{}, "put:SaveCaseArea"),
+		beego.NSRouter("/casearea/:areaid", &cases.CaseController{}, "delete:DelCaseArea"),
+
+		beego.NSRouter("/casetable", &cases.CaseController{}, "get:GetCaseTable"),
+		beego.NSRouter("/casetable/:tableid", &cases.CaseController{}, "get:GetCaseTableByID"),
+		beego.NSRouter("/casetable", &cases.CaseController{}, "post:SaveCaseTable"),
+		beego.NSRouter("/casetable", &cases.CaseController{}, "put:SaveCaseTable"),
+		beego.NSRouter("/casetable/:tableid", &cases.CaseController{}, "delete:DelCaseTable"),
 
 		beego.NSRouter("/role", &system.RoleController{}, "get:GetRoleList"),
 		beego.NSRouter("/role/:roleid", &system.RoleController{}, "get:GetRoleByID"),
@@ -121,6 +121,6 @@ func getCommonRoutes() beego.LinkNamespace {
 		beego.NSRouter("/customer", &customer.CustomerController{}, "get:CustWXList"),
 
 		// 系统相关
-		beego.NSRouter("/system/env", &user.UserController{}, "get:GetEnvVars"),
+		beego.NSRouter("/system/init", &user.UserController{}, "get:GetEnvVars"),
 	)
 }

routers/guest.go

@@ -20,7 +20,7 @@ func getGuestRoutes() beego.LinkNamespace {
 		beego.NSRouter("/cms/news", &message.MessageController{}, "get:GetNewsByLocation"),
 
 		// 案场
-		beego.NSRouter("/case/area", &cases.CaseController{}, "get:GetAreaByCase"),
+		beego.NSRouter("/casearea", &cases.CaseController{}, "get:GetAreaByCase"),
 
 		// 验证码 获取, 校验
 		beego.NSRouter("/captcha", &controllers.BaseController{}, "get:SendCaptcha"),

routers/wechat.go

@@ -36,11 +36,11 @@ func getWechatRoutes() beego.LinkNamespace {
 		beego.NSRouter("/signout", &user.UserController{}, "post:SignOut"),
 
 		// cms 位置
-		beego.NSRouter("/cms/location", &message.MessageController{}, "get:GetLocations"),
-		beego.NSRouter("/cms/location/:locationid", &message.MessageController{}, "get:GetLocationById"),
-		beego.NSRouter("/cms/location", &message.MessageController{}, "post:SaveLocation"),
-		beego.NSRouter("/cms/location/:locationid", &message.MessageController{}, "put:SaveLocation"),
-		beego.NSRouter("/cms/location/:locationid", &message.MessageController{}, "delete:DelLocation"),
+		beego.NSRouter("/cms/area", &message.MessageController{}, "get:GetLocations"),
+		beego.NSRouter("/cms/area/:locationid", &message.MessageController{}, "get:GetLocationById"),
+		beego.NSRouter("/cms/area", &message.MessageController{}, "post:SaveLocation"),
+		beego.NSRouter("/cms/area/:locationid", &message.MessageController{}, "put:SaveLocation"),
+		beego.NSRouter("/cms/area/:locationid", &message.MessageController{}, "delete:DelLocation"),
 
 		// cms
 		beego.NSRouter("/cms/info", &message.MessageController{}, "get:GetCmsInfoList"),

utils/permission.go

@@ -0,0 +1,116 @@
+package utils
+
+import (
+	"errors"
+
+	"github.com/go-xorm/xorm"
+)
+
+// 系统内置数据种类
+const (
+	DATATYPE_USER   = "user"
+	DATATYPE_CASE   = "case"
+	DATATYPE_COURSE = "course"
+	DATATYPE_COUPON = "coupon"
+	DATATYPE_CARD   = "card"
+)
+
+// DataAuthEngine 鉴权数据
+type DataAuthEngine struct {
+	db *xorm.Engine
+}
+
+// NewDataAuthEngine 新建实例
+func NewDataAuthEngine(db *xorm.Engine) *DataAuthEngine {
+	return &DataAuthEngine{
+		db: db,
+	}
+}
+
+// HasUserPermission 是否有人员权限
+func (t *DataAuthEngine) HasUserPermission(userID, borrower string, caseID ...string) error {
+	// 1、先判断组织是否相同
+	userOrg, err := t.getOrgOfData(userID, DATATYPE_USER)
+	if err != nil {
+		LogError("查询用户(" + userID + ") 所属组织失败: " + err.Error())
+		return errors.New("查询用户相关信息失败")
+	}
+
+	borwOrg, err := t.getOrgOfData(borrower, DATATYPE_USER)
+	if err != nil {
+		LogError("查询用户(" + borrower + ") 所属组织失败: " + err.Error())
+		return errors.New("查询用户相关信息失败")
+	}
+
+	if userOrg != borwOrg {
+		return errors.New("人员不存在或无权浏览")
+	}
+
+	// 2、再判断是否案场相同
+	sameCases, err := t.getSameCase(userID, borrower)
+	if err != nil {
+		return errors.New("用户没有相同案场授权")
+	}
+
+	// 3、是否指定了案场
+	if len(caseID) > 0 {
+		if StrSliceIndexOf(sameCases, caseID[0]) < 0 {
+			return errors.New("用户没有当前案场权限")
+		}
+	}
+
+	return nil
+}
+
+func (t *DataAuthEngine) getOrgOfData(dataID, dataType string) (string, error) {
+	org := make(map[string]interface{})
+
+	switch dataType {
+	// 用户
+	case DATATYPE_USER:
+		if _, err := t.db.SQL("select org_id from sys_user where user_id = ?", dataID).Get(&org); err != nil {
+			return "", err
+		}
+
+		orgID := org["org_id"].(string)
+		return orgID, nil
+
+		// 案场
+	case DATATYPE_CASE:
+		if _, err := t.db.SQL("select org_id from sys_case where case_id = ?", dataID).Get(&org); err != nil {
+			return "", err
+		}
+
+		orgID := org["org_id"].(string)
+		return orgID, nil
+	default:
+		return "", nil
+	}
+}
+
+func (t *DataAuthEngine) getSameCase(user1, user2 string) ([]string, error) {
+	sql := `
+		SELECT t.case_id
+		FROM
+			sys_user_case t
+		JOIN sys_user_case s ON t.user_id = ?
+		AND s.user_id = ?
+		AND t.case_id = s.case_id	
+	`
+	res, err := t.db.Query(sql, user1, user2)
+	if err != nil {
+		LogError("查询用户相同案场失败: " + err.Error())
+		return nil, err
+	}
+
+	if res == nil || len(res) == 0 {
+		return nil, errors.New("用户没有相同案场授权")
+	}
+
+	csIDs := make([]string, 0)
+	for _, cs := range res {
+		csIDs = append(csIDs, string(cs["case_id"]))
+	}
+
+	return csIDs, nil
+}

utils/utils.go

@@ -33,3 +33,18 @@ func GetClientType(r *http.Request) string {
 
 	return ClientAdmin
 }
+
+// StrSliceIndexOf slice indexof
+func StrSliceIndexOf(s []string, t string) int64 {
+	if s == nil || len(s) == 0 {
+		return -1
+	}
+
+	for k, v := range s {
+		if v == t {
+			return int64(k)
+		}
+	}
+
+	return -1
+}