Home Explore Help
Sign In
weiym
/
perms-system-server
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 0dde0450b0
Branches Tags
perms-system...
/
internal
/
logic
/
member
/
removeMemberLogic.go

removeMemberLogic.go 2.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 
  1. package member
    2. 

  2. 

  3. import (
    4. 

  4. 	"context"
    5. 

  5. 

  6. 	"perms-system-server/internal/consts"
    7. 

  7. 	"perms-system-server/internal/loaders"
    8. 

  8. 	authHelper "perms-system-server/internal/logic/auth"
    9. 

  9. 	"perms-system-server/internal/response"
    10. 

  10. 	"perms-system-server/internal/svc"
    11. 

  11. 	"perms-system-server/internal/types"
    12. 

  12. 

  13. 	"github.com/zeromicro/go-zero/core/logx"
    14. 

  14. 	"github.com/zeromicro/go-zero/core/stores/sqlx"
    15. 

  15. )
    16. 

  16. 

  17. type RemoveMemberLogic struct {
    18. 

  18. 	logx.Logger
    19. 

  19. 	ctx    context.Context
    20. 

  20. 	svcCtx *svc.ServiceContext
    21. 

  21. }
    22. 

  22. 

  23. func NewRemoveMemberLogic(ctx context.Context, svcCtx *svc.ServiceContext) *RemoveMemberLogic {
    24. 

  24. 	return &RemoveMemberLogic{
    25. 

  25. 		Logger: logx.WithContext(ctx),
    26. 

  26. 		ctx:    ctx,
    27. 

  27. 		svcCtx: svcCtx,
    28. 

  28. 	}
    29. 

  29. }
    30. 

  30. 

  31. // RemoveMember 移除产品成员。在事务内同时清理该用户在产品下的角色和个性化权限绑定后移除成员记录。不能移除产品的最后一个 ADMIN。
    32. 

  32. func (l *RemoveMemberLogic) RemoveMember(req *types.RemoveMemberReq) error {
    33. 

  33. 	member, err := l.svcCtx.SysProductMemberModel.FindOne(l.ctx, req.Id)
    34. 

  34. 	if err != nil {
    35. 

  35. 		return response.ErrNotFound("成员不存在")
    36. 

  36. 	}
    37. 

  37. 

  38. 	if err := authHelper.CheckManageAccess(l.ctx, l.svcCtx, member.UserId, member.ProductCode); err != nil {
    39. 

  39. 		return err
    40. 

  40. 	}
    41. 

  41. 

  42. 	if err := l.svcCtx.SysProductMemberModel.TransactCtx(l.ctx, func(ctx context.Context, session sqlx.Session) error {
    43. 

  43. 		locked, err := l.svcCtx.SysProductMemberModel.FindOneForUpdateTx(ctx, session, req.Id)
    44. 

  44. 		if err != nil {
    45. 

  45. 			return response.ErrNotFound("成员不存在")
    46. 

  46. 		}
    47. 

  47. 		if locked.MemberType == consts.MemberTypeAdmin && locked.Status == consts.StatusEnabled {
    48. 

  48. 			// 使用 CountOtherActiveAdminsTx 排除目标自己,返回 0 即目标为最后一个 active admin,
    49. 

  49. 			// 不再依赖"count<=1 包含自己"的反向推理(见审计 L-5)。
    50. 

  50. 			otherAdminCount, err := l.svcCtx.SysProductMemberModel.CountOtherActiveAdminsTx(ctx, session, member.ProductCode, locked.Id)
    51. 

  51. 			if err != nil {
    52. 

  52. 				return err
    53. 

  53. 			}
    54. 

  54. 			if otherAdminCount == 0 {
    55. 

  55. 				return response.ErrBadRequest("不能移除该产品的最后一个管理员")
    56. 

  56. 			}
    57. 

  57. 		}
    58. 

  58. 		if err := l.svcCtx.SysUserRoleModel.DeleteByUserIdForProductTx(ctx, session, member.UserId, member.ProductCode); err != nil {
    59. 

  59. 			return err
    60. 

  60. 		}
    61. 

  61. 		if err := l.svcCtx.SysUserPermModel.DeleteByUserIdForProductTx(ctx, session, member.UserId, member.ProductCode); err != nil {
    62. 

  62. 			return err
    63. 

  63. 		}
    64. 

  64. 		return l.svcCtx.SysProductMemberModel.DeleteWithTx(ctx, session, req.Id)
    65. 

  65. 	}); err != nil {
    66. 

  66. 		return err
    67. 

  67. 	}
    68. 

  68. 

  69. 	// 审计 L-R13-5 方案 A:移除成员后 UD 里仍有旧 MemberType / Roles / Perms,必须立刻失效;
    70. 

  70. 	// 断连也不能让"已移除"的会话继续活 5 分钟。
    71. 

  71. 	cleanCtx, cancel := loaders.DetachCacheCleanCtx(l.ctx)
    72. 

  72. 	defer cancel()
    73. 

  73. 	l.svcCtx.UserDetailsLoader.Del(cleanCtx, member.UserId, member.ProductCode)
    74. 

  74. 	return nil
    75. 

  75. }
    76.