| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130 |
- package role
- import (
- "context"
- "fmt"
- "time"
- "perms-system-server/internal/consts"
- authHelper "perms-system-server/internal/logic/auth"
- "perms-system-server/internal/model/roleperm"
- "perms-system-server/internal/response"
- "perms-system-server/internal/svc"
- "perms-system-server/internal/types"
- "github.com/zeromicro/go-zero/core/logx"
- "github.com/zeromicro/go-zero/core/stores/sqlx"
- )
- type BindRolePermsLogic struct {
- logx.Logger
- ctx context.Context
- svcCtx *svc.ServiceContext
- }
- func NewBindRolePermsLogic(ctx context.Context, svcCtx *svc.ServiceContext) *BindRolePermsLogic {
- return &BindRolePermsLogic{
- Logger: logx.WithContext(ctx),
- ctx: ctx,
- svcCtx: svcCtx,
- }
- }
- // BindRolePerms 绑定角色权限。对指定角色做权限全量覆盖(diff 后批量新增/删除),变更后自动清理该角色下所有用户的权限缓存。
- func (l *BindRolePermsLogic) BindRolePerms(req *types.BindPermsReq) error {
- role, err := l.svcCtx.SysRoleModel.FindOne(l.ctx, req.RoleId)
- if err != nil {
- return response.ErrNotFound("角色不存在")
- }
- if err := authHelper.RequireProductAdminFor(l.ctx, role.ProductCode); err != nil {
- return err
- }
- if len(req.PermIds) > 0 {
- seen := make(map[int64]bool, len(req.PermIds))
- uniqueIds := make([]int64, 0, len(req.PermIds))
- for _, id := range req.PermIds {
- if !seen[id] {
- seen[id] = true
- uniqueIds = append(uniqueIds, id)
- }
- }
- req.PermIds = uniqueIds
- }
- if len(req.PermIds) > 0 {
- perms, err := l.svcCtx.SysPermModel.FindByIds(l.ctx, req.PermIds)
- if err != nil {
- return err
- }
- if len(perms) != len(req.PermIds) {
- return response.ErrBadRequest("包含无效的权限ID")
- }
- for _, p := range perms {
- if p.ProductCode != role.ProductCode {
- return response.ErrBadRequest("不能绑定其他产品的权限")
- }
- if p.Status != consts.StatusEnabled {
- return response.ErrBadRequest(fmt.Sprintf("权限 %s 已被禁用,无法绑定", p.Code))
- }
- }
- }
- existingPermIds, err := l.svcCtx.SysRolePermModel.FindPermIdsByRoleId(l.ctx, req.RoleId)
- if err != nil {
- return err
- }
- existingSet := make(map[int64]bool, len(existingPermIds))
- for _, id := range existingPermIds {
- existingSet[id] = true
- }
- newSet := make(map[int64]bool, len(req.PermIds))
- for _, id := range req.PermIds {
- newSet[id] = true
- }
- var toAdd []int64
- for _, id := range req.PermIds {
- if !existingSet[id] {
- toAdd = append(toAdd, id)
- }
- }
- var toRemove []int64
- for _, id := range existingPermIds {
- if !newSet[id] {
- toRemove = append(toRemove, id)
- }
- }
- if len(toAdd) == 0 && len(toRemove) == 0 {
- return nil
- }
- if err := l.svcCtx.SysRolePermModel.TransactCtx(l.ctx, func(ctx context.Context, session sqlx.Session) error {
- if err := l.svcCtx.SysRolePermModel.DeleteByRoleIdAndPermIdsTx(ctx, session, req.RoleId, toRemove); err != nil {
- return err
- }
- if len(toAdd) > 0 {
- now := time.Now().Unix()
- data := make([]*roleperm.SysRolePerm, 0, len(toAdd))
- for _, permId := range toAdd {
- data = append(data, &roleperm.SysRolePerm{
- RoleId: req.RoleId,
- PermId: permId,
- CreateTime: now,
- UpdateTime: now,
- })
- }
- return l.svcCtx.SysRolePermModel.BatchInsertWithTx(ctx, session, data)
- }
- return nil
- }); err != nil {
- return err
- }
- affectedUserIds, _ := l.svcCtx.SysUserRoleModel.FindUserIdsByRoleId(l.ctx, req.RoleId)
- l.svcCtx.UserDetailsLoader.BatchDel(l.ctx, affectedUserIds, role.ProductCode)
- return nil
- }
|
