权限管理完成

2019-09-30 15:46:13 +08:00
parent d46f7e1f75
commit 509b6e18e1
15 changed files with 272 additions and 65 deletions
--- a/QMPlusServer/controller/api/api.go
+++ b/QMPlusServer/controller/api/api.go
@@ -57,7 +57,7 @@ func DeleteApi(c *gin.Context) {

 type AuthAndPathIn struct {
 	AuthorityId string        `json:"authorityId"`
-	Apis        []dbModel.Api     `json:"apis"`
+	ApiIds        []uint     `json:"apiIds"`
 }

 // @Tags Api
@@ -71,7 +71,7 @@ type AuthAndPathIn struct {
 func SetAuthAndApi(c *gin.Context) {
 	var authAndPathIn AuthAndPathIn
 	_ = c.BindJSON(&authAndPathIn)
-	err := new(dbModel.ApiAuthority).SetAuthAndApi(authAndPathIn.AuthorityId, authAndPathIn.Apis)
+	err := new(dbModel.ApiAuthority).SetAuthAndApi(authAndPathIn.AuthorityId, authAndPathIn.ApiIds)
 	if err != nil {
 		servers.ReportFormat(c, false, fmt.Sprintf("添加失败：%v", err), gin.H{})
 	} else {
@@ -136,7 +136,6 @@ func GetApiById(c *gin.Context) {
 // @Param data body api.CreateApiParams true "创建api"
 // @Success 200 {string} json "{"success":true,"data":{},"msg":"获取成功"}"
 // @Router /api/updataApi [post]
-
 func UpdataApi(c *gin.Context) {
 	 var api dbModel.Api
 	 _ = c.BindJSON(&api)
@@ -146,4 +145,22 @@ func GetApiById(c *gin.Context) {
 	 } else {
 		 servers.ReportFormat(c, true, "修改数据成功", gin.H{})
 	 }
- }
+ }
+
+// @Tags Api
+// @Summary 获取所有的Api 不分页
+// @Security ApiKeyAuth
+// @accept application/json
+// @Produce application/json
+// @Success 200 {string} json "{"success":true,"data":{},"msg":"获取成功"}"
+// @Router /api/getAllApis [post]
+func GetAllApis(c *gin.Context){
+	err,apis := new(dbModel.Api).GetAllApis()
+	if err != nil {
+		servers.ReportFormat(c, false, fmt.Sprintf("获取数据失败，%v", err), gin.H{})
+	} else {
+		servers.ReportFormat(c, true, "获取数据成功", gin.H{
+			"apis":     apis,
+		})
+	}
+}
--- a/QMPlusServer/controller/api/authority.go
+++ b/QMPlusServer/controller/api/authority.go
@@ -82,4 +82,30 @@ func GetAuthorityList(c *gin.Context){
 			"pageSize": pageInfo.PageSize,
 		})
 	}
+}
+
+
+type GetAuthorityId struct {
+	AuthorityId string `json:"authorityId"`
+}
+
+// @Tags authority
+// @Summary 获取本角色所有有权限的apiId
+// @Security ApiKeyAuth
+// @accept application/json
+// @Produce application/json
+// @Param data body api.GetAuthorityId true "获取本角色所有有权限的apiId"
+// @Success 200 {string} json "{"success":true,"data":{},"msg":"获取成功"}"
+// @Router /authority/getAuthAndApi [post]
+func GetAuthAndApi(c *gin.Context){
+	var idInfo GetAuthorityId
+	_ = c.BindJSON(&idInfo)
+	err,apis := new(dbModel.ApiAuthority).GetAuthAndApi(idInfo.AuthorityId)
+	if err != nil {
+		servers.ReportFormat(c, false, fmt.Sprintf("获取数据失败，%v", err), gin.H{})
+	} else {
+		servers.ReportFormat(c, true, "获取数据成功", gin.H{
+			"apis": apis,
+		})
+	}
 }
--- a/QMPlusServer/controller/api/menu.go
+++ b/QMPlusServer/controller/api/menu.go
@@ -138,7 +138,7 @@ type IdInfo struct {
 }

 // @Tags menu
-// @Summary 获取指定角色menu
+// @Summary 删除菜单
 // @Security ApiKeyAuth
 // @accept application/json
 // @Produce application/json
@@ -157,11 +157,11 @@ func DeleteBaseMenu(c *gin.Context) {
 }

 // @Tags menu
-// @Summary 新增菜单
+// @Summary 更新菜单
 // @Security ApiKeyAuth
 // @accept application/json
 // @Produce application/json
-// @Param data body dbModel.BaseMenu true "新增菜单"
+// @Param data body dbModel.BaseMenu true "更新菜单"
 // @Success 200 {string} json "{"success":true,"data":{},"msg":"获取成功"}"
 // @Router /menu/updataBaseMen [post]
 func UpdataBaseMenu(c *gin.Context) {
--- a/QMPlusServer/middleware/jwt.go
+++ b/QMPlusServer/middleware/jwt.go
@@ -2,13 +2,22 @@ package middleware

 import (
 	"errors"
+	"fmt"
 	"github.com/dgrijalva/jwt-go"
 	"github.com/gin-gonic/gin"
 	uuid "github.com/satori/go.uuid"
 	"main/controller/servers"
+	"main/init/qmsql"
 	"time"
 )

+type SqlRes struct {
+	Path string
+	AuthorityId string
+	ApiId  uint
+	Id    uint
+}
+
 func JWTAuth() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		// 我们这里jwt鉴权取头部信息 x-token 登录时回返回token信息 这里前端需要把token存储到cookie或者本地localSstorage中 不过需要跟后端协商过期时间 可以约定刷新令牌或者重新登录
@@ -31,6 +40,14 @@ func JWTAuth() gin.HandlerFunc {
 			c.Abort()
 			return
 		}
+		var sqlRes SqlRes
+		 row:=qmsql.DEFAULTDB.Raw("SELECT apis.path,api_authorities.authority_id,api_authorities.api_id,apis.id FROM apis INNER JOIN api_authorities ON api_authorities.api_id = apis.id 	WHERE apis.path = ? AND	api_authorities.authority_id = ?",c.Request.RequestURI,claims.AuthorityId)
+		err=row.Scan(&sqlRes).Error
+		if(fmt.Sprintf("%v",err) == "record not found"){
+			servers.ReportFormat(c, false, "没有Api操作权限", gin.H{})
+			c.Abort()
+			return
+		}
 		c.Set("claims", claims)
 	}
 }
--- a/QMPlusServer/model/dbModel/api.go
+++ b/QMPlusServer/model/dbModel/api.go
@@ -12,6 +12,7 @@ type Api struct {
 	gorm.Model
 	Path        string `json:"path"`
 	Description string `json:"description"`
+	Group       string `json:"group"`
 }

 func (a *Api) CreateApi() (err error) {
@@ -38,6 +39,12 @@ func (a *Api) GetApiById(id float64)(err error,api Api){
 	err = qmsql.DEFAULTDB.Where("id = ?",id).First(&api).Error
 	return
 }
+// 获取所有api信息
+func (a *Api)GetAllApis()(err error,apis []Api){
+	err = qmsql.DEFAULTDB.Find(&apis).Error
+	return
+}
+

 // 分页获取数据  需要分页实现这个接口即可
 func (a *Api) GetInfoList(info modelInterface.PageInfo) (err error, list interface{}, total int) {
@@ -47,7 +54,7 @@ func (a *Api) GetInfoList(info modelInterface.PageInfo) (err error, list interfa
 		return
 	} else {
 		var apiList []Api
-		err = db.Find(&apiList).Error
+		err = db.Order("group").Find(&apiList).Error
 		return err, apiList, total
 	}
 }
--- a/QMPlusServer/model/dbModel/api_authority.go
+++ b/QMPlusServer/model/dbModel/api_authority.go
@@ -14,13 +14,23 @@ type ApiAuthority struct {
 }

 //创建角色api关联关系
-func (a *ApiAuthority) SetAuthAndApi(authId string, apis []Api) (err error) {
-	err = qmsql.DEFAULTDB.Where("authority_id = ?", authId).Delete(&ApiAuthority{}).Error
-	for _, v := range apis {
-		err = qmsql.DEFAULTDB.Create(&ApiAuthority{AuthorityId: authId, ApiId: v.ID}).Error
+func (a *ApiAuthority) SetAuthAndApi(authId string, apisid []uint) (err error) {
+	err = qmsql.DEFAULTDB.Where("authority_id = ?", authId).Unscoped().Delete(&ApiAuthority{}).Error
+	for _, v := range apisid {
+		err = qmsql.DEFAULTDB.Create(&ApiAuthority{AuthorityId: authId, ApiId: v}).Error
 		if err != nil {
 			return err
 		}
 	}
 	return nil
 }
+
+// 获取角色api关联关系
+func (a *ApiAuthority) GetAuthAndApi(authId string) (err error,apiIds []uint) {
+	var apis []ApiAuthority
+	err = qmsql.DEFAULTDB.Where("authority_id = ?", authId).Find(&apis).Error
+	for _, v := range apis {
+		apiIds = append(apiIds,v.ApiId)
+	}
+	return nil,apiIds
+}
--- a/QMPlusServer/router/api.go
+++ b/QMPlusServer/router/api.go
@@ -11,9 +11,11 @@ func InitApiRouter(Router *gin.Engine) {
 	{
 		ApiRouter.POST("createApi", api.CreateApi)  //创建Api
 		ApiRouter.POST("deleteApi", api.DeleteApi)  //删除Api
-		ApiRouter.POST("setAuthAndPath",api.SetAuthAndApi) // 设置api和角色关系
+		ApiRouter.POST("setAuthAndApi",api.SetAuthAndApi) // 设置api和角色关系
 		ApiRouter.POST("getApiList",api.GetApiList)  //获取Api列表
 		ApiRouter.POST("getApiById",api.GetApiById)  //获取单条Api消息
 		ApiRouter.POST("updataApi",api.UpdataApi)   //更新api
+		ApiRouter.POST("getAllApis",api.GetAllApis) // 获取所有api
+		ApiRouter.POST("getAuthAndApi",api.GetAuthAndApi) // 获取api和auth关系
 	}
 }
--- a/QMPlusServer/router/authority.go
+++ b/QMPlusServer/router/authority.go
@@ -9,8 +9,8 @@ import (
 func InitAuthorityRouter(Router *gin.Engine) {
 	AuthorityRouter := Router.Group("authority").Use(middleware.JWTAuth())
 	{
-		AuthorityRouter.POST("createAuthority", api.CreateAuthority)
-		AuthorityRouter.POST("deleteAuthority", api.DeleteAuthority)
-		AuthorityRouter.POST("getAuthorityList",api.GetAuthorityList)
+		AuthorityRouter.POST("createAuthority", api.CreateAuthority) //创建角色
+		AuthorityRouter.POST("deleteAuthority", api.DeleteAuthority) //删除角色
+		AuthorityRouter.POST("getAuthorityList",api.GetAuthorityList) //获取角色列表
 	}
 }
--- a/QMPlusServer/router/menu.go
+++ b/QMPlusServer/router/menu.go
@@ -9,14 +9,14 @@ import (
 func InitMenuRouter(Router *gin.Engine) {
 	MenuRouter := Router.Group("menu").Use(middleware.JWTAuth())
 	{
-		MenuRouter.POST("getMenu", api.GetMenu)
-		MenuRouter.POST("getMenuList", api.GetMenuList)
-		MenuRouter.POST("addBaseMenu", api.AddBaseMenu)
-		MenuRouter.POST("getBaseMenuTree", api.GetBaseMenuTree)
-		MenuRouter.POST("addMenuAuthority", api.AddMenuAuthority)
-		MenuRouter.POST("getMenuAuthority", api.GetMenuAuthority)
-		MenuRouter.POST("deleteBaseMenu", api.DeleteBaseMenu)
-		MenuRouter.POST("updataBaseMenu", api.UpdataBaseMenu)
-		MenuRouter.POST("getBaseMenuById", api.GetBaseMenuById)
+		MenuRouter.POST("getMenu", api.GetMenu) //获取菜单树
+		MenuRouter.POST("getMenuList", api.GetMenuList) // 分页获取基础menu列表
+		MenuRouter.POST("addBaseMenu", api.AddBaseMenu) // 新增菜单
+		MenuRouter.POST("getBaseMenuTree", api.GetBaseMenuTree) // 获取用户动态路由
+		MenuRouter.POST("addMenuAuthority", api.AddMenuAuthority) //	增加menu和角色关联关系
+		MenuRouter.POST("getMenuAuthority", api.GetMenuAuthority) // 获取指定角色menu
+		MenuRouter.POST("deleteBaseMenu", api.DeleteBaseMenu) // 删除菜单
+		MenuRouter.POST("updataBaseMenu", api.UpdataBaseMenu) // 更新菜单
+		MenuRouter.POST("getBaseMenuById", api.GetBaseMenuById) //根据id获取菜单
 	}
 }
--- a/QMPlusServer/router/user.go
+++ b/QMPlusServer/router/user.go
@@ -9,8 +9,8 @@ import (
 func InitUserRouter(Router *gin.Engine) {
 	UserRouter := Router.Group("user").Use(middleware.JWTAuth())
 	{
-		UserRouter.POST("changePassword", api.ChangePassword)
-		UserRouter.POST("uploadHeaderImg", api.UploadHeaderImg)
-		UserRouter.POST("getInfoList", api.GetInfoList)
+		UserRouter.POST("changePassword", api.ChangePassword) // 修改密码
+		UserRouter.POST("uploadHeaderImg", api.UploadHeaderImg) //上传头像
+		UserRouter.POST("getInfoList", api.GetInfoList) // 分页获取用户列表
 	}
 }