添加数据权限判断

app/controller/admin/auth.go

@@ -683,6 +683,8 @@ func (c *Auth) RoleDataScope(r *ghttp.Request) {
 	if err != nil {
 		response.FailJson(true, r, err.Error())
 	}
+	//清缓存
+	cache_service.New().RemoveByTag(cache_service.AdminAuthTag)
 	response.SusJson(true, r, "数据权限设置成功", req)
 }
 

app/controller/admin/cms_news.go

@@ -26,7 +26,13 @@ func (c *CmsNews) List(r *ghttp.Request) {
 	if err := r.Parse(&req); err != nil {
 		response.FailJson(true, r, err.(*gvalid.Error).FirstString())
 	}
-	total, page, list, err := cms_service.NewsListByPage(req)
+	//获取登陆用户id
+	userInfo := user_service.GetLoginAdminInfo(r)
+	where, err := user_service.GetDataWhere(userInfo, new(cms_news.Entity))
+	if err != nil {
+		response.FailJson(true, r, err.Error())
+	}
+	total, page, list, err := cms_service.NewsListByPage(req, where)
 	if err != nil {
 		response.FailJson(true, r, err.Error())
 	}

app/model/admin/cms_news/cms_news.go

@@ -188,7 +188,7 @@ func EditNews(req *ReqEditParams, cateIds []int, tx *gdb.TX) (err error) {
 }
 
 //文章列表查询
-func ListByPage(req *ReqListSearchParams) (total, page int, list []*NewsList, err error) {
+func ListByPage(req *ReqListSearchParams, where ...g.Map) (total, page int, list []*NewsList, err error) {
 	model := g.DB().Table(Table + " news")
 	if req != nil {
 		if len(req.CateId) > 0 {
@@ -217,6 +217,9 @@ func ListByPage(req *ReqListSearchParams) (total, page int, list []*NewsList, er
 			model = model.Where("news.news_status", gconv.Int(req.NewsStatus))
 		}
 	}
+	if len(where) > 0 {
+		model = model.Where(where[0])
+	}
 	model = model.LeftJoin(user.Table+" user", "news.user_id=user.id")
 	total, err = model.Count()
 	if err != nil {

app/service/admin/cms_service/news.go

@@ -102,7 +102,7 @@ func getPubCateIds(cateIds []int) ([]int, error) {
 }
 
 //文章列表查询
-func NewsListByPage(req *cms_news.ReqListSearchParams) (total, page int, list []*cms_news.NewsList, err error) {
+func NewsListByPage(req *cms_news.ReqListSearchParams, where ...g.Map) (total, page int, list []*cms_news.NewsList, err error) {
 	var menuList []*cms_category.Entity
 	//获取所有栏目
 	menuList, err = GetMenuList()
@@ -124,7 +124,7 @@ func NewsListByPage(req *cms_news.ReqListSearchParams) (total, page int, list []
 			}
 		}
 	}
-	total, page, list, err = cms_news.ListByPage(req)
+	total, page, list, err = cms_news.ListByPage(req, where...)
 	if err != nil || len(list) == 0 {
 		return
 	}

app/service/admin/user_service/user.go

@@ -11,10 +11,13 @@ import (
 	"gfast/app/model/admin/user"
 	"gfast/app/model/admin/user_post"
 	"gfast/app/service/admin/auth_service"
+	"gfast/app/service/admin/dept_service"
 	"gfast/app/service/casbin_adapter_service"
 	"gfast/boot"
 	"gfast/library/service"
 	"gfast/library/utils"
+	"github.com/gogf/gf/container/garray"
+	"reflect"
 
 	"github.com/gogf/gf/errors/gerror"
 	"github.com/gogf/gf/frame/g"
@@ -314,3 +317,69 @@ func GetPermissions(roleIds []uint) ([]string, error) {
 	}
 	return userButtons, nil
 }
+
+//获取数据权限判断条件
+func GetDataWhere(userInfo *user.Entity, entity interface{}) (where g.Map, err error) {
+	t := reflect.TypeOf(entity)
+	for i := 0; i < t.Elem().NumField(); i++ {
+		if t.Elem().Field(i).Name == "UserId" {
+			//若存在用户id的字段，则生成判断数据权限的条件
+			//1、获取当前用户所属角色
+			allRoles := ([]*role.Entity)(nil)
+			allRoles, err = auth_service.GetRoleList()
+			if err != nil {
+				return nil, err
+			}
+			roles := ([]*role.Entity)(nil)
+			roles, err = GetAdminRole(userInfo.Id, allRoles)
+			if err != nil {
+				return nil, err
+			}
+			//2获取角色对应数据权限
+			deptIdArr := make([]interface{}, 0, 100)
+			for _, role := range roles {
+				switch role.DataScope {
+				case 1: //全部数据权限
+					return
+				case 2: //自定数据权限
+					var deptIds []int64
+					deptIds, err = dept_service.GetRoleDepts(gconv.Int64(role.Id))
+					if err != nil {
+						return
+					}
+
+					deptIdArr = append(deptIdArr, gconv.Interfaces(deptIds)...)
+				case 3: //本部门数据权限
+					deptIdArr = append(deptIdArr, gconv.Int64(userInfo.DeptId))
+				case 4: //本部门及以下数据权限
+					deptIdArr = append(deptIdArr, gconv.Int64(userInfo.DeptId))
+					//获取正常状态部门数据
+					depts := ([]*sys_dept.Dept)(nil)
+					depts, err = dept_service.GetList(&sys_dept.SearchParams{Status: "1"})
+					if err != nil {
+						return
+					}
+					var dList g.ListStrAny
+					for _, entity := range depts {
+						m := g.Map{
+							"id":    entity.DeptID,
+							"pid":   entity.ParentID,
+							"label": entity.DeptName,
+						}
+						dList = append(dList, m)
+					}
+					l := utils.FindSonByParentId(dList, gconv.Int(userInfo.DeptId), "pid", "id")
+					for _, li := range l {
+						deptIdArr = append(deptIdArr, gconv.Int64(li["id"]))
+					}
+				}
+			}
+			if len(deptIdArr) > 0 {
+				arr := garray.NewArrayFrom(deptIdArr)
+				arr = arr.Unique()
+				where = g.Map{"user.dept_id": arr.Slice()}
+			}
+		}
+	}
+	return
+}