From e941e52d3ee6837b41dbe4e55a356336dc2ffe92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=AD=9F=E5=B8=85?= <133814250@qq.com> Date: Thu, 27 Jul 2023 18:13:20 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E9=83=A8=E6=9D=83=E9=99=90?= =?UTF-8?q?=E6=9B=B4=E6=96=B0sql=E9=94=99=E8=AF=AF=EF=BC=8C=E4=BF=AE?= =?UTF-8?q?=E5=A4=8D=E5=90=8E=E5=8F=B0=E7=94=A8=E6=88=B7=E6=97=B6=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0=E8=A7=92=E8=89=B2=E9=83=A8=E9=97=A8=E9=AA=8C=E8=AF=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../library/hgorm/handler/filter_auth.go | 16 +++++++++++----- server/internal/logic/admin/dept.go | 2 +- server/internal/logic/admin/role.go | 2 +- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/server/internal/library/hgorm/handler/filter_auth.go b/server/internal/library/hgorm/handler/filter_auth.go index 30a7fc7..ada533f 100644 --- a/server/internal/library/hgorm/handler/filter_auth.go +++ b/server/internal/library/hgorm/handler/filter_auth.go @@ -63,17 +63,23 @@ func FilterAuthWithField(filterField string) func(m *gdb.Model) *gdb.Model { g.Log().Panic(ctx, "failed to role information roleModel == nil") } - sq := g.Model("admin_member").Fields("id") + getDeptIds := func(in interface{}) []gdb.Value { + ds, err := g.Model("admin_member").Fields("id").Where("dept_id", in).Array() + if err != nil { + g.Log().Panic(ctx, "failed to get member dept data") + } + return ds + } switch role.DataScope { case consts.RoleDataAll: // 全部权限 // ... case consts.RoleDataNowDept: // 当前部门 - m = m.WhereIn(filterField, sq.Where("dept_id", co.User.DeptId)) - case consts.RoleDataDeptAndSub: // 当前部门及以下部门 - m = m.WhereIn(filterField, sq.WhereIn("dept_id", GetDeptAndSub(co.User.DeptId))) + m = m.WhereIn(filterField, getDeptIds(co.User.DeptId)) + case consts.RoleDataDeptAndSub: // 当前部门及以下部门ds + m = m.WhereIn(filterField, getDeptIds(GetDeptAndSub(co.User.DeptId))) case consts.RoleDataDeptCustom: // 自定义部门 - m = m.WhereIn(filterField, sq.WhereIn("dept_id", role.CustomDept.Var().Ints())) + m = m.WhereIn(filterField, getDeptIds(role.CustomDept.Var().Ints())) case consts.RoleDataSelf: // 仅自己 m = m.Where(filterField, co.User.Id) case consts.RoleDataSelfAndSub: // 自己和直属下级 diff --git a/server/internal/logic/admin/dept.go b/server/internal/logic/admin/dept.go index 15c3485..606b5f0 100644 --- a/server/internal/logic/admin/dept.go +++ b/server/internal/logic/admin/dept.go @@ -351,7 +351,7 @@ func (s *sAdminDept) VerifyDeptId(ctx context.Context, id int64) (err error) { // 非超管只获取下级 if !service.AdminMember().VerifySuperId(ctx, mb.Id) { pid = mb.DeptId - mod = mod.WhereLike(dao.AdminDept.Columns().Tree, "%"+tree.GetIdLabel(pid)+"%") + mod = mod.WhereNot(dao.AdminDept.Columns().Id, pid).WhereLike(dao.AdminDept.Columns().Tree, "%"+tree.GetIdLabel(pid)+"%") } columns, err := mod.Array() diff --git a/server/internal/logic/admin/role.go b/server/internal/logic/admin/role.go index 5537630..25fb82a 100644 --- a/server/internal/logic/admin/role.go +++ b/server/internal/logic/admin/role.go @@ -327,7 +327,7 @@ func (s *sAdminRole) VerifyRoleId(ctx context.Context, id int64) (err error) { // 非超管只获取下级 if !service.AdminMember().VerifySuperId(ctx, mb.Id) { pid = mb.RoleId - mod = mod.WhereLike(dao.AdminRole.Columns().Tree, "%"+tree.GetIdLabel(pid)+"%") + mod = mod.WhereNot(dao.AdminRole.Columns().Id, pid).WhereLike(dao.AdminRole.Columns().Tree, "%"+tree.GetIdLabel(pid)+"%") } columns, err := mod.Array()