统一验证管理员

2023-07-03 08:45:44 +08:00 · 2023-07-03 08:45:44 +08:00 · b569249a6e
commit b569249a6e
parent a22dd7c38c
8 changed files with 172 additions and 110 deletions
--- a/api/controller/api.go
+++ b/api/controller/api.go
@ -106,9 +106,22 @@ func (r *AdminApi) AddApi(c *gin.Context) {
 		return
 	}

+	// 获取角色身份
+	roleService := service.RoleService{}
+	isAdmin, err := roleService.GetRoleIden(c)
+	if err != nil {
+		responses.FailWithMessage(err.Error(), c)
+		return
+	}
+
+	if !isAdmin {
+		responses.FailWithMessage("非管理员，无法操作", c)
+		return
+	}
+
 	// 业务处理
 	ApiService := service.ApiService{}
-	_, err := ApiService.AddApi(c, apiRequest.AddApi)
+	_, err = ApiService.AddApi(c, apiRequest.AddApi)
 	if err != nil {
 		responses.FailWithMessage(err.Error(), c)
 		return
@ -159,9 +172,22 @@ func (r *AdminApi) DeleteApi(c *gin.Context) {
 		return
 	}

+	// 获取角色身份
+	roleService := service.RoleService{}
+	isAdmin, err := roleService.GetRoleIden(c)
+	if err != nil {
+		responses.FailWithMessage(err.Error(), c)
+		return
+	}
+
+	if !isAdmin {
+		responses.FailWithMessage("非管理员，无法操作", c)
+		return
+	}
+
 	// 业务处理
 	apiService := service.ApiService{}
-	_, err := apiService.DeleteApi(c, apiRequest.DeleteApi)
+	_, err = apiService.DeleteApi(c, apiRequest.DeleteApi)
 	if err != nil {
 		responses.FailWithMessage(err.Error(), c)
 		return
@ -196,6 +222,19 @@ func (r *AdminApi) PutApi(c *gin.Context) {
 		return
 	}

+	// 获取角色身份
+	roleService := service.RoleService{}
+	isAdmin, err := roleService.GetRoleIden(c)
+	if err != nil {
+		responses.FailWithMessage(err.Error(), c)
+		return
+	}
+
+	if !isAdmin {
+		responses.FailWithMessage("非管理员，无法操作", c)
+		return
+	}
+
 	// 业务处理
 	apiService := service.ApiService{}
 	_, err = apiService.PutApi(c, ApiId, apiRequest.PutApi)
--- a/api/controller/menu.go
+++ b/api/controller/menu.go
@ -71,9 +71,22 @@ func (r *Menu) AddMenu(c *gin.Context) {
 		return
 	}

+	// 获取角色身份
+	roleService := service.RoleService{}
+	isAdmin, err := roleService.GetRoleIden(c)
+	if err != nil {
+		responses.FailWithMessage(err.Error(), c)
+		return
+	}
+
+	if !isAdmin {
+		responses.FailWithMessage("非管理员，无法操作", c)
+		return
+	}
+
 	// 业务处理
 	MenuService := service.MenuService{}
-	_, err := MenuService.AddMenu(MenuRequest.AddMenu)
+	_, err = MenuService.AddMenu(MenuRequest.AddMenu)
 	if err != nil {
 		responses.FailWithMessage(err.Error(), c)
 		return
@ -136,6 +149,19 @@ func (r *Menu) PutMenu(c *gin.Context) {
 		return
 	}

+	// 获取角色身份
+	roleService := service.RoleService{}
+	isAdmin, err := roleService.GetRoleIden(c)
+	if err != nil {
+		responses.FailWithMessage(err.Error(), c)
+		return
+	}
+
+	if !isAdmin {
+		responses.FailWithMessage("非管理员，无法操作", c)
+		return
+	}
+
 	// 业务处理
 	menuService := service.MenuService{}
 	_, err = menuService.PutMenu(menuId, MenuRequest.PutMenu)
@ -162,9 +188,22 @@ func (r *Menu) DeleteMenu(c *gin.Context) {
 		return
 	}

+	// 获取角色身份
+	roleService := service.RoleService{}
+	isAdmin, err := roleService.GetRoleIden(c)
+	if err != nil {
+		responses.FailWithMessage(err.Error(), c)
+		return
+	}
+
+	if !isAdmin {
+		responses.FailWithMessage("非管理员，无法操作", c)
+		return
+	}
+
 	// 业务处理
 	MenuService := service.MenuService{}
-	_, err := MenuService.DeleteMenu(c, MenuRequest.DeleteMenu)
+	_, err = MenuService.DeleteMenu(c, MenuRequest.DeleteMenu)
 	if err != nil {
 		responses.FailWithMessage(err.Error(), c)
 		return
--- a/api/controller/role.go
+++ b/api/controller/role.go
@ -138,6 +138,19 @@ func (r *Role) PutRoleStatus(c *gin.Context) {
 		return
 	}

+	// 获取角色身份
+	roleService := service.RoleService{}
+	isAdmin, err := roleService.GetRoleIden(c)
+	if err != nil {
+		responses.FailWithMessage(err.Error(), c)
+		return
+	}
+
+	if !isAdmin {
+		responses.FailWithMessage("非管理员，无法修改", c)
+		return
+	}
+
 	RoleService := service.RoleService{}
 	_, err = RoleService.PutRoleStatus(roleId, RoleRequest.PutRoleStatus.RoleStatus)
 	if err != nil {
@ -168,9 +181,22 @@ func (r *Role) AddRole(c *gin.Context) {
 		return
 	}

+	// 获取角色身份
+	roleService := service.RoleService{}
+	isAdmin, err := roleService.GetRoleIden(c)
+	if err != nil {
+		responses.FailWithMessage(err.Error(), c)
+		return
+	}
+
+	if !isAdmin {
+		responses.FailWithMessage("非管理员，无法操作", c)
+		return
+	}
+
 	// 业务处理
 	RoleService := service.RoleService{}
-	_, err := RoleService.AddRole(c, RoleRequest.AddRole)
+	_, err = RoleService.AddRole(c, RoleRequest.AddRole)
 	if err != nil {
 		responses.FailWithMessage(err.Error(), c)
 		return
@ -259,6 +285,19 @@ func (r *Role) PutRole(c *gin.Context) {
 		return
 	}

+	// 获取角色身份
+	roleService := service.RoleService{}
+	isAdmin, err := roleService.GetRoleIden(c)
+	if err != nil {
+		responses.FailWithMessage(err.Error(), c)
+		return
+	}
+
+	if !isAdmin {
+		responses.FailWithMessage("非管理员，无法操作", c)
+		return
+	}
+
 	// 业务处理
 	RoleService := service.RoleService{}
 	_, err = RoleService.PutRole(c, roleId, RoleRequest.PutRole)
--- a/api/controller/user.go
+++ b/api/controller/user.go
@ -71,9 +71,22 @@ func (r *User) AddUser(c *gin.Context) {
 		return
 	}

+	// 获取角色身份
+	roleService := service.RoleService{}
+	isAdmin, err := roleService.GetRoleIden(c)
+	if err != nil {
+		responses.FailWithMessage(err.Error(), c)
+		return
+	}
+
+	if !isAdmin {
+		responses.FailWithMessage("非管理员，无法操作", c)
+		return
+	}
+
 	// 业务处理
 	UserService := service.UserService{}
-	_, err := UserService.AddUser(c, UserRequest.AddUser)
+	_, err = UserService.AddUser(c, UserRequest.AddUser)
 	if err != nil {
 		responses.FailWithMessage(err.Error(), c)
 		return
@ -124,9 +137,22 @@ func (r *User) DeleteUser(c *gin.Context) {
 		return
 	}

+	// 获取角色身份
+	roleService := service.RoleService{}
+	isAdmin, err := roleService.GetRoleIden(c)
+	if err != nil {
+		responses.FailWithMessage(err.Error(), c)
+		return
+	}
+
+	if !isAdmin {
+		responses.FailWithMessage("非管理员，无法操作", c)
+		return
+	}
+
 	// 业务处理
 	userService := service.UserService{}
-	_, err := userService.DeleteUser(c, userRequest.DeleteUser)
+	_, err = userService.DeleteUser(c, userRequest.DeleteUser)
 	if err != nil {
 		responses.FailWithMessage(err.Error(), c)
 		return
@ -161,6 +187,19 @@ func (r *User) PutUser(c *gin.Context) {
 		return
 	}

+	// 获取角色身份
+	roleService := service.RoleService{}
+	isAdmin, err := roleService.GetRoleIden(c)
+	if err != nil {
+		responses.FailWithMessage(err.Error(), c)
+		return
+	}
+
+	if !isAdmin {
+		responses.FailWithMessage("非管理员，无法操作", c)
+		return
+	}
+
 	// 业务处理
 	userService := service.UserService{}
 	_, err = userService.PutUser(c, userId, UserRequest.PutUser)
--- a/api/service/api.go
+++ b/api/service/api.go
@ -21,17 +21,6 @@ func (a *ApiService) AddApi(c *gin.Context, addApiRequest requests.AddApi) (bool
 		return false, errors.New("新增失败")
 	}

-	// 获取当前登陆接口角色数据
-	adminRoleDao := dao.AdminRoleDao{}
-	adminRole, err := adminRoleDao.GetAdminRoleFirstById(loginRoleId)
-	if err != nil || adminRole == nil {
-		return false, errors.New("非法操作")
-	}
-
-	if adminRole.IsAdmin == 0 {
-		return false, errors.New("您当前为普通用户，无法添加接口")
-	}
-
 	adminApiDao := dao.AdminApiDao{}

 	// 检测接口名称+请求方式
@ -88,16 +77,6 @@ func (r *ApiService) DeleteApi(c *gin.Context, deleteApiRequest requests.DeleteA
 		return false, errors.New("数据错误")
 	}

-	AdminRoleDao := dao.AdminRoleDao{}
-	adminRole, err := AdminRoleDao.GetAdminRoleFirstById(roleId)
-	if err != nil || adminRole == nil {
-		return false, errors.New("非法操作")
-	}
-
-	if adminRole.IsAdmin == 0 {
-		return false, errors.New("暂无权限，请联系管理员删除")
-	}
-
 	// 开始事务
 	tx := global.Db.Begin()
 	defer func() {
@ -150,17 +129,6 @@ func (r *ApiService) PutApi(c *gin.Context, requestApiId int64, putApiRequest re
 		return false, errors.New("数据错误")
 	}

-	// 获取当前登陆接口角色数据
-	adminRoleDao := dao.AdminRoleDao{}
-	adminRole, err := adminRoleDao.GetAdminRoleFirstById(loginRoleId)
-	if err != nil || adminRole == nil {
-		return false, errors.New("非法操作")
-	}
-
-	if adminRole.IsAdmin == 0 {
-		return false, errors.New("您当前为普通用户，无法修改接口")
-	}
-
 	// 开始事务
 	tx := global.Db.Begin()
 	defer func() {
--- a/api/service/menu.go
+++ b/api/service/menu.go
@ -243,18 +243,8 @@ func (r *MenuService) DeleteMenu(c *gin.Context, DeleteMenuRequest requests.Dele
 		return false, errors.New("数据错误")
 	}

-	AdminMenuDao := dao.AdminMenuDao{}
-	AdminMenuApiDao := dao.AdminMenuApiDao{}
-
-	AdminRoleDao := dao.AdminRoleDao{}
-	adminRole, err := AdminRoleDao.GetAdminRoleFirstById(roleId)
-	if err != nil || adminRole == nil {
-		return false, errors.New("非法操作")
-	}
-
-	if adminRole.IsAdmin == 0 {
-		return false, errors.New("暂无权限，请联系管理员删除")
-	}
+	adminMenuDao := dao.AdminMenuDao{}
+	adminMenuApiDao := dao.AdminMenuApiDao{}

 	// 开始事务
 	tx := global.Db.Begin()
@ -273,7 +263,7 @@ func (r *MenuService) DeleteMenu(c *gin.Context, DeleteMenuRequest requests.Dele
 		}

 		// 获取菜单数据
-		adminMenu, _ := AdminMenuDao.GetAdminMenuById(v)
+		adminMenu, _ := adminMenuDao.GetAdminMenuById(v)
 		if adminMenu == nil {
 			tx.Rollback()
 			return false, errors.New("删除失败")
@ -286,14 +276,14 @@ func (r *MenuService) DeleteMenu(c *gin.Context, DeleteMenuRequest requests.Dele
 		}

 		// 删除菜单关联api
-		err = AdminMenuApiDao.DeleteAdminMenuApiByMenuId(tx, v)
+		err = adminMenuApiDao.DeleteAdminMenuApiByMenuId(tx, v)
 		if err != nil {
 			tx.Rollback()
 			return false, errors.New("删除失败")
 		}

 		// 删除菜单
-		err = AdminMenuDao.DeleteAdminMenuByMenuId(tx, v)
+		err = adminMenuDao.DeleteAdminMenuByMenuId(tx, v)
 		if err != nil {
 			tx.Rollback()
 			return false, errors.New("删除失败")
--- a/api/service/role.go
+++ b/api/service/role.go
@ -104,18 +104,9 @@ func buildMenuTree(menuIds []int64, menuData []*model.AdminMenu) []*roleResponse
 func (r *RoleService) PutRoleStatus(roleId int64, roleStatus int) (bool, error) {
 	// 获取请求角色数据
 	AdminRoleDao := dao.AdminRoleDao{}
-	adminRole, err := AdminRoleDao.GetAdminRoleFirstById(roleId)
-	if err != nil || adminRole == nil {
-		return false, errors.New("非法操作")
-	}
-
-	// 检测是否为超级管理员
-	if adminRole.IsAdmin == 1 {
-		return false, errors.New("请勿修改超级管理员数据")
-	}

 	// 修改角色状态
-	err = AdminRoleDao.EditAdminRoleStatusById(roleId, roleStatus)
+	err := AdminRoleDao.EditAdminRoleStatusById(roleId, roleStatus)
 	if err != nil {
 		return false, errors.New(err.Error())
 	}
@ -150,14 +141,6 @@ func (r *RoleService) AddRole(c *gin.Context, AddRoleRequest requests.AddRole) (

 	// 获取当前登陆用户角色数据
 	AdminRoleDao := dao.AdminRoleDao{}
-	adminRole, err := AdminRoleDao.GetAdminRoleFirstById(roleId)
-	if err != nil || adminRole == nil {
-		return false, errors.New("非法操作")
-	}
-
-	if AddRoleRequest.IsAdmin == 1 && adminRole.IsAdmin == 0 {
-		return false, errors.New("您当前为普通用户，无法添加管理员角色")
-	}

 	AdminMenuDao := dao.AdminMenuDao{}

@ -189,7 +172,7 @@ func (r *RoleService) AddRole(c *gin.Context, AddRoleRequest requests.AddRole) (
 		IsAdmin:  AddRoleRequest.IsAdmin,
 	}

-	adminRole, _ = AdminRoleDao.AddAdminRole(tx, AdminRoleModel)
+	adminRole, _ := AdminRoleDao.AddAdminRole(tx, AdminRoleModel)
 	if adminRole == nil {
 		tx.Rollback()
 		return false, errors.New("新增失败")
@ -231,15 +214,6 @@ func (r *RoleService) PutRole(c *gin.Context, requestRoleId int64, PutRoleReques
 	}

 	AdminRoleDao := dao.AdminRoleDao{}
-	adminRole, err := AdminRoleDao.GetAdminRoleFirstById(roleId)
-	if err != nil || adminRole == nil {
-		return false, errors.New("非法操作")
-	}
-
-	if PutRoleRequest.IsAdmin == 1 && adminRole.IsAdmin == 0 {
-		return false, errors.New("您当前为普通用户，无法设置管理员")
-	}
-
 	AdminMenuDao := dao.AdminMenuDao{}

 	// 判断菜单id
@ -268,7 +242,7 @@ func (r *RoleService) PutRole(c *gin.Context, requestRoleId int64, PutRoleReques
 	data := make(map[string]interface{})
 	data["role_name"] = PutRoleRequest.RoleName
 	data["is_admin"] = PutRoleRequest.IsAdmin
-	err = AdminRoleDao.EditAdminRoleById(tx, requestRoleId, data)
+	err := AdminRoleDao.EditAdminRoleById(tx, requestRoleId, data)
 	if err != nil {
 		tx.Rollback()
 		return false, errors.New("修改失败")
--- a/api/service/user.go
+++ b/api/service/user.go
@ -31,14 +31,6 @@ func (r *UserService) AddUser(c *gin.Context, AddUserRequest requests.AddUser) (

 	// 获取当前登陆用户角色数据
 	adminRoleDao := dao.AdminRoleDao{}
-	adminRole, err := adminRoleDao.GetAdminRoleFirstById(loginRoleId)
-	if err != nil || adminRole == nil {
-		return false, errors.New("非法操作")
-	}
-
-	if adminRole.IsAdmin == 0 {
-		return false, errors.New("您当前为普通用户，无法添加用户")
-	}

 	adminUserDao := dao.AdminUserDao{}
 	AdminDeptDao := dao.AdminDeptDao{}
@ -62,7 +54,7 @@ func (r *UserService) AddUser(c *gin.Context, AddUserRequest requests.AddUser) (
 		return false, errors.New("角色错误")
 	}

-	adminRole, err = adminRoleDao.GetAdminRoleFirstById(roleID)
+	adminRole, err := adminRoleDao.GetAdminRoleFirstById(roleID)
 	if err != nil || adminRole == nil {
 		return false, errors.New("角色错误")
 	}
@ -153,16 +145,6 @@ func (r *UserService) DeleteUser(c *gin.Context, DeleteUserRequest requests.Dele
 		return false, errors.New("数据错误")
 	}

-	AdminRoleDao := dao.AdminRoleDao{}
-	adminRole, err := AdminRoleDao.GetAdminRoleFirstById(roleId)
-	if err != nil || adminRole == nil {
-		return false, errors.New("非法操作")
-	}
-
-	if adminRole.IsAdmin == 0 {
-		return false, errors.New("暂无权限，请联系管理员删除")
-	}
-
 	// 开始事务
 	tx := global.Db.Begin()
 	defer func() {
@ -239,14 +221,6 @@ func (r *UserService) PutUser(c *gin.Context, requestUserId int64, putUserReques
 	}

 	adminRoleDao := dao.AdminRoleDao{}
-	adminRole, err := adminRoleDao.GetAdminRoleFirstById(loginRoleId)
-	if err != nil || adminRole == nil {
-		return false, errors.New("非法操作")
-	}
-
-	if adminRole.IsAdmin == 0 && loginUserId != requestUserId {
-		return false, errors.New("普通用户只可修改自己的用户数据")
-	}

 	if putUserRequest.Access != adminUser.Access {
 		// 检测账号名