15521537859/WiiCITMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
WiiCITMS/process/hr/permission_control.go

138 lines
3.9 KiB
Go
Raw Normal View History

[初始化] 初始化仓库
2025-11-07 14:14:34 +08:00
package hr
import (
"WiiCITMS/models/hr"
"WiiCITMS/process/common"
"WiiGenerates/WiiCITMS/generates/v1/go/types"
"WiiGoLibrary/apply/middle/process/v1"
"errors"
)
// PermissionCheckResult 权限检查结果
type PermissionCheckResult struct {
HasPermission bool `json:"hasPermission"` // 是否有权限
ErrorMessage string `json:"errorMessage"` // 错误信息
ErrorCode int `json:"errorCode"` // 错误代码
}
// 使用common包中定义的常量
// CheckAccessControl 检查访问控制
// staffGuid: 进行操作的员工ID
// operation: 操作类型 (create, update, delete, view, approve)
// resource: 资源类型 (organization, position, staff, leave, workflow)
// resourceId: 资源ID可选
func CheckAccessControl(staffGuid string, operation string, resource string, resourceId string) *PermissionCheckResult {
// 结果默认为无权限
result := &PermissionCheckResult{
HasPermission: false,
ErrorMessage: "权限不足",
ErrorCode: common.NoPermissionErrorCode,
}
// 检查是否系统管理员,系统管理员拥有全部权限
isAdmin, proc := IsSystemAdmin(staffGuid)
if proc.IsError() {
result.ErrorMessage = "权限检查失败: " + proc.Error.Error()
return result
}
if isAdmin {
result.HasPermission = true
result.ErrorMessage = ""
result.ErrorCode = 0
return result
}
// 根据资源类型和操作类型确定所需权限ID
permissionID := getRequiredPermissionID(resource, operation)
if permissionID <= 0 {
result.ErrorMessage = "未定义的权限操作"
return result
}
// 检查岗位权限
params := CheckPermissionRequest{
StaffGuid: staffGuid,
PermissionID: permissionID,
}
// 如果提供了资源ID且资源是组织相关的则添加组织ID限定
if resourceId != "" && (resource == common.ResourceOrganization || resource == common.ResourceStaff) {
params.OrganizationGuid = resourceId
}
hasPermission, proc := CheckStaffPermission(params)
if proc.IsError() {
result.ErrorMessage = "权限检查失败: " + proc.Error.Error()
return result
}
if hasPermission {
result.HasPermission = true
result.ErrorMessage = ""
result.ErrorCode = 0
}
return result
}
// 根据资源类型和操作类型确定所需的权限ID
func getRequiredPermissionID(resource string, operation string) int {
switch resource {
case common.ResourceOrganization:
switch operation {
case common.OperationView:
return hr.PermOrganizationView
case common.OperationCreate:
return hr.PermOrganizationCreate
case common.OperationUpdate:
return hr.PermOrganizationUpdate
case common.OperationDelete:
return hr.PermOrganizationDelete
}
case common.ResourcePosition:
switch operation {
case common.OperationView:
return hr.PermPositionView
case common.OperationCreate:
return hr.PermPositionCreate
case common.OperationUpdate:
return hr.PermPositionUpdate
case common.OperationDelete:
return hr.PermPositionDelete
}
case common.ResourceStaff:
switch operation {
case common.OperationView:
return hr.PermStaffView
case common.OperationCreate:
return hr.PermStaffCreate
case common.OperationUpdate:
return hr.PermStaffUpdate
case common.OperationDelete:
return hr.PermStaffDelete
}
case common.ResourceLeave:
switch operation {
case common.OperationView:
return hr.PermLeaveView
case common.OperationApprove:
return hr.PermLeaveApprove
}
case common.ResourceWorkflow:
return hr.PermWorkflowAdmin
}
return 0
}
// RequirePermission 要求权限装饰器
// 用于包装处理函数,确保在执行前进行权限检查
func RequirePermission(staffGuid string, operation string, resource string, resourceId string) *process.Process {
result := CheckAccessControl(staffGuid, operation, resource, resourceId)
if !result.HasPermission {
return process.FailError(types.NoPermissionError, errors.New(result.ErrorMessage))
}
return nil
}
Reference in New Issue Copy Permalink