78 lines
2.7 KiB
Go
78 lines
2.7 KiB
Go
|
package hr
|
|||
|
|
|
|||
|
|
import (
|
|||
|
|
"WiiCITMS/process/common"
|
|||
|
|
"WiiGenerates/WiiCITMS/generates/v1/go/types"
|
|||
|
|
"WiiGoLibrary/apply/middle/process/v1"
|
|||
|
|
"errors"
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
// CheckWorkflowApprovalPermission 检查是否有工作流审批权限
|
|||
|
|
// staffGuid: 员工GUID
|
|||
|
|
// instanceGuid: 工作流实例GUID
|
|||
|
|
func CheckWorkflowApprovalPermission(staffGuid string, instanceGuid string) *process.Process {
|
|||
|
|
// 首先检查是否有全局审批权限
|
|||
|
|
result := CheckAccessControl(staffGuid, common.OperationApprove, common.ResourceLeave, "")
|
|||
|
|
if result.HasPermission {
|
|||
|
|
return process.Success(200)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 如果没有全局权限,则调用通用的权限检查
|
|||
|
|
return common.WorkflowSvc.CheckPermission(staffGuid, common.OperationApprove, instanceGuid)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// CanViewWorkflowInstance 检查是否可以查看工作流实例
|
|||
|
|
// staffGuid: 员工GUID
|
|||
|
|
// instanceGuid: 工作流实例GUID
|
|||
|
|
func CanViewWorkflowInstance(staffGuid string, instanceGuid string) (bool, *process.Process) {
|
|||
|
|
// 首先检查是否有实例查看权限
|
|||
|
|
proc := common.WorkflowSvc.CheckPermission(staffGuid, common.OperationView, instanceGuid)
|
|||
|
|
|
|||
|
|
// 如果通过权限检查,说明有查看权限
|
|||
|
|
if !proc.IsError() {
|
|||
|
|
return true, process.Success(200)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 如果是权限错误以外的错误,直接返回错误
|
|||
|
|
if proc.Error != nil && proc.Error.Error() != "无权查看此工作流" {
|
|||
|
|
return false, proc
|
|||
|
|
}
|
|||
|
|
if proc.IsError() {
|
|||
|
|
return false, proc
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
|
|||
|
|
// 否则检查是否有全局查看权限
|
|||
|
|
result := CheckAccessControl(staffGuid, common.OperationView, common.ResourceWorkflow, "")
|
|||
|
|
return result.HasPermission, process.Success(200)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// CheckWorkflowPermission 综合检查工作流权限
|
|||
|
|
// staffGuid: 员工GUID
|
|||
|
|
// operation: 操作类型(view, approve, create, update, delete)
|
|||
|
|
// instanceGuid: 工作流实例GUID
|
|||
|
|
func CheckWorkflowPermission(staffGuid string, operation string, instanceGuid string) *process.Process {
|
|||
|
|
switch operation {
|
|||
|
|
case common.OperationView:
|
|||
|
|
canView, proc := CanViewWorkflowInstance(staffGuid, instanceGuid)
|
|||
|
|
if proc.IsError() {
|
|||
|
|
return proc
|
|||
|
|
}
|
|||
|
|
if !canView {
|
|||
|
|
return process.FailError(types.NoPermissionError, errors.New("无权查看此工作流"))
|
|||
|
|
}
|
|||
|
|
return process.Success(200)
|
|||
|
|
case common.OperationApprove:
|
|||
|
|
return CheckWorkflowApprovalPermission(staffGuid, instanceGuid)
|
|||
|
|
case common.OperationCreate, common.OperationUpdate, common.OperationDelete:
|
|||
|
|
// 检查是否有工作流管理权限
|
|||
|
|
result := CheckAccessControl(staffGuid, operation, common.ResourceWorkflow, "")
|
|||
|
|
if !result.HasPermission {
|
|||
|
|
return process.FailError(types.NoPermissionError, errors.New(result.ErrorMessage))
|
|||
|
|
}
|
|||
|
|
return process.Success(200)
|
|||
|
|
default:
|
|||
|
|
return process.FailError(types.InvalidParamError, errors.New("无效的操作类型"))
|
|||
|
|
}
|
|||
|
|
}
|