227 lines
7.7 KiB
Go
227 lines
7.7 KiB
Go
|
package hr
|
|||
|
|
|
|||
|
|
import (
|
|||
|
|
"WiiCITMS/models/hr"
|
|||
|
|
"WiiGenerates/WiiCITMS/generates/v1/go/types"
|
|||
|
|
"WiiGoLibrary/apply/middle/process/v1"
|
|||
|
|
"WiiGoLibrary/framework/db/v1/utils/mssql/unique"
|
|||
|
|
"WiiGoLibrary/framework/hub/v1/dblib"
|
|||
|
|
"errors"
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
// PositionPermissionRequest 岗位权限分配请求
|
|||
|
|
type PositionPermissionRequest struct {
|
|||
|
|
PositionGuid string `json:"positionGuid"` // 岗位GUID
|
|||
|
|
PermissionGuid string `json:"permissionGuid"` // 权限GUID
|
|||
|
|
GrantType int `json:"grantType"` // 授权类型:0-直接授权,1-继承授权
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// CheckPermissionRequest 权限检查请求
|
|||
|
|
type CheckPermissionRequest struct {
|
|||
|
|
StaffGuid string `json:"staffGuid"` // 员工GUID
|
|||
|
|
PermissionID int `json:"permissionId"` // 权限ID
|
|||
|
|
OrganizationGuid string `json:"organizationGuid"` // 相关组织GUID(可选)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// AssignPermissionToPosition 为岗位分配权限
|
|||
|
|
func AssignPermissionToPosition(params PositionPermissionRequest) (*hr.PositionPermissionModel, *process.Process) {
|
|||
|
|
// 验证岗位是否存在
|
|||
|
|
positionGuid, err := unique.FromString(params.PositionGuid)
|
|||
|
|
if err != nil {
|
|||
|
|
return nil, process.FailError(types.InvalidParamError, err)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
position := &hr.PositionModel{}
|
|||
|
|
r := dblib.DBIns.DB.Where("RecordGuid = ? AND (RecordStatus & 524288) = 0", positionGuid).First(position)
|
|||
|
|
if r.Error != nil {
|
|||
|
|
return nil, process.FailError(types.PositionNotFoundError, r.Error)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 验证权限是否存在
|
|||
|
|
permissionGuid, err := unique.FromString(params.PermissionGuid)
|
|||
|
|
if err != nil {
|
|||
|
|
return nil, process.FailError(types.InvalidParamError, err)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
permission := &hr.PermissionModel{}
|
|||
|
|
r = dblib.DBIns.DB.Where("RecordGuid = ? AND (RecordStatus & 524288) = 0", permissionGuid).First(permission)
|
|||
|
|
if r.Error != nil {
|
|||
|
|
return nil, process.FailError(types.PermissionNotFoundError, r.Error)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 检查是否已存在相同的岗位权限关系
|
|||
|
|
var count int64
|
|||
|
|
r = dblib.DBIns.DB.Model(&hr.PositionPermissionModel{}).
|
|||
|
|
Where("PositionGuid = ? AND PermissionGuid = ? AND (RecordStatus & 524288) = 0",
|
|||
|
|
positionGuid, permissionGuid).Count(&count)
|
|||
|
|
if r.Error != nil {
|
|||
|
|
return nil, process.FailError(types.QueryPermissionError, r.Error)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
if count > 0 {
|
|||
|
|
return nil, process.FailError(types.DuplicatePermissionError, errors.New("该岗位已拥有此权限"))
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 创建岗位权限关系
|
|||
|
|
relation := hr.PositionPermissionInstance()
|
|||
|
|
relation.PositionGuid = positionGuid
|
|||
|
|
relation.PermissionGuid = permissionGuid
|
|||
|
|
relation.PositionID = position.PositionID
|
|||
|
|
relation.PermissionID = permission.PermissionID
|
|||
|
|
relation.GrantType = int16(params.GrantType)
|
|||
|
|
|
|||
|
|
// 保存到数据库
|
|||
|
|
r = dblib.DBIns.DB.Create(relation)
|
|||
|
|
if r.Error != nil {
|
|||
|
|
return nil, process.FailError(types.CreatePermissionError, r.Error)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
return relation, process.Success(200)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// RemovePermissionFromPosition 从岗位中移除权限
|
|||
|
|
func RemovePermissionFromPosition(relationGuid string) *process.Process {
|
|||
|
|
// 验证关系ID
|
|||
|
|
guid, err := unique.FromString(relationGuid)
|
|||
|
|
if err != nil {
|
|||
|
|
return process.FailError(types.InvalidParamError, err)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 查询岗位权限关系
|
|||
|
|
relation := &hr.PositionPermissionModel{}
|
|||
|
|
r := dblib.DBIns.DB.Where("RecordGuid = ? AND (RecordStatus & 524288) = 0", guid).First(relation)
|
|||
|
|
if r.Error != nil {
|
|||
|
|
return process.FailError(types.PositionPermNotFoundError, r.Error)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 使用原生SQL执行删除操作(设置删除标记)
|
|||
|
|
sql := "UPDATE " + hr.PositionPermissionTable + " SET RecordStatus = RecordStatus | 524288 WHERE RecordGuid = ?"
|
|||
|
|
r = dblib.DBIns.DB.Exec(sql, guid)
|
|||
|
|
if r.Error != nil {
|
|||
|
|
return process.FailError(types.DeletePermissionError, r.Error)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
return process.Success(200)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// QueryPositionPermissions 查询岗位的权限列表
|
|||
|
|
func QueryPositionPermissions(positionGuid string) ([]*hr.PermissionModel, *process.Process) {
|
|||
|
|
// 验证岗位ID
|
|||
|
|
guid, err := unique.FromString(positionGuid)
|
|||
|
|
if err != nil {
|
|||
|
|
return nil, process.FailError(types.InvalidParamError, err)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 查询岗位是否存在
|
|||
|
|
position := &hr.PositionModel{}
|
|||
|
|
r := dblib.DBIns.DB.Where("RecordGuid = ? AND (RecordStatus & 524288) = 0", guid).First(position)
|
|||
|
|
if r.Error != nil {
|
|||
|
|
return nil, process.FailError(types.PositionNotFoundError, r.Error)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 查询岗位权限
|
|||
|
|
result := make([]*hr.PermissionModel, 0)
|
|||
|
|
r = dblib.DBIns.DB.Table(hr.PermissionTable+" p").
|
|||
|
|
Select("p.*").
|
|||
|
|
Joins("JOIN "+hr.PositionPermissionTable+" pp ON p.RecordGuid = pp.PermissionGuid").
|
|||
|
|
Where("pp.PositionGuid = ? AND (p.RecordStatus & 524288) = 0 AND (pp.RecordStatus & 524288) = 0", guid).
|
|||
|
|
Find(&result)
|
|||
|
|
|
|||
|
|
if r.Error != nil {
|
|||
|
|
return nil, process.FailError(types.QueryPermissionError, r.Error)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
return result, process.Success(200)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// HasPermission 检查岗位是否拥有特定权限
|
|||
|
|
func HasPermission(positionGuid string, permissionID int) (bool, *process.Process) {
|
|||
|
|
// 验证岗位ID
|
|||
|
|
guid, err := unique.FromString(positionGuid)
|
|||
|
|
if err != nil {
|
|||
|
|
return false, process.FailError(types.InvalidParamError, err)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 查询岗位是否拥有指定权限
|
|||
|
|
var count int64
|
|||
|
|
r := dblib.DBIns.DB.Model(&hr.PositionPermissionModel{}).
|
|||
|
|
Where("PositionGuid = ? AND PermissionID = ? AND (RecordStatus & 524288) = 0", guid, permissionID).
|
|||
|
|
Count(&count)
|
|||
|
|
|
|||
|
|
if r.Error != nil {
|
|||
|
|
return false, process.FailError(types.QueryPermissionError, r.Error)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 如果找到记录,则表示有权限
|
|||
|
|
return count > 0, process.Success(200)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// CheckStaffPermission 检查员工是否拥有特定权限
|
|||
|
|
// 该方法会检查员工在指定组织下的岗位是否拥有相关权限
|
|||
|
|
func CheckStaffPermission(params CheckPermissionRequest) (bool, *process.Process) {
|
|||
|
|
// 验证员工ID
|
|||
|
|
staffGuid, err := unique.FromString(params.StaffGuid)
|
|||
|
|
if err != nil {
|
|||
|
|
return false, process.FailError(types.InvalidParamError, err)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 构建查询条件
|
|||
|
|
query := dblib.DBIns.DB.Table(hr.PositionPermissionTable+" pp").
|
|||
|
|
Joins("JOIN "+hr.Staff2OrganizationTable+" so ON pp.PositionGuid = so.PositionGuid").
|
|||
|
|
Where("so.ObjectGuid = ? AND pp.PermissionID = ? AND (pp.RecordStatus & 524288) = 0 AND (so.RecordStatus & 524288) = 0", staffGuid, params.PermissionID)
|
|||
|
|
|
|||
|
|
// 如果指定了组织,则限定在该组织范围内
|
|||
|
|
if params.OrganizationGuid != "" {
|
|||
|
|
orgGuid, err := unique.FromString(params.OrganizationGuid)
|
|||
|
|
if err != nil {
|
|||
|
|
return false, process.FailError(types.InvalidParamError, err)
|
|||
|
|
}
|
|||
|
|
query = query.Where("so.TargetGuid = ?", orgGuid)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 执行查询
|
|||
|
|
var count int64
|
|||
|
|
r := query.Count(&count)
|
|||
|
|
if r.Error != nil {
|
|||
|
|
return false, process.FailError(types.QueryPermissionError, r.Error)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 如果找到记录,则表示有权限
|
|||
|
|
return count > 0, process.Success(200)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// GetPermissionsByStaff 获取员工的所有权限
|
|||
|
|
func GetPermissionsByStaff(staffGuid string) ([]*hr.PermissionModel, *process.Process) {
|
|||
|
|
// 验证员工ID
|
|||
|
|
guid, err := unique.FromString(staffGuid)
|
|||
|
|
if err != nil {
|
|||
|
|
return nil, process.FailError(types.InvalidParamError, err)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 查询员工的所有权限
|
|||
|
|
result := make([]*hr.PermissionModel, 0)
|
|||
|
|
r := dblib.DBIns.DB.Table(hr.PermissionTable+" p").
|
|||
|
|
Select("DISTINCT p.*").
|
|||
|
|
Joins("JOIN "+hr.PositionPermissionTable+" pp ON p.RecordGuid = pp.PermissionGuid").
|
|||
|
|
Joins("JOIN "+hr.Staff2OrganizationTable+" so ON pp.PositionGuid = so.PositionGuid").
|
|||
|
|
Where("so.ObjectGuid = ? AND (p.RecordStatus & 524288) = 0 AND (pp.RecordStatus & 524288) = 0 AND (so.RecordStatus & 524288) = 0", guid).
|
|||
|
|
Find(&result)
|
|||
|
|
|
|||
|
|
if r.Error != nil {
|
|||
|
|
return nil, process.FailError(types.QueryPermissionError, r.Error)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
return result, process.Success(200)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// IsSystemAdmin 检查员工是否是系统管理员
|
|||
|
|
func IsSystemAdmin(staffGuid string) (bool, *process.Process) {
|
|||
|
|
// 系统管理员权限特殊处理
|
|||
|
|
params := CheckPermissionRequest{
|
|||
|
|
StaffGuid: staffGuid,
|
|||
|
|
PermissionID: hr.PermSystemAdmin,
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
return CheckStaffPermission(params)
|
|||
|
|
}
|