138 lines
3.9 KiB
Go
138 lines
3.9 KiB
Go
package hr
|
||
|
||
import (
|
||
"WiiCITMS/models/hr"
|
||
"WiiCITMS/process/common"
|
||
"WiiGenerates/WiiCITMS/generates/v1/go/types"
|
||
"WiiGoLibrary/apply/middle/process/v1"
|
||
"errors"
|
||
)
|
||
|
||
// PermissionCheckResult 权限检查结果
|
||
type PermissionCheckResult struct {
|
||
HasPermission bool `json:"hasPermission"` // 是否有权限
|
||
ErrorMessage string `json:"errorMessage"` // 错误信息
|
||
ErrorCode int `json:"errorCode"` // 错误代码
|
||
}
|
||
|
||
// 使用common包中定义的常量
|
||
|
||
// CheckAccessControl 检查访问控制
|
||
// staffGuid: 进行操作的员工ID
|
||
// operation: 操作类型 (create, update, delete, view, approve)
|
||
// resource: 资源类型 (organization, position, staff, leave, workflow)
|
||
// resourceId: 资源ID,可选
|
||
func CheckAccessControl(staffGuid string, operation string, resource string, resourceId string) *PermissionCheckResult {
|
||
// 结果默认为无权限
|
||
result := &PermissionCheckResult{
|
||
HasPermission: false,
|
||
ErrorMessage: "权限不足",
|
||
ErrorCode: common.NoPermissionErrorCode,
|
||
}
|
||
|
||
// 检查是否系统管理员,系统管理员拥有全部权限
|
||
isAdmin, proc := IsSystemAdmin(staffGuid)
|
||
if proc.IsError() {
|
||
result.ErrorMessage = "权限检查失败: " + proc.Error.Error()
|
||
return result
|
||
}
|
||
|
||
if isAdmin {
|
||
result.HasPermission = true
|
||
result.ErrorMessage = ""
|
||
result.ErrorCode = 0
|
||
return result
|
||
}
|
||
|
||
// 根据资源类型和操作类型确定所需权限ID
|
||
permissionID := getRequiredPermissionID(resource, operation)
|
||
if permissionID <= 0 {
|
||
result.ErrorMessage = "未定义的权限操作"
|
||
return result
|
||
}
|
||
|
||
// 检查岗位权限
|
||
params := CheckPermissionRequest{
|
||
StaffGuid: staffGuid,
|
||
PermissionID: permissionID,
|
||
}
|
||
|
||
// 如果提供了资源ID,且资源是组织相关的,则添加组织ID限定
|
||
if resourceId != "" && (resource == common.ResourceOrganization || resource == common.ResourceStaff) {
|
||
params.OrganizationGuid = resourceId
|
||
}
|
||
|
||
hasPermission, proc := CheckStaffPermission(params)
|
||
if proc.IsError() {
|
||
result.ErrorMessage = "权限检查失败: " + proc.Error.Error()
|
||
return result
|
||
}
|
||
|
||
if hasPermission {
|
||
result.HasPermission = true
|
||
result.ErrorMessage = ""
|
||
result.ErrorCode = 0
|
||
}
|
||
|
||
return result
|
||
}
|
||
|
||
// 根据资源类型和操作类型确定所需的权限ID
|
||
func getRequiredPermissionID(resource string, operation string) int {
|
||
switch resource {
|
||
case common.ResourceOrganization:
|
||
switch operation {
|
||
case common.OperationView:
|
||
return hr.PermOrganizationView
|
||
case common.OperationCreate:
|
||
return hr.PermOrganizationCreate
|
||
case common.OperationUpdate:
|
||
return hr.PermOrganizationUpdate
|
||
case common.OperationDelete:
|
||
return hr.PermOrganizationDelete
|
||
}
|
||
case common.ResourcePosition:
|
||
switch operation {
|
||
case common.OperationView:
|
||
return hr.PermPositionView
|
||
case common.OperationCreate:
|
||
return hr.PermPositionCreate
|
||
case common.OperationUpdate:
|
||
return hr.PermPositionUpdate
|
||
case common.OperationDelete:
|
||
return hr.PermPositionDelete
|
||
}
|
||
case common.ResourceStaff:
|
||
switch operation {
|
||
case common.OperationView:
|
||
return hr.PermStaffView
|
||
case common.OperationCreate:
|
||
return hr.PermStaffCreate
|
||
case common.OperationUpdate:
|
||
return hr.PermStaffUpdate
|
||
case common.OperationDelete:
|
||
return hr.PermStaffDelete
|
||
}
|
||
case common.ResourceLeave:
|
||
switch operation {
|
||
case common.OperationView:
|
||
return hr.PermLeaveView
|
||
case common.OperationApprove:
|
||
return hr.PermLeaveApprove
|
||
}
|
||
case common.ResourceWorkflow:
|
||
return hr.PermWorkflowAdmin
|
||
}
|
||
return 0
|
||
}
|
||
|
||
// RequirePermission 要求权限装饰器
|
||
// 用于包装处理函数,确保在执行前进行权限检查
|
||
func RequirePermission(staffGuid string, operation string, resource string, resourceId string) *process.Process {
|
||
result := CheckAccessControl(staffGuid, operation, resource, resourceId)
|
||
if !result.HasPermission {
|
||
return process.FailError(types.NoPermissionError, errors.New(result.ErrorMessage))
|
||
}
|
||
return nil
|
||
}
|