Skip to content

Z
zhichan
Commit f0aad61d by Sxy
Options

feat: 权限 添加

parent 29115a66
Showing with 53 additions and 30 deletions
center-manage/app/base/controller/ctl.base.js
......@@ -8,40 +8,43 @@ class CtlBase {
this.cacheManager = system.getObject("db.common.cacheManager");
this.logClient = system.getObject("util.logClient");
}
getUUID () {
getUUID() {
var uuid = uuidv4();
var u = uuid.replace(/\-/g, "");
return u;
}
static getServiceName (ClassObj) {
static getServiceName(ClassObj) {
return ClassObj["name"].substring(0, ClassObj["name"].lastIndexOf("Ctl")).toLowerCase() + "Sve";
}
async update (pobj, qobj, req) {
async update(pobj, qobj, req) {
const up = await this.service.update(pobj);
return system.getResult(up);
}
async create (pobj, qobj, req) {
async create(pobj, qobj, req) {
const up = await this.service.create(pobj);
return system.getResult(up);
}
async delete (pobj, qobj, req) {
async delete(pobj, qobj, req) {
const up = await this.service.delete(pobj);
return system.getResult(up);
}
async findAndCountAll (pobj, qobj, req) {
async findAndCountAll(pobj, qobj, req) {
//设置查询条件
console.log(pobj)
const rs = await this.service.findAndCountAll(pobj);
return system.getResult(rs);
}
async refQuery (pobj, qobj, req) {
async findOne(obj) {
return this.service.findOne(obj);
}
async refQuery(pobj, qobj, req) {
//pobj.refwhere.app_id=pobj.app_id;//角色过滤按照公司过滤
pobj.refwhere.company_id = pobj.company_id;
let rtn = await this.service.refQuery(pobj);
return rtn
}
async setContextParams (pobj, qobj, req) {
async setContextParams(pobj, qobj, req) {
let custtags = req.headers["x-consumetag"] ? req.headers["x-consumetag"].split("|") : null;
let lastindex = custtags ? custtags.length - 1 : 0;
//当自由用户注册时,需要根据前端传来的companykey,查询出公司,给companyid赋值
......@@ -97,7 +100,7 @@ class CtlBase {
pobj.bizpath = req.xctx.bizpath;
}
async doexec (methodname, pobj, query, req) {
async doexec(methodname, pobj, query, req) {
try {
let xarg = await this.setContextParams(pobj, query, req);
if (xarg && xarg[0] < 0) {
......
center-manage/app/base/controller/impl/auth/userCtl.js
......@@ -8,23 +8,23 @@ class UserCtl extends CtlBase {
super("auth", CtlBase.getServiceName(UserCtl));
this.captchaSve = system.getObject("service.auth.captchaSve");
}
async logout (pobj, qobj, req) {
async logout(pobj, qobj, req) {
let rtn = await this.service.logout(pobj)
return system.getResult(rtn)
}
async pmgetUserByCode (pobj, qobj, req) {
async pmgetUserByCode(pobj, qobj, req) {
let code = pobj.code
let rtn = await this.service.pmgetUserByCode(code)
return system.getResult(rtn)
}
async loginApp (pobj, qobj, req) {
async loginApp(pobj, qobj, req) {
let appkey = pobj.fromAppKey
let uname = pobj.username
let rtn = await this.service.loginApp(appkey, uname)
return system.getResult(rtn);
}
async resetPassword (pobj, qobj, req) {
async resetPassword(pobj, qobj, req) {
try {
await this.service.resetPassword(req.xctx.username, pobj.onepassword)
return system.getResult({});
......@@ -32,18 +32,22 @@ class UserCtl extends CtlBase {
return system.getResult(null, err.message)
}
}
async allowOrNot (pobj, qobj, req) {
async allowOrNot(pobj, qobj, req) {
await this.service.updateByWhere({ isEnabled: !pobj.isEnabled }, { company_id: pobj.company_id })
return system.getResult({});
}
async allowOrNotToOne (pobj, qobj, req) {
async allowOrNotToOne(pobj, qobj, req) {
if (!pobj.isEnabled) {
await this.service.cacheManager["LoginTimesCache"].invalidate(pobj.userName)
}
const userData = await this.service.findOne({ id: pobj.curid, company_id: pobj.company_id });
if (!userData) {
throw new Error("没有权限")
}
await this.service.updateByWhere({ isEnabled: !pobj.isEnabled }, { id: pobj.curid })
return system.getResult({});
}
async initNewInstance (queryobj, req) {
async initNewInstance(queryobj, req) {
var rtn = {};
rtn.roles = [];
return system.getResultSuccess(rtn);
......@@ -54,11 +58,11 @@ class UserCtl extends CtlBase {
// let v = await this.smsS.sendVCode(mobile);
// return system.getResult({ vcodestr: v });
// }
async exit (pobj, qobj, req) {
async exit(pobj, qobj, req) {
}
//应用的自由用户注册,无需验证,需要前端头设置公司KEY
async pmregisterByFreeUser (p, q, req) {
async pmregisterByFreeUser(p, q, req) {
//检查是否有用户名和密码
if (!pobj.userName || !pobj.password) {
return system.getResult(null, "请检查用户名和密码是否存在")
......@@ -72,7 +76,7 @@ class UserCtl extends CtlBase {
return rtn;
}
async create (p, q, req) {
async create(p, q, req) {
//检查是否有用户名和密码
if (!p.userName) {
return system.getResult(null, "请检查用户名和密码是否存在")
......@@ -85,7 +89,7 @@ class UserCtl extends CtlBase {
//和租户绑定同一家公司
//按照用户名和密码进行注册
//控制器端检查用户名和密码非空
async registerByTantent (p, q, req) {
async registerByTantent(p, q, req) {
//检查是否有用户名和密码
if (!pobj.userName) {
return system.getResult(null, "请检查用户名和密码是否存在")
......@@ -94,7 +98,7 @@ class UserCtl extends CtlBase {
return rtn;
}
//租户用户名和密码的租户注册
async pmregister (pobj, qobj, req) {
async pmregister(pobj, qobj, req) {
//平台注册设置平台的应用ID
pobj.app_id = settings.pmappid;
//检查是否有用户名和密码
......@@ -104,9 +108,9 @@ class UserCtl extends CtlBase {
var rtn = await this.service.pmregister(pobj);
return system.getResult(rtn);
}
async pmlogin (pobj, qobj, req) {
async pmlogin(pobj, qobj, req) {
//平台注册设置平台的应用ID
let verifyres = await this.captchaSve.apiValidator({key:pobj.key,code:pobj.code});
let verifyres = await this.captchaSve.apiValidator({ key: pobj.key, code: pobj.code });
if (verifyres.status !== 0)
return verifyres;
let rtn = await this.service.pmlogin(pobj, qobj, req);
......@@ -128,22 +132,26 @@ class UserCtl extends CtlBase {
* @param {*} qobj
* @param {*} req
*/
async unlockUser (pobj, qobj, req) {
async unlockUser(pobj, qobj, req) {
try {
const userData = await this.service.findOne({ userName: pobj.userName, company_id: pobj.company_id });
if (!userData) {
throw new Error("没有权限")
}
await this.service.unlockUser(pobj.userName)
return system.getResult({});
} catch (err) {
return system.getResult(null, err.message)
}
}
async getUserInfo (pobj, qobj, req) {
async getUserInfo(pobj, qobj, req) {
let uname = req.xctx.username;
let rtn = await this.service.getUserInfo(uname);
return system.getResult(rtn);
}
//按照电话创建自由用户
async pmloginByVCodeForFreeUser (p, q, req) {
async pmloginByVCodeForFreeUser(p, q, req) {
if (!pobj.mobile || !pobj.vcode) {
return system.getResult(null, "请检查手机号和验证码是否存在")
}
......@@ -154,11 +162,11 @@ class UserCtl extends CtlBase {
let rtn = await this.service.pmloginByVCodeForFreeUser(p, q);
return rtn;
}
async pmloginByVCode (pobj, qobj, req) {
async pmloginByVCode(pobj, qobj, req) {
let rtn = await this.service.pmloginByVCode(pobj, qobj);
return system.getResult(rtn);
}
async pmSendVCode (pobj, qobj, req) {
async pmSendVCode(pobj, qobj, req) {
let rtn = await this.service.sendVCode(pobj, qobj);
return system.getResult(rtn);
}
......
center-manage/app/base/controller/impl/common/companyCtl.js
......@@ -11,6 +11,11 @@ class CompanyCtl extends CtlBase {
}
async update(p, q, req) {
if (p.company_id != 1) {
if (p.company_id != p.id) {
throw new Error("没有权限");
}
}
let u = await super.update(p, q, req)
//缓存失效
await this.cacheManager["CompanyCache"].invalidate(p.companykey)
......
center-manage/app/base/service/impl/auth/roleSve.js
......@@ -17,7 +17,7 @@ class RoleService extends ServiceBase {
}
})
if (!data) {
throw new Error("无权限修改")
throw new Error("无权限")
}
return await this.dao.update(qobj);
}
......@@ -30,7 +30,7 @@ class RoleService extends ServiceBase {
}
})
if (!data) {
throw new Error("无权限修改")
throw new Error("无权限")
}
return await this.dao.delete(qobj);
}
......
center-manage/app/base/service/impl/auth/userSve.js
......@@ -384,6 +384,13 @@ class UserService extends ServiceBase {
//修改
async update(qobj, tm = null) {
var self = this;
const userData = await self.dao.findOne({
id: qobj.id,
company_id: qobj.company_id
});
if (!userData) {
throw new Error("没有权限");
}
return this.db.transaction(async function (t) {
delete qobj['company_id']
let up = await self.dao.update(qobj, t);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment