feat: 权限 添加

center-manage/app/base/controller/ctl.base.js

@@ -8,40 +8,43 @@ class CtlBase {
     this.cacheManager = system.getObject("db.common.cacheManager");
     this.cacheManager = system.getObject("db.common.cacheManager");
     this.logClient = system.getObject("util.logClient");
     this.logClient = system.getObject("util.logClient");
   }
   }
-  getUUID () {
+  getUUID() {
     var uuid = uuidv4();
     var uuid = uuidv4();
     var u = uuid.replace(/\-/g, "");
     var u = uuid.replace(/\-/g, "");
     return u;
     return u;
   }
   }
-  static getServiceName (ClassObj) {
+  static getServiceName(ClassObj) {
 
 
     return ClassObj["name"].substring(0, ClassObj["name"].lastIndexOf("Ctl")).toLowerCase() + "Sve";
     return ClassObj["name"].substring(0, ClassObj["name"].lastIndexOf("Ctl")).toLowerCase() + "Sve";
   }
   }
-  async update (pobj, qobj, req) {
+  async update(pobj, qobj, req) {
     const up = await this.service.update(pobj);
     const up = await this.service.update(pobj);
     return system.getResult(up);
     return system.getResult(up);
   }
   }
-  async create (pobj, qobj, req) {
+  async create(pobj, qobj, req) {
     const up = await this.service.create(pobj);
     const up = await this.service.create(pobj);
     return system.getResult(up);
     return system.getResult(up);
   }
   }
-  async delete (pobj, qobj, req) {
+  async delete(pobj, qobj, req) {
     const up = await this.service.delete(pobj);
     const up = await this.service.delete(pobj);
     return system.getResult(up);
     return system.getResult(up);
   }
   }
-  async findAndCountAll (pobj, qobj, req) {
+  async findAndCountAll(pobj, qobj, req) {
     //设置查询条件
     //设置查询条件
     console.log(pobj)
     console.log(pobj)
     const rs = await this.service.findAndCountAll(pobj);
     const rs = await this.service.findAndCountAll(pobj);
     return system.getResult(rs);
     return system.getResult(rs);
   }
   }
-  async refQuery (pobj, qobj, req) {
+  async findOne(obj) {
+    return this.service.findOne(obj);
+  }
+  async refQuery(pobj, qobj, req) {
     //pobj.refwhere.app_id=pobj.app_id;//角色过滤按照公司过滤
     //pobj.refwhere.app_id=pobj.app_id;//角色过滤按照公司过滤
     pobj.refwhere.company_id = pobj.company_id;
     pobj.refwhere.company_id = pobj.company_id;
     let rtn = await this.service.refQuery(pobj);
     let rtn = await this.service.refQuery(pobj);
     return rtn
     return rtn
   }
   }
-  async setContextParams (pobj, qobj, req) {
+  async setContextParams(pobj, qobj, req) {
     let custtags = req.headers["x-consumetag"] ? req.headers["x-consumetag"].split("|") : null;
     let custtags = req.headers["x-consumetag"] ? req.headers["x-consumetag"].split("|") : null;
     let lastindex = custtags ? custtags.length - 1 : 0;
     let lastindex = custtags ? custtags.length - 1 : 0;
     //当自由用户注册时，需要根据前端传来的companykey,查询出公司，给companyid赋值
     //当自由用户注册时，需要根据前端传来的companykey,查询出公司，给companyid赋值
@@ -97,7 +100,7 @@ class CtlBase {
     pobj.bizpath = req.xctx.bizpath;
     pobj.bizpath = req.xctx.bizpath;
   }
   }
 
 
-  async doexec (methodname, pobj, query, req) {
+  async doexec(methodname, pobj, query, req) {
     try {
     try {
       let xarg = await this.setContextParams(pobj, query, req);
       let xarg = await this.setContextParams(pobj, query, req);
       if (xarg && xarg[0] < 0) {
       if (xarg && xarg[0] < 0) {

center-manage/app/base/controller/impl/auth/userCtl.js

@@ -8,23 +8,23 @@ class UserCtl extends CtlBase {
     super("auth", CtlBase.getServiceName(UserCtl));
     super("auth", CtlBase.getServiceName(UserCtl));
     this.captchaSve = system.getObject("service.auth.captchaSve");
     this.captchaSve = system.getObject("service.auth.captchaSve");
   }
   }
-  async logout (pobj, qobj, req) {
+  async logout(pobj, qobj, req) {
     let rtn = await this.service.logout(pobj)
     let rtn = await this.service.logout(pobj)
     return system.getResult(rtn)
     return system.getResult(rtn)
   }
   }
-  async pmgetUserByCode (pobj, qobj, req) {
+  async pmgetUserByCode(pobj, qobj, req) {
     let code = pobj.code
     let code = pobj.code
     let rtn = await this.service.pmgetUserByCode(code)
     let rtn = await this.service.pmgetUserByCode(code)
     return system.getResult(rtn)
     return system.getResult(rtn)
   }
   }
-  async loginApp (pobj, qobj, req) {
+  async loginApp(pobj, qobj, req) {
     let appkey = pobj.fromAppKey
     let appkey = pobj.fromAppKey
     let uname = pobj.username
     let uname = pobj.username
     let rtn = await this.service.loginApp(appkey, uname)
     let rtn = await this.service.loginApp(appkey, uname)
     return system.getResult(rtn);
     return system.getResult(rtn);
   }
   }
 
 
-  async resetPassword (pobj, qobj, req) {
+  async resetPassword(pobj, qobj, req) {
     try {
     try {
       await this.service.resetPassword(req.xctx.username, pobj.onepassword)
       await this.service.resetPassword(req.xctx.username, pobj.onepassword)
       return system.getResult({});
       return system.getResult({});
@@ -32,18 +32,22 @@ class UserCtl extends CtlBase {
       return system.getResult(null, err.message)
       return system.getResult(null, err.message)
     }
     }
   }
   }
-  async allowOrNot (pobj, qobj, req) {
+  async allowOrNot(pobj, qobj, req) {
     await this.service.updateByWhere({ isEnabled: !pobj.isEnabled }, { company_id: pobj.company_id })
     await this.service.updateByWhere({ isEnabled: !pobj.isEnabled }, { company_id: pobj.company_id })
     return system.getResult({});
     return system.getResult({});
   }
   }
-  async allowOrNotToOne (pobj, qobj, req) {
+  async allowOrNotToOne(pobj, qobj, req) {
     if (!pobj.isEnabled) {
     if (!pobj.isEnabled) {
       await this.service.cacheManager["LoginTimesCache"].invalidate(pobj.userName)
       await this.service.cacheManager["LoginTimesCache"].invalidate(pobj.userName)
     }
     }
+    const userData = await this.service.findOne({ id: pobj.curid, company_id: pobj.company_id });
+    if (!userData) {
+      throw new Error("没有权限")
+    }
     await this.service.updateByWhere({ isEnabled: !pobj.isEnabled }, { id: pobj.curid })
     await this.service.updateByWhere({ isEnabled: !pobj.isEnabled }, { id: pobj.curid })
     return system.getResult({});
     return system.getResult({});
   }
   }
-  async initNewInstance (queryobj, req) {
+  async initNewInstance(queryobj, req) {
     var rtn = {};
     var rtn = {};
     rtn.roles = [];
     rtn.roles = [];
     return system.getResultSuccess(rtn);
     return system.getResultSuccess(rtn);
@@ -54,11 +58,11 @@ class UserCtl extends CtlBase {
   //   let v = await this.smsS.sendVCode(mobile);
   //   let v = await this.smsS.sendVCode(mobile);
   //   return system.getResult({ vcodestr: v });
   //   return system.getResult({ vcodestr: v });
   // }
   // }
-  async exit (pobj, qobj, req) {
+  async exit(pobj, qobj, req) {
 
 
   }
   }
   //应用的自由用户注册,无需验证，需要前端头设置公司KEY
   //应用的自由用户注册,无需验证，需要前端头设置公司KEY
-  async pmregisterByFreeUser (p, q, req) {
+  async pmregisterByFreeUser(p, q, req) {
     //检查是否有用户名和密码
     //检查是否有用户名和密码
     if (!pobj.userName || !pobj.password) {
     if (!pobj.userName || !pobj.password) {
       return system.getResult(null, "请检查用户名和密码是否存在")
       return system.getResult(null, "请检查用户名和密码是否存在")
@@ -72,7 +76,7 @@ class UserCtl extends CtlBase {
     return rtn;
     return rtn;
   }
   }
 
 
-  async create (p, q, req) {
+  async create(p, q, req) {
     //检查是否有用户名和密码
     //检查是否有用户名和密码
     if (!p.userName) {
     if (!p.userName) {
       return system.getResult(null, "请检查用户名和密码是否存在")
       return system.getResult(null, "请检查用户名和密码是否存在")
@@ -85,7 +89,7 @@ class UserCtl extends CtlBase {
   //和租户绑定同一家公司
   //和租户绑定同一家公司
   //按照用户名和密码进行注册
   //按照用户名和密码进行注册
   //控制器端检查用户名和密码非空
   //控制器端检查用户名和密码非空
-  async registerByTantent (p, q, req) {
+  async registerByTantent(p, q, req) {
     //检查是否有用户名和密码
     //检查是否有用户名和密码
     if (!pobj.userName) {
     if (!pobj.userName) {
       return system.getResult(null, "请检查用户名和密码是否存在")
       return system.getResult(null, "请检查用户名和密码是否存在")
@@ -94,7 +98,7 @@ class UserCtl extends CtlBase {
     return rtn;
     return rtn;
   }
   }
   //租户用户名和密码的租户注册
   //租户用户名和密码的租户注册
-  async pmregister (pobj, qobj, req) {
+  async pmregister(pobj, qobj, req) {
     //平台注册设置平台的应用ID
     //平台注册设置平台的应用ID
     pobj.app_id = settings.pmappid;
     pobj.app_id = settings.pmappid;
     //检查是否有用户名和密码
     //检查是否有用户名和密码
@@ -104,9 +108,9 @@ class UserCtl extends CtlBase {
     var rtn = await this.service.pmregister(pobj);
     var rtn = await this.service.pmregister(pobj);
     return system.getResult(rtn);
     return system.getResult(rtn);
   }
   }
-  async pmlogin (pobj, qobj, req) {
+  async pmlogin(pobj, qobj, req) {
     //平台注册设置平台的应用ID
     //平台注册设置平台的应用ID
-    let verifyres = await this.captchaSve.apiValidator({key:pobj.key,code:pobj.code});
+    let verifyres = await this.captchaSve.apiValidator({ key: pobj.key, code: pobj.code });
     if (verifyres.status !== 0)
     if (verifyres.status !== 0)
       return verifyres;
       return verifyres;
     let rtn = await this.service.pmlogin(pobj, qobj, req);
     let rtn = await this.service.pmlogin(pobj, qobj, req);
@@ -128,22 +132,26 @@ class UserCtl extends CtlBase {
    * @param {*} qobj 
    * @param {*} qobj 
    * @param {*} req 
    * @param {*} req 
    */
    */
-  async unlockUser (pobj, qobj, req) {
+  async unlockUser(pobj, qobj, req) {
     try {
     try {
+      const userData = await this.service.findOne({ userName: pobj.userName, company_id: pobj.company_id });
+      if (!userData) {
+        throw new Error("没有权限")
+      }
       await this.service.unlockUser(pobj.userName)
       await this.service.unlockUser(pobj.userName)
       return system.getResult({});
       return system.getResult({});
     } catch (err) {
     } catch (err) {
       return system.getResult(null, err.message)
       return system.getResult(null, err.message)
     }
     }
   }
   }
-  async getUserInfo (pobj, qobj, req) {
+  async getUserInfo(pobj, qobj, req) {
     let uname = req.xctx.username;
     let uname = req.xctx.username;
     let rtn = await this.service.getUserInfo(uname);
     let rtn = await this.service.getUserInfo(uname);
     return system.getResult(rtn);
     return system.getResult(rtn);
   }
   }
 
 
   //按照电话创建自由用户
   //按照电话创建自由用户
-  async pmloginByVCodeForFreeUser (p, q, req) {
+  async pmloginByVCodeForFreeUser(p, q, req) {
     if (!pobj.mobile || !pobj.vcode) {
     if (!pobj.mobile || !pobj.vcode) {
       return system.getResult(null, "请检查手机号和验证码是否存在")
       return system.getResult(null, "请检查手机号和验证码是否存在")
     }
     }
@@ -154,11 +162,11 @@ class UserCtl extends CtlBase {
     let rtn = await this.service.pmloginByVCodeForFreeUser(p, q);
     let rtn = await this.service.pmloginByVCodeForFreeUser(p, q);
     return rtn;
     return rtn;
   }
   }
-  async pmloginByVCode (pobj, qobj, req) {
+  async pmloginByVCode(pobj, qobj, req) {
     let rtn = await this.service.pmloginByVCode(pobj, qobj);
     let rtn = await this.service.pmloginByVCode(pobj, qobj);
     return system.getResult(rtn);
     return system.getResult(rtn);
   }
   }
-  async pmSendVCode (pobj, qobj, req) {
+  async pmSendVCode(pobj, qobj, req) {
     let rtn = await this.service.sendVCode(pobj, qobj);
     let rtn = await this.service.sendVCode(pobj, qobj);
     return system.getResult(rtn);
     return system.getResult(rtn);
   }
   }

center-manage/app/base/controller/impl/common/companyCtl.js

@@ -11,6 +11,11 @@ class CompanyCtl extends CtlBase {
     }
     }
 
 
     async update(p, q, req) {
     async update(p, q, req) {
+        if (p.company_id != 1) {
+            if (p.company_id != p.id) {
+                throw new Error("没有权限");
+            }
+        }
         let u = await super.update(p, q, req)
         let u = await super.update(p, q, req)
         //缓存失效
         //缓存失效
         await this.cacheManager["CompanyCache"].invalidate(p.companykey)
         await this.cacheManager["CompanyCache"].invalidate(p.companykey)

center-manage/app/base/service/impl/auth/roleSve.js

@@ -17,7 +17,7 @@ class RoleService extends ServiceBase {
       }
       }
     })
     })
     if (!data) {
     if (!data) {
-      throw new Error("无权限修改")
+      throw new Error("无权限")
     }
     }
     return await this.dao.update(qobj);
     return await this.dao.update(qobj);
   }
   }
@@ -30,7 +30,7 @@ class RoleService extends ServiceBase {
       }
       }
     })
     })
     if (!data) {
     if (!data) {
-      throw new Error("无权限修改")
+      throw new Error("无权限")
     }
     }
     return await this.dao.delete(qobj);
     return await this.dao.delete(qobj);
   }
   }

center-manage/app/base/service/impl/auth/userSve.js

@@ -384,6 +384,13 @@ class UserService extends ServiceBase {
   //修改
   //修改
   async update(qobj, tm = null) {
   async update(qobj, tm = null) {
     var self = this;
     var self = this;
+    const userData = await self.dao.findOne({
+      id: qobj.id,
+      company_id: qobj.company_id
+    });
+    if (!userData) {
+      throw new Error("没有权限");
+    }
     return this.db.transaction(async function (t) {
     return this.db.transaction(async function (t) {
       delete qobj['company_id']
       delete qobj['company_id']
       let up = await self.dao.update(qobj, t);
       let up = await self.dao.update(qobj, t);