1

comm/functions.go

@@ -44,6 +44,7 @@ func MakeProjectAccountVM(modelsAccount *models.CmProjectAccount) viewmodels.Pro
 	viewAccountData.AccountGroup = modelsAccount.AccountGroup
 	viewAccountData.Enable = modelsAccount.Enable
 	viewAccountData.Position = modelsAccount.Position
+
 	return viewAccountData
 }
 

dao/project_account_dao.go

@@ -118,20 +118,20 @@ func (d *ProjectAccountDao) Add(data *models.CmProjectAccount) error {
 //更新
 func (d *ProjectAccountDao) Update(data *models.CmProjectAccount, columns []string) error {
 	//_, err := d.engine.Id(data.Id).MustCols(columns...).Update(data)
-	is, err := d.engine.Where("id = ? and project_id = ? ", data.Id, data.ProjectId).MustCols(columns...).Update(data)
-	if is == 0 {
-		return errors.New("未找到账号")
+	_, err := d.engine.Where("id = ? and project_id = ? ", data.Id, data.ProjectId).MustCols(columns...).Update(data)
+	if err != nil {
+		return errors.New("更新账号失败")
 	}
-	return err
+	return nil
 }
 
 // 物理删除
 func (d *ProjectAccountDao) Delete(data *models.CmProjectAccount) error {
-	is, err := d.engine.Where("id = ? and project_id = ? ", data.Id, data.ProjectId).Delete(data)
-	if is == 0 {
-		return errors.New("未找到账号")
+	_, err := d.engine.Where("id = ? and project_id = ? ", data.Id, data.ProjectId).Delete(data)
+	if err != nil {
+		return errors.New("删除到账号失败")
 	}
-	return err
+	return nil
 }
 
 // 查找

lib/permission.json

@@ -0,0 +1,42 @@
+{
+    "contract": {
+        "add": [
+            "1",
+            "2",
+            "3"
+        ],
+        "access": [
+            "/api/contract/survey"
+        ],
+        "delete":[
+
+        ]
+    },
+    "safe": {
+        "add": [
+            "1",
+            "2",
+            "3"
+        ],
+        "access": [
+            "/api/contract/survey"
+        ],
+        "delete":[
+
+        ]
+    },
+    "quality": {
+        "add": [
+            "1",
+            "2",
+            "3"
+        ],
+        "access": [
+            "/api/contract/survey"
+        ],
+        "delete":[
+
+        ]
+    },
+    "projectSetting":[]
+}

models/cm_project_account.go

@@ -25,9 +25,9 @@ type CmProjectAccount struct {
 	Enable             int       `xorm:"comment('是否启用 1为启用') TINYINT(1)"`
 	AuthMobile         string    `xorm:"comment('认证手机') VARCHAR(32)"`
 	Permission         string    `xorm:"comment('权限') TEXT"`
-	Contractpermission string    `xorm:"comment('合同权限(json)') TEXT"`
-	Qualitypermission  string    `xorm:"comment('质量巡检权限(json)') TEXT"`
-	Safepermission     string    `xorm:"comment('安全巡检权限(json)') TEXT"`
+	ContractPermission string    `xorm:"comment('合同权限(json)') TEXT"`
+	QualityPermission  string    `xorm:"comment('质量巡检权限(json)') TEXT"`
+	SafePermission     string    `xorm:"comment('安全巡检权限(json)') TEXT"`
 	Cooperation        int       `xorm:"comment('协作') TINYINT(4)"`
 	LastNotice         time.Time `xorm:"comment('待办事项，通知') DATETIME"`
 	SignPath           string    `xorm:"comment('电子签名图片地址') VARCHAR(512)"`

models/cm_safe.go

@@ -14,7 +14,7 @@ type CmSafe struct {
 	Inspection       string    `xorm:"comment('检查项目') VARCHAR(3072)"`
 	InspectionDetail string    `xorm:"comment('现场检查情况') TEXT"`
 	Demand           string    `xorm:"comment('处理要求') VARCHAR(128)"`
-	Status           int       `xorm:"default 0 comment('状态(0待审批1通过2退回3关闭)') INT(11)"`
+	Status           int       `xorm:"not null default 0 comment('状态(0未上报1审批中2待整改3待复查4完成5关闭)') INT(11)"`
 	Uid              int       `xorm:"not null default 0 comment('创建者id') INT(11)"`
-	Times            int       `xorm:"default 0 comment('审批次数') INT(11)"`
+	Times            int       `xorm:"not null default 1 comment('审批次数') INT(11)"`
 }

models/cm_safe_audit.go

@@ -8,10 +8,10 @@ type CmSafeAudit struct {
 	Id            int       `xorm:"not null pk autoincr comment('自增id') INT(11)"`
 	SafeId        int       `xorm:"not null default 0 comment('安全巡检id') INT(11)"`
 	BidsectionId  int       `xorm:"not null default 0 comment('标段id') INT(11)"`
-	Times         int       `xorm:"not null default 0 comment('审核次数') INT(11)"`
+	Times         int       `xorm:"not null default 1 comment('审核次数') INT(11)"`
 	AuditId       int       `xorm:"not null default 0 comment('审核人id') INT(11)"`
 	AuditOrder    int       `xorm:"not null default 0 comment('审批顺序') INT(11)"`
-	Status        int       `xorm:"default 0 comment('审核状态(0待审批1通过2退回3关闭)') INT(11)"`
+	Status        int       `xorm:"default 0 comment('状态(0未上报1待审批2通过3退回4关闭)') INT(11)"`
 	Progress      int       `xorm:"not null default 0 comment('审批进度(0审批1整改2复查)') TINYINT(1)"`
 	CreateTime    time.Time `xorm:"comment('开始时间') DATETIME"`
 	EndTime       time.Time `xorm:"comment('结束时间') DATETIME"`

services/login_service.go

@@ -70,6 +70,7 @@ func (s *loginService) ValidProjectAccount(loginData viewmodels.Login, writer ht
 	}
 	// 1-2.获得项目管理员
 	projectAdminInfo := s.projectAccountDao.Get(projectInfo.UserId, projectInfo.Id)
+
 	if projectAdminInfo.Id == 0 {
 		return nil, errors.New("工程建设管理员不存在，禁止登录")
 	}

services/project_account_service.go

@@ -325,10 +325,10 @@ func (s *projectAccountService) SaveAuth(permission viewmodels.Permission, proje
 	account := models.CmProjectAccount{}
 	account.Id = accountId
 	account.ProjectId = projectId
-	account.Contractpermission = contractPermissionStr
-	account.Safepermission = safePermissionStr
-	account.Qualitypermission = qualityPermissionStr
+	account.ContractPermission = contractPermissionStr
+	account.SafePermission = safePermissionStr
+	account.QualityPermission = qualityPermissionStr
 
-	err = s.dao.Update(&account, []string{"Contractpermission", "Safepermission", "Qualitypermission"})
+	err = s.dao.Update(&account, []string{"ContractPermission", "SafePermission", "QualityPermission"})
 	return err
 }

web/api/contract_paid_api.go

@@ -10,8 +10,8 @@ import (
 	"fmt"
 
 	"github.com/kataras/iris/v12"
+	"go.mod/models"
 	"go.mod/web/utils"
-	"go.mod/web/viewmodels"
 )
 
 // @Summary 获得已支付列表
@@ -103,7 +103,7 @@ func (c *ContractApi) PostPaidCreate() {
 		return
 	}
 
-	account := c.Ctx.Values().Get("account").(*viewmodels.ProjectAccount)
+	account := c.Ctx.Values().Get("account").(*models.CmProjectAccount)
 	returnData.CreateUser = account.Account
 
 	err = c.ServiceContract.PaidCreate(returnData, projectId, bidsectionId, contractsId, projectAccountId)

web/api/contract_return_api.go

@@ -10,8 +10,8 @@ import (
 	"fmt"
 
 	"github.com/kataras/iris/v12"
+	"go.mod/models"
 	"go.mod/web/utils"
-	"go.mod/web/viewmodels"
 )
 
 // @Summary 获得回款类型
@@ -122,7 +122,7 @@ func (c *ContractApi) PostReturnCreate() {
 		return
 	}
 
-	account := c.Ctx.Values().Get("account").(*viewmodels.ProjectAccount)
+	account := c.Ctx.Values().Get("account").(*models.CmProjectAccount)
 	returnData.CreateUser = account.Account
 
 	err = c.ServiceContract.ReturnCreate(returnData, projectId, bidsectionId, contractsId, projectAccountId)

web/api/login_api.go

@@ -7,6 +7,8 @@
 package api
 
 import (
+	"fmt"
+
 	"github.com/kataras/iris/v12"
 	"go.mod/services"
 	"go.mod/web/utils"
@@ -45,7 +47,7 @@ func (c *LoginApi) Post() {
 	//验证登陆用户
 	Data, err := c.ServiceLogin.ValidProjectAccount(LoginData, c.Ctx.ResponseWriter())
 	if err != nil {
-		c.Ctx.JSON(iris.Map{"code": -1, "msg": err})
+		c.Ctx.JSON(iris.Map{"code": -1, "msg": fmt.Sprintf("%s", err)})
 		return
 	}
 	c.Ctx.JSON(iris.Map{

web/api/rpc_api.go

@@ -24,7 +24,7 @@ type RpcApi struct {
 // }
 
 // 实例1  RpcConnect *grpc.ClientConn
-func (c *RpcApi) Get() {
+func (c *RpcApi) Get() { 
 	RpcConnect := c.Ctx.Values().Get("RpcConnect").(*grpc.ClientConn)
 	c.ServiceRpc.Test(RpcConnect)
 }

web/middleware/accessAuth.go

@@ -6,17 +6,134 @@
  */
 package middleware
 
-import "github.com/kataras/iris/v12"
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"log"
 
-func AccessAuth(ctx iris.Context) {
-	// 人员判断
-	// 1.是管理员- 拥有所有权限
+	"github.com/kataras/iris/v12"
+	"go.mod/models"
+)
+
+// 员工表权限解析
+type permission struct {
+	Add    int ` json:"add" `
+	Delete int ` json:"delete" `
+	Access int ` json:"access" `
+}
+
+// 权限JSON对象
+type permissionPath struct {
+	Contract       path     `json:"contract" `
+	Safe           path     `json:"safe" `
+	Quality        path     `json:"quality" `
+	ProjectSetting []string `json:"projectSetting" `
+}
 
-	// 2不是管理员
+// 对象中地址列表
+type path struct {
+	Add    []string `json:"add" `
+	Access []string `json:"access" `
+	Delete []string `json:"delete" `
+}
+
+// 权限验证中间件
+func AccessAuth(ctx iris.Context) {
+	// 1.获得成员信息
+	account := ctx.Values().Get("account").(*models.CmProjectAccount)
+	// 1-1.是管理员- 拥有所有权限
+	if account.IsAdmin != 1 {
+		// if account.IsAdmin == 1 {
+		// 2.获得员工可访问的权限
+		contractPermission := permission{}
+		if account.ContractPermission != "" {
+			err := json.Unmarshal([]byte(account.ContractPermission), &contractPermission)
+			// 错误后 全部权限默认为0
+			if err != nil {
+				log.Println("合同权限解析错误:err=", err)
+			}
+		}
+		safePermission := permission{}
+		if account.SafePermission != "" {
+			err := json.Unmarshal([]byte(account.SafePermission), &safePermission)
+			if err != nil {
+				log.Println("安全权限解析错误:err=", err)
+			}
+		}
+		qualityPermission := permission{}
+		if account.QualityPermission != "" {
+			err := json.Unmarshal([]byte(account.QualityPermission), &qualityPermission)
+			if err != nil {
+				log.Println("质量权限解析错误:err=", err)
+			}
+		}
 
-	// 2-1项目设置不可访问
+		// 2-1获得权限列表
+		permissionPath := permissionPath{}
+		permissionPathData, err := ioutil.ReadFile("../lib/permission.json")
+		err = json.Unmarshal(permissionPathData, &permissionPath)
+		if err != nil {
+			log.Println("权限解析错误:err=", err)
+			ctx.JSON(iris.Map{"code": 2, "msg": "权限解析错误"})
+			return
+		}
+		// 2-2 不容许访问的权限--比对访问路径
+		requestPath := ctx.Path()
+		// 合同权限
+		err = verifyAuth(contractPermission, permissionPath.Contract, requestPath)
+		if err != nil {
+			ctx.JSON(iris.Map{"code": 2, "msg": fmt.Sprintf("%s", err)})
+			return
+		}
+		// 安全权限
+		err = verifyAuth(contractPermission, permissionPath.Safe, requestPath)
+		if err != nil {
+			ctx.JSON(iris.Map{"code": 2, "msg": fmt.Sprintf("%s", err)})
+			return
+		}
+		// 质量权限
+		err = verifyAuth(contractPermission, permissionPath.Quality, requestPath)
+		if err != nil {
+			ctx.JSON(iris.Map{"code": 2, "msg": fmt.Sprintf("%s", err)})
+			return
+		}
+		// 项目设置 -只有管理员才能访问
+		for _, path := range permissionPath.ProjectSetting {
+			if path == requestPath {
+				ctx.JSON(iris.Map{"code": 2, "msg": "无权访问"})
+				return
+			}
+		}
 
-	// 2-2 项目访问权限列表
+	}
 
 	ctx.Next()
 }
+
+// 验证权限路径
+func verifyAuth(permission permission, pathList path, requestPath string) error {
+	if permission.Add == 0 {
+		for _, path := range pathList.Add {
+			if path == requestPath {
+				return errors.New("无权访问")
+			}
+		}
+	}
+	if permission.Access == 0 {
+		for _, path := range pathList.Access {
+			if path == requestPath {
+				return errors.New("无权访问")
+			}
+		}
+	}
+	if permission.Delete == 0 {
+		for _, path := range pathList.Delete {
+			if path == requestPath {
+				return errors.New("无权访问")
+			}
+		}
+	}
+	return nil
+}

web/middleware/sessions.go

@@ -14,7 +14,8 @@ import (
 	"github.com/kataras/iris/v12"
 	"go.mod/comm"
 	"go.mod/conf"
-	"go.mod/services"
+	"go.mod/dao"
+	"go.mod/datasource"
 )
 
 func SessionsAuth(ctx iris.Context) {
@@ -47,9 +48,12 @@ func SessionsAuth(ctx iris.Context) {
 		ctx.JSON(iris.Map{"code": 1, "msg": "账号发生异常2"})
 		return
 	}
-	npaSer := services.NewProjectAccountService()
-	accountInfo := npaSer.Get(identityId, attachedIdentityId)
-	if accountInfo.Id == "0" {
+	projectAccountDao := dao.NewProjectAccountDao(datasource.InstanceDbMaster())
+	accountInfo := projectAccountDao.Get(identityId, attachedIdentityId)
+	// npaSer := services.NewProjectAccountService()
+	// accountInfo := npaSer.Get(identityId, attachedIdentityId)
+
+	if accountInfo.Id == 0 {
 		ctx.JSON(iris.Map{"code": 1, "msg": "账号不存在"})
 		return
 	}

web/utils/utils.go

@@ -41,7 +41,7 @@ func StringToMap(str string, split string) map[string]string {
 
 // 获得项目ID
 func GetProjectId(ctx iris.Context) (int, error) {
-	//account := ctx.Values().Get("account").(*viewmodels.ProjectAccount)
+	//account := ctx.Values().Get("account").(*models.CmProjectAccount)
 	// fmt.Println(account)
 	projectId, err := ctx.Values().GetInt("projectId")
 	if err != nil {

web/viewmodels/project_account.go

@@ -26,15 +26,13 @@ type ProjectAccount struct {
 	IsAdmin      int    `form:"isAdmin" json:"isAdmin"`
 	AccountGroup int    `form:"accountGroup" json:"accountGroup"`
 	Enable       int    `form:"enable" json:"enable"`
-
-	Csrf string `form:"csrf"`
 }
 
 func (l ProjectAccount) Validate() error {
 	return validation.ValidateStruct(&l,
 		validation.Field(&l.Account, validation.Required.Error("账号不能为空"), validation.Match(regexp.MustCompile("^[A-Za-z0-9]+$")).Error("只支持英文数字组合")),
-		validation.Field(&l.Password, validation.Required.Error("密码不能为空"), validation.Match(regexp.MustCompile("^[a-zA-Z]\\w{5,17}$")).Error("密码支持英文数字及符号,6~18之间")),
-		validation.Field(&l.Role, validation.Required.Error("账号组不能为空"), validation.In(1, 2, 3, 4).Error("未找到相关账号组")),
+		validation.Field(&l.Password, validation.Required.Error("密码不能为空"), validation.Match(regexp.MustCompile("^[a-zA-Z~!@#$%^&*]\\w{5,17}$")).Error("密码支持英文数字及符号,6~18之间")),
+		validation.Field(&l.AccountGroup, validation.Required.Error("账号组不能为空"), validation.In(1, 2, 3, 4).Error("未找到相关账号组")),
 		validation.Field(&l.Name, validation.Required.Error("姓名不能为空")),
 		validation.Field(&l.Company, validation.Required.Error("单位不能为空")),
 		validation.Field(&l.Position, validation.Required.Error("职位不能为空")),
@@ -46,7 +44,7 @@ func (l ProjectAccount) Validate() error {
 func (l ProjectAccount) ValidateUpdate() error {
 	return validation.ValidateStruct(&l,
 		validation.Field(&l.Name, validation.Required.Error("姓名不能为空")),
-		validation.Field(&l.Role, validation.Required.Error("账号组不能为空"), validation.In(1, 2, 3, 4).Error("未找到相关账号组")),
+		validation.Field(&l.AccountGroup, validation.Required.Error("账号组不能为空"), validation.In(1, 2, 3, 4).Error("未找到相关账号组")),
 		validation.Field(&l.Company, validation.Required.Error("单位不能为空")),
 		validation.Field(&l.Position, validation.Required.Error("职位不能为空")),
 		//validation.Field(&l.Mobile, validation.Required.Error("手机不能为空"), validation.Match(regexp.MustCompile("^([1][3,4,5,6,7,8,9])\\d{9}$")).Error("只支持英文数字组合")),
@@ -57,7 +55,9 @@ func (l ProjectAccount) ValidateUpdate() error {
 func (l ProjectAccount) ValidatePassword() error {
 	return validation.ValidateStruct(&l,
 		validation.Field(&l.Account, validation.Required.Error("账号不能为空"), validation.Match(regexp.MustCompile("^[A-Za-z0-9]+$")).Error("只支持英文数字组合")),
-		validation.Field(&l.Password, validation.Required.Error("密码不能为空"), validation.Match(regexp.MustCompile("^[a-zA-Z]\\w{5,17}$")).Error("密码支持英文数字及符号,6~18之间")),
+		//"^[a-zA-Z0-9]\\w{5,17}$"
+		// , validation.Match(regexp.MustCompile(`/^(?=.*\d)(?=.*[a-zA-Z])[\da-zA-Z~!@#$%^&*]{6,18}$/`)).Error("密码支持英文数字及符号,6~18之间")
+		validation.Field(&l.Password, validation.Required.Error("密码不能为空")),
 	)
 }