1

services/backstage_service.go

@@ -11,6 +11,7 @@ import (
 	"log"
 	"net/http"
 	"net/url"
+	"strconv"
 	"time"
 
 	"github.com/kataras/iris/v12"
@@ -268,6 +269,7 @@ func (s *backstageService) ValidCldStaff(loginData viewmodels.StaffCld, writer h
 	params.Add("identity", identity)
 	params.Add("attachedIdentity", category)
 	params.Add("digitalToken", digitalToken)
+	params.Add("manager", strconv.Itoa(managerData.IsAdmin))
 	c := &http.Cookie{
 		Name:     "cmBackstage",
 		Value:    params.Encode(),

services/project_account_service.go

@@ -38,7 +38,7 @@ type ProjectAccountService interface {
 	GetBidAccount(bidsectionId int, projectId int, projectAccountId int, name string) []viewmodels.ProjectAccount
 	Search(name string, projectId int) []viewmodels.ProjectAccount
 	AddBs(viewAccount viewmodels.ProjectAccount, projectId int) error
-	SaveBs(viewAccount viewmodels.ProjectAccount, id int, projectId int) error
+	SaveBs(viewAccount viewmodels.ProjectAccount, id int, projectId int, manager *models.CmManager) error
 	Add(viewAccount viewmodels.ProjectAccount, projectId int) error
 	Save(viewAccount viewmodels.ProjectAccount, id int, projectId int) error
 	SaveAccount(viewAccount viewmodels.ProjectAccount, id int, projectId int) error
@@ -325,10 +325,18 @@ func (s *projectAccountService) AddBs(viewAccount viewmodels.ProjectAccount, pro
 }
 
 // 保存用户信息
-func (s *projectAccountService) SaveBs(viewAccount viewmodels.ProjectAccount, id int, projectId int) error {
+func (s *projectAccountService) SaveBs(viewAccount viewmodels.ProjectAccount, id int, projectId int, manager *models.CmManager) error {
+
+	// 1.获得项目信息
+	projectDao := dao.NewProjectDao(datasource.InstanceDbMaster())
+	projectData, _ := projectDao.FindById(id)
+	if manager.Username != projectData.StaffName {
+		return errors.New("无权编辑")
+	}
 
 	account := models.CmProjectAccount{}
 	updateField := []string{"name", "company", "position", "telephone", "account_group"}
+
 	// 是否重新设置管理员
 	if viewAccount.IsAdmin == 1 {
 		account.IsAdmin = viewAccount.IsAdmin
@@ -372,7 +380,7 @@ func (s *projectAccountService) updateAdminZero(projectId int) error {
 func (s *projectAccountService) Add(viewAccount viewmodels.ProjectAccount, projectId int) error {
 
 	// 验证该项目下是否有同名账号
-	accountValid := s.dao.GetAccount(viewAccount.Account)
+	accountValid := s.dao.GetAccountProjectId(viewAccount.Account, projectId)
 	if accountValid.Id != 0 {
 		return errors.New("已存在相同的账号")
 	}

services/project_service.go

@@ -35,7 +35,7 @@ type ProjectService interface {
 	GetName(code string) []viewmodels.Project
 	Save(projectId int, projectVM viewmodels.Project) error
 	Add(projectVM viewmodels.Project) error
-	SaveBs(projectVM viewmodels.Project, id int) error
+	SaveBs(projectVM viewmodels.Project, id int, manager *models.CmManager) error
 	GetListBs(pageData viewmodels.ProjectPage, staffName string) (data []viewmodels.Project, total int64)
 }
 
@@ -222,7 +222,17 @@ func (s *projectService) Add(projectVM viewmodels.Project) error {
 }
 
 // 更新项目-后台
-func (s *projectService) SaveBs(projectVM viewmodels.Project, id int) error {
+func (s *projectService) SaveBs(projectVM viewmodels.Project, id int, manager *models.CmManager) error {
+
+	// 1.获得项目信息
+	projectData, _ := s.dao.FindById(id)
+	// 管理员和自己可以更新
+	if manager.IsAdmin != 1 {
+		if manager.Username != projectData.StaffName {
+			return errors.New("无权编辑")
+		}
+	}
+
 	project := &models.CmProject{}
 	project.Id = id
 	project.Name = projectVM.Name

web/backstage/project_account_bs.go

@@ -10,6 +10,7 @@ import (
 	"fmt"
 
 	"github.com/kataras/iris/v12"
+	"go.mod/models"
 	"go.mod/services"
 	"go.mod/web/utils"
 	"go.mod/web/viewmodels"
@@ -203,7 +204,10 @@ func (c *ProjectAccountBs) PostSave() {
 		return
 	}
 
-	err = c.ServiceProjectAccount.SaveBs(accountData, id, projectId)
+	// 获得登陆的管理员
+	manager := c.Ctx.Values().Get("manager").(*models.CmManager)
+
+	err = c.ServiceProjectAccount.SaveBs(accountData, id, projectId, manager)
 	if err != nil {
 		c.Ctx.JSON(iris.Map{"code": -1, "msg": fmt.Sprintf("%s", err)})
 		return

web/backstage/project_bs.go

@@ -11,6 +11,7 @@ import (
 	"log"
 
 	"github.com/kataras/iris/v12"
+	"go.mod/models"
 	"go.mod/services"
 	"go.mod/web/utils"
 	"go.mod/web/viewmodels"
@@ -227,8 +228,11 @@ func (c *ProjectBs) PostSave() {
 		return
 	}
 
+	// 获得登陆的管理员
+	manager := c.Ctx.Values().Get("manager").(*models.CmManager)
+
 	// 新增项目信息
-	err = c.ServiceProject.SaveBs(projectData, id)
+	err = c.ServiceProject.SaveBs(projectData, id, manager)
 	if err != nil {
 		c.Ctx.JSON(iris.Map{"code": -1, "msg": fmt.Sprintf("%s", err)})
 		return

web/middleware/access_backstage.go

@@ -0,0 +1,43 @@
+/*
+ * @description: 访问中间件
+ * @Author: CP
+ * @Date: 2021-06-04 10:27:02
+ * @FilePath: \construction_management\web\middleware\access_backstage.go
+ */
+package middleware
+
+import (
+	"github.com/kataras/iris/v12"
+	"go.mod/dao"
+	"go.mod/datasource"
+)
+
+func AccessBackstageAuth(ctx iris.Context) {
+	// 1.获得登陆后台成员信息
+	staffName := ctx.Values().Get("StaffName").(string)
+	managerDao := dao.NewManagerDao(datasource.InstanceDbMaster())
+	managerData := managerDao.GetUserName(staffName)
+
+	// 2.特定路由下的访问权限
+	path := ctx.Path()
+	// 新增项目
+	if path == "/api/backstage/project/add" {
+		if managerData.IsAdmin != 1 {
+			ctx.JSON(iris.Map{"code": 2, "msg": "管理员才能新增项目"})
+			return
+		}
+	}
+
+	// 编辑项目-只有管理员和自己能编辑项目
+	if path == "/api/backstage/project/save" {
+		if managerData.IsAdmin != 1 {
+
+			ctx.JSON(iris.Map{"code": 2, "msg": "管理员才能新增项目"})
+			return
+		}
+	}
+
+	ctx.ViewData("manager", managerData)
+
+	ctx.Next()
+}

web/routes/routes.go

@@ -217,6 +217,7 @@ func Configure(b *bootstrap.Bootstrapper) {
 	backstageProjectCM.Register(ProjectService)
 	backstageProjectCM.Register(backstageService)
 	backstageProjectCM.Router.Use(middleware.SessionsBackstageAuth)
+	backstageProjectCM.Router.Use(middleware.AccessBackstageAuth)
 	backstageProjectCM.Handle(new(backstage.ProjectBs))
 
 	backstageAccountCM := mvc.New(b.Party("/api/backstage/account"))
@@ -225,6 +226,7 @@ func Configure(b *bootstrap.Bootstrapper) {
 	backstageAccountCM.Register(BidAccountService)
 	backstageAccountCM.Register(backstageService)
 	backstageAccountCM.Router.Use(middleware.SessionsBackstageAuth)
+	backstageAccountCM.Router.Use(middleware.AccessBackstageAuth)
 	backstageAccountCM.Handle(new(backstage.ProjectAccountBs))
 
 	managerCM := mvc.New(b.Party("/api/backstage/manager"))