package controllers import ( "encoding/json" "fmt" "io" "strconv" "strings" "time" "server/models" "server/pkg/jwtutil" beego "github.com/beego/beego/v2/server/web" ) // PlatformModulesController 模块管理(yz_system_modules) type PlatformModulesController struct { beego.Controller } func (c *PlatformModulesController) modulesClaims() (*jwtutil.Claims, error) { auth := c.Ctx.Request.Header.Get("Authorization") if auth == "" { return nil, fmt.Errorf("未登录") } parts := strings.SplitN(auth, " ", 2) if len(parts) != 2 || parts[0] != "Bearer" { return nil, fmt.Errorf("认证信息格式错误") } claims, err := jwtutil.ParseToken(parts[1]) if err != nil { return nil, fmt.Errorf("无效的token") } // 语义更正: // - /platform/* 只能 platform 访问 // - /backend/* 只能 backend 访问 // 兼容:历史 token 可能缺少 user_type(按 user 处理),此时都拒绝访问以避免越权。 path := strings.ToLower(c.Ctx.Request.URL.Path) if strings.HasPrefix(path, "/platform/") { if claims.UserType != "platform" { return nil, fmt.Errorf("无权访问") } } else if strings.HasPrefix(path, "/backend/") { if claims.UserType != "backend" { return nil, fmt.Errorf("无权访问") } } return claims, nil } func (c *PlatformModulesController) jsonErr(httpStatus, bizCode int, msg string) { c.Ctx.Output.SetStatus(httpStatus) c.Data["json"] = map[string]interface{}{"code": bizCode, "msg": msg} _ = c.ServeJSON() } // GetList GET /platform/modules/list func (c *PlatformModulesController) GetList() { if _, err := c.modulesClaims(); err != nil { c.jsonErr(401, 401, err.Error()) return } var rows []models.SystemModules _, err := models.Orm.QueryTable(new(models.SystemModules)). Filter("delete_time__isnull", true). OrderBy("sort", "id"). All(&rows) if err != nil { c.jsonErr(500, 500, "获取失败:"+err.Error()) return } c.Data["json"] = map[string]interface{}{ "code": 200, "msg": "获取成功", "data": map[string]interface{}{ "list": rows, "total": len(rows), }, } _ = c.ServeJSON() } // GetTenantList GET /platform/modules/getTenantList // 兼容旧接口命名:返回当前账号可见的模块。当前实现:返回 status=1 且 is_show=1 的全部模块。 func (c *PlatformModulesController) GetTenantList() { if _, err := c.modulesClaims(); err != nil { c.jsonErr(401, 401, err.Error()) return } var rows []models.SystemModules _, err := models.Orm.QueryTable(new(models.SystemModules)). Filter("delete_time__isnull", true). Filter("status", 1). Filter("is_show", 1). OrderBy("sort", "id"). All(&rows) if err != nil { c.jsonErr(500, 500, "获取失败:"+err.Error()) return } c.Data["json"] = map[string]interface{}{ "code": 200, "msg": "获取成功", "data": map[string]interface{}{ "list": rows, "total": len(rows), }, } _ = c.ServeJSON() } // GetDetail GET /platform/modules/:id func (c *PlatformModulesController) GetDetail() { if _, err := c.modulesClaims(); err != nil { c.jsonErr(401, 401, err.Error()) return } idStr := c.Ctx.Input.Param(":id") id, err := strconv.ParseUint(idStr, 10, 64) if err != nil || id == 0 { c.jsonErr(400, 400, "参数错误") return } var row models.SystemModules err = models.Orm.QueryTable(new(models.SystemModules)). Filter("id", id). Filter("delete_time__isnull", true). One(&row) if err != nil { c.jsonErr(404, 404, "模块不存在") return } c.Data["json"] = map[string]interface{}{"code": 200, "msg": "获取成功", "data": row} _ = c.ServeJSON() } type modulePayload struct { Mid *uint64 `json:"mid"` Name string `json:"name"` Code string `json:"code"` Path string `json:"path"` Icon string `json:"icon"` Description string `json:"description"` Type int `json:"type"` Sort int `json:"sort"` Status int8 `json:"status"` IsShow int8 `json:"is_show"` } // Add POST /platform/modules func (c *PlatformModulesController) Add() { if _, err := c.modulesClaims(); err != nil { c.jsonErr(401, 401, err.Error()) return } raw, err := io.ReadAll(c.Ctx.Request.Body) if err != nil { c.jsonErr(400, 400, "参数错误") return } var p modulePayload if err := json.Unmarshal(raw, &p); err != nil { c.jsonErr(400, 400, "参数错误") return } p.Name = strings.TrimSpace(p.Name) p.Code = strings.TrimSpace(p.Code) if p.Name == "" || p.Code == "" { c.jsonErr(400, 400, "模块名称和编码不能为空") return } // code 唯一(排除软删) cnt, _ := models.Orm.QueryTable(new(models.SystemModules)). Filter("code", p.Code). Filter("delete_time__isnull", true). Count() if cnt > 0 { c.jsonErr(400, 400, "模块编码已存在") return } now := time.Now() row := &models.SystemModules{ Mid: p.Mid, Name: p.Name, Code: p.Code, Path: strings.TrimSpace(p.Path), Icon: strings.TrimSpace(p.Icon), Description: strings.TrimSpace(p.Description), Type: p.Type, Sort: p.Sort, Status: p.Status, IsShow: p.IsShow, CreateTime: &now, UpdateTime: &now, } id, err := models.Orm.Insert(row) if err != nil { c.jsonErr(500, 500, "添加失败:"+err.Error()) return } c.Data["json"] = map[string]interface{}{"code": 200, "msg": "添加成功", "data": map[string]interface{}{"id": uint64(id)}} _ = c.ServeJSON() } // Edit PUT /platform/modules/:id func (c *PlatformModulesController) Edit() { if _, err := c.modulesClaims(); err != nil { c.jsonErr(401, 401, err.Error()) return } idStr := c.Ctx.Input.Param(":id") id, err := strconv.ParseUint(idStr, 10, 64) if err != nil || id == 0 { c.jsonErr(400, 400, "参数错误") return } raw, err := io.ReadAll(c.Ctx.Request.Body) if err != nil { c.jsonErr(400, 400, "参数错误") return } var p modulePayload if err := json.Unmarshal(raw, &p); err != nil { c.jsonErr(400, 400, "参数错误") return } p.Name = strings.TrimSpace(p.Name) p.Code = strings.TrimSpace(p.Code) if p.Name == "" || p.Code == "" { c.jsonErr(400, 400, "模块名称和编码不能为空") return } // code 唯一(排除自身与软删) cnt, _ := models.Orm.QueryTable(new(models.SystemModules)). Filter("code", p.Code). Filter("id__ne", id). Filter("delete_time__isnull", true). Count() if cnt > 0 { c.jsonErr(400, 400, "模块编码已存在") return } now := time.Now() up := map[string]interface{}{ "mid": p.Mid, "name": p.Name, "code": p.Code, "path": strings.TrimSpace(p.Path), "icon": strings.TrimSpace(p.Icon), "description": strings.TrimSpace(p.Description), "type": p.Type, "sort": p.Sort, "status": p.Status, "is_show": p.IsShow, "update_time": now, } n, err := models.Orm.QueryTable(new(models.SystemModules)). Filter("id", id). Filter("delete_time__isnull", true). Update(up) if err != nil { c.jsonErr(500, 500, "编辑失败:"+err.Error()) return } if n == 0 { c.jsonErr(404, 404, "模块不存在") return } c.Data["json"] = map[string]interface{}{"code": 200, "msg": "编辑成功"} _ = c.ServeJSON() } // Delete DELETE /platform/modules/:id(软删) func (c *PlatformModulesController) Delete() { if _, err := c.modulesClaims(); err != nil { c.jsonErr(401, 401, err.Error()) return } idStr := c.Ctx.Input.Param(":id") id, err := strconv.ParseUint(idStr, 10, 64) if err != nil || id == 0 { c.jsonErr(400, 400, "参数错误") return } now := time.Now() n, err := models.Orm.QueryTable(new(models.SystemModules)). Filter("id", id). Filter("delete_time__isnull", true). Update(map[string]interface{}{"delete_time": now, "update_time": now}) if err != nil { c.jsonErr(500, 500, "删除失败:"+err.Error()) return } if n == 0 { c.jsonErr(404, 404, "模块不存在") return } c.Data["json"] = map[string]interface{}{"code": 200, "msg": "删除成功"} _ = c.ServeJSON() } // BatchDelete POST /platform/modules/batchDelete body:{ids:[]} func (c *PlatformModulesController) BatchDelete() { if _, err := c.modulesClaims(); err != nil { c.jsonErr(401, 401, err.Error()) return } raw, err := io.ReadAll(c.Ctx.Request.Body) if err != nil { c.jsonErr(400, 400, "参数错误") return } var p struct { IDs []uint64 `json:"ids"` } if err := json.Unmarshal(raw, &p); err != nil || len(p.IDs) == 0 { c.jsonErr(400, 400, "请选择要删除的模块") return } now := time.Now() _, err = models.Orm.QueryTable(new(models.SystemModules)). Filter("id__in", p.IDs). Filter("delete_time__isnull", true). Update(map[string]interface{}{"delete_time": now, "update_time": now}) if err != nil { c.jsonErr(500, 500, "批量删除失败:"+err.Error()) return } c.Data["json"] = map[string]interface{}{"code": 200, "msg": "批量删除成功"} _ = c.ServeJSON() } // ChangeStatus POST /platform/modules/status body:{id,status} // 兼容前端:这里的 status 实际用于切换 is_show(显示开关)。 func (c *PlatformModulesController) ChangeStatus() { if _, err := c.modulesClaims(); err != nil { c.jsonErr(401, 401, err.Error()) return } raw, err := io.ReadAll(c.Ctx.Request.Body) if err != nil { c.jsonErr(400, 400, "参数错误") return } var p struct { ID uint64 `json:"id"` Status int8 `json:"status"` } if err := json.Unmarshal(raw, &p); err != nil || p.ID == 0 { c.jsonErr(400, 400, "参数错误") return } if p.Status != 0 && p.Status != 1 { p.Status = 1 } now := time.Now() n, err := models.Orm.QueryTable(new(models.SystemModules)). Filter("id", p.ID). Filter("delete_time__isnull", true). Update(map[string]interface{}{"is_show": p.Status, "update_time": now}) if err != nil { c.jsonErr(500, 500, "状态修改失败:"+err.Error()) return } if n == 0 { c.jsonErr(404, 404, "模块不存在") return } c.Data["json"] = map[string]interface{}{"code": 200, "msg": "success"} _ = c.ServeJSON() } // GetSelectList GET /platform/modules/select/list func (c *PlatformModulesController) GetSelectList() { if _, err := c.modulesClaims(); err != nil { c.jsonErr(401, 401, err.Error()) return } var rows []models.SystemModules _, err := models.Orm.QueryTable(new(models.SystemModules)). Filter("delete_time__isnull", true). Filter("status", 1). OrderBy("sort", "id"). All(&rows, "ID", "Name", "Code") if err != nil { c.jsonErr(500, 500, "获取失败:"+err.Error()) return } list := make([]map[string]interface{}, 0, len(rows)) for i := range rows { list = append(list, map[string]interface{}{ "id": rows[i].ID, "name": rows[i].Name, "code": rows[i].Code, }) } c.Data["json"] = map[string]interface{}{"code": 200, "msg": "success", "data": list} _ = c.ServeJSON() }