package controllers import ( "encoding/json" "fmt" "server/models" "strconv" "github.com/beego/beego/v2/core/logs" beego "github.com/beego/beego/v2/server/web" ) // PermissionController 权限管理控制器 type PermissionController struct { beego.Controller } // GetAllMenuPermissions 获取所有菜单权限列表(用于分配权限) // 根据当前登录用户的权限和选中角色的default值过滤菜单 // 如果提供了roleId参数,根据该角色的default值过滤菜单: // - role.default=1(平台用户角色):只能分配default=1或default=0的菜单 // - role.default=2(租户用户角色):只能分配default=2或default=0的菜单 func (c *PermissionController) GetAllMenuPermissions() { // 从JWT中获取用户ID和用户类型 userIdData := c.Ctx.Input.GetData("userId") userTypeData := c.Ctx.Input.GetData("userType") if userIdData == nil { c.Data["json"] = map[string]interface{}{ "success": false, "message": "未获取到用户信息", } c.ServeJSON() return } userId, ok := userIdData.(int) if !ok { c.Data["json"] = map[string]interface{}{ "success": false, "message": "用户ID格式错误", } c.ServeJSON() return } userType := "user" // 默认为平台用户 if userTypeData != nil { if ut, ok := userTypeData.(string); ok { userType = ut } } // 获取可选的roleId参数(用于根据角色的default值过滤菜单) var roleId int if roleIdParam, err := c.GetInt("roleId"); err == nil && roleIdParam > 0 { roleId = roleIdParam } // 根据用户类型、权限和角色default值获取菜单列表 menus, err := models.GetAllMenuPermissionsForUser(userId, userType, roleId) if err != nil { c.Data["json"] = map[string]interface{}{ "success": false, "message": "获取菜单列表失败", "error": err.Error(), } } else { c.Data["json"] = map[string]interface{}{ "success": true, "message": "获取菜单列表成功", "data": menus, } } c.ServeJSON() } // GetRolePermissions 获取指定角色的权限 func (c *PermissionController) GetRolePermissions() { roleId, err := c.GetInt(":roleId") if err != nil { c.Data["json"] = map[string]interface{}{ "success": false, "message": "角色ID参数错误", } c.ServeJSON() return } permissions, err := models.GetRolePermissions(roleId) if err != nil { c.Data["json"] = map[string]interface{}{ "success": false, "message": "获取角色权限失败", "error": err.Error(), } } else { c.Data["json"] = map[string]interface{}{ "success": true, "message": "获取角色权限成功", "data": permissions, } } c.ServeJSON() } // AssignRolePermissions 为角色分配权限 func (c *PermissionController) AssignRolePermissions() { roleId, err := c.GetInt(":roleId") if err != nil { c.Data["json"] = map[string]interface{}{ "success": false, "message": "角色ID参数错误", } c.ServeJSON() return } // 解析请求体 var requestData struct { MenuIds []int `json:"menu_ids"` } if err := json.Unmarshal(c.Ctx.Input.RequestBody, &requestData); err != nil { c.Data["json"] = map[string]interface{}{ "success": false, "message": "请求参数错误", "error": err.Error(), } c.ServeJSON() return } // 获取当前用户ID(从JWT中获取) userIdData := c.Ctx.Input.GetData("userId") var createBy string if userIdData != nil { userId, ok := userIdData.(int) if ok { createBy = strconv.Itoa(userId) } } // 记录日志(用于调试) logs.Info(fmt.Sprintf("开始为角色 %d 分配权限,共 %d 个菜单", roleId, len(requestData.MenuIds))) // 分配权限 err = models.AssignRolePermissions(roleId, requestData.MenuIds, createBy) if err != nil { logs.Error(fmt.Sprintf("分配权限失败: %v", err)) c.Data["json"] = map[string]interface{}{ "success": false, "message": "分配权限失败", "error": err.Error(), } } else { logs.Info(fmt.Sprintf("角色 %d 权限分配成功", roleId)) c.Data["json"] = map[string]interface{}{ "success": true, "message": "分配权限成功", } } c.ServeJSON() } // GetUserPermissions 获取当前登录用户的权限 func (c *PermissionController) GetUserPermissions() { // 从JWT中获取用户ID userIdData := c.Ctx.Input.GetData("userId") if userIdData == nil { c.Data["json"] = map[string]interface{}{ "success": false, "message": "未获取到用户信息", } c.ServeJSON() return } userId, ok := userIdData.(int) if !ok { c.Data["json"] = map[string]interface{}{ "success": false, "message": "用户ID格式错误", } c.ServeJSON() return } permissions, err := models.GetUserPermissions(userId) if err != nil { c.Data["json"] = map[string]interface{}{ "success": false, "message": "获取用户权限失败", "error": err.Error(), } } else { c.Data["json"] = map[string]interface{}{ "success": true, "message": "获取用户权限成功", "data": permissions, } } c.ServeJSON() } // GetUserMenuTree 获取当前用户有权限访问的菜单树 func (c *PermissionController) GetUserMenuTree() { // 从JWT中获取用户ID userIdData := c.Ctx.Input.GetData("userId") if userIdData == nil { c.Data["json"] = map[string]interface{}{ "success": false, "message": "未获取到用户信息", } c.ServeJSON() return } userId, ok := userIdData.(int) if !ok { c.Data["json"] = map[string]interface{}{ "success": false, "message": "用户ID格式错误", } c.ServeJSON() return } menuTree, err := models.GetUserMenuTree(userId) if err != nil { c.Data["json"] = map[string]interface{}{ "success": false, "message": "获取用户菜单失败", "error": err.Error(), } } else { c.Data["json"] = map[string]interface{}{ "success": true, "message": "获取用户菜单成功", "data": menuTree, } } c.ServeJSON() } // CheckPermission 检查用户是否拥有指定权限 func (c *PermissionController) CheckPermission() { // 从JWT中获取用户ID userIdData := c.Ctx.Input.GetData("userId") if userIdData == nil { c.Data["json"] = map[string]interface{}{ "success": false, "message": "未获取到用户信息", } c.ServeJSON() return } userId, ok := userIdData.(int) if !ok { c.Data["json"] = map[string]interface{}{ "success": false, "message": "用户ID格式错误", } c.ServeJSON() return } // 获取权限标识 permission := c.GetString("permission") if permission == "" { c.Data["json"] = map[string]interface{}{ "success": false, "message": "权限标识不能为空", } c.ServeJSON() return } hasPermission, err := models.CheckUserPermission(userId, permission) if err != nil { c.Data["json"] = map[string]interface{}{ "success": false, "message": "检查权限失败", "error": err.Error(), } } else { c.Data["json"] = map[string]interface{}{ "success": true, "message": "权限检查完成", "data": map[string]interface{}{ "has_permission": hasPermission, }, } } c.ServeJSON() }