Browse Source

(*)用户数据范围值获取

master
zmh 1 year ago
parent
commit
9483be6454
  1. 172
      api/app/lib/controllers/auth/index.js
  2. 20
      api/app/lib/middlewares/authenticator.js

172
api/app/lib/controllers/auth/index.js

@ -4,81 +4,127 @@ const MD5 = require('crypto-js/md5');
const moment = require('moment');
const uuid = require('uuid');
async function login (ctx, next) {
// const transaction = await ctx.fs.dc.orm.transaction();
try {
const models = ctx.fs.dc.models;
const params = ctx.request.body;
let emisLoginRes = null
if (params.username && params.password) {
emisLoginRes = await ctx.app.fs.emisRequest.post('login', {
data: { ...params, code: 'HR' }
})
} else if (params.token) {
emisLoginRes = await ctx.app.fs.emisRequest.get('user-info', {
query: {
token: params.token, code: 'HR'
async function getDataRange(ctx) {
//null为所有权限,不加条件过滤
let userIds = null;
let departmentNames = null;
let userNames = null;
let dataRange = null;
const { adminHr, id, department, allDepartment } = ctx.fs.api.userInfo;
//人资管理-所有权限
if (adminHr.filter(admin => admin.id == id).length) {
dataRange = 1;
} else {
const models = ctx.fs.dc.models;
//获取用户对应角色的最高数据范围
let roleRes = await models.Role.findAll({
include: [{
model: models.UserRole,
where: { userId: id }
}]
})
if (roleRes.some(r => r.dataRange && r.dataRange === 1)) {
dataRange = 1;
} else {
const departments = allDepartment.departments;
dataRange = 2;
userIds = [];
userNames = [];
if (department && departments) {
let userDeps = department.map(d => d.id);
departmentNames = department.map(d => d.name);
let deps = departments.filter(d => userDeps.indexOf(d.id) > -1)
if (deps && deps.length > 0) {
deps.map(d => d.users.map(u => {
if (userIds.indexOf(u.id) < 0) {
userIds.push(u.id);
userNames.push(u.name);
}
}));
}
}
})
}
}
}
return { dataRange, userIds, departmentNames, userNames };
}
async function login(ctx, next) {
// const transaction = await ctx.fs.dc.orm.transaction();
try {
const models = ctx.fs.dc.models;
const params = ctx.request.body;
let emisLoginRes = null
if (params.username && params.password) {
emisLoginRes = await ctx.app.fs.emisRequest.post('login', {
data: { ...params, code: 'HR' }
})
} else if (params.token) {
emisLoginRes = await ctx.app.fs.emisRequest.get('user-info', {
query: {
token: params.token, code: 'HR'
}
})
}
if (!emisLoginRes) {
throw "无此用户,请使用正确的登录信息"
} else {
if (!emisLoginRes) {
throw "无此用户,请使用正确的登录信息"
} else {
emisLoginRes.authorized = true
emisLoginRes.expired = moment().add(1, 'day')
emisLoginRes.hrUserInfo = undefined
emisLoginRes.authorized = true
emisLoginRes.expired = moment().add(1, 'day')
emisLoginRes.hrUserInfo = undefined
await ctx.redis.hmset(emisLoginRes.token, {
expired: moment().add(1, 'day'),
userInfo: JSON.stringify(emisLoginRes)
});
await ctx.redis.hmset(emisLoginRes.token, {
expired: moment().add(1, 'day'),
userInfo: JSON.stringify(emisLoginRes)
});
ctx.status = 200;
ctx.body = emisLoginRes;
}
// await transaction.commit();
} catch (error) {
// await transaction.rollback();
ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`);
ctx.status = 400;
let message = typeof error == 'string' ? error
: error.response && error.response.body && error.response.body.message ?
error.response.body.message
: "登录失败"
if (message == '账号或密码错误') {
message = '无此用户,请使用正确的登录信息'
}
ctx.status = 200;
ctx.body = emisLoginRes;
}
// await transaction.commit();
} catch (error) {
// await transaction.rollback();
ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`);
ctx.status = 400;
let message = typeof error == 'string' ? error
: error.response && error.response.body && error.response.body.message ?
error.response.body.message
: "登录失败"
if (message == '账号或密码错误') {
message = '无此用户,请使用正确的登录信息'
}
ctx.body = {
message: message
}
}
ctx.body = {
message: message
}
}
}
async function logout (ctx) {
try {
const models = ctx.fs.dc.models;
const params = ctx.request.body;
async function logout(ctx) {
try {
const models = ctx.fs.dc.models;
const params = ctx.request.body;
await ctx.app.fs.emisRequest.put('logout', {
data: params
})
await ctx.redisTools.hdelall(token);
await ctx.app.fs.emisRequest.put('logout', {
data: params
})
await ctx.redisTools.hdelall(token);
ctx.status = 204;
} catch (error) {
ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`);
ctx.status = 400;
ctx.body = {
ctx.status = 204;
} catch (error) {
ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`);
ctx.status = 400;
ctx.body = {
}
}
}
}
}
module.exports = {
login,
logout,
login,
logout,
getDataRange
};

20
api/app/lib/middlewares/authenticator.js

@ -72,32 +72,16 @@ let authorizeToken = async function (ctx, token) {
if (token && tokenFormatRegexp.test(token)) {
try {
const expired = await ctx.redis.hget(token, 'expired');
// const authorizeRes = await ctx.app.fs.emisRequest.get('authorize', {
// query: { token }
// })
// const { userInfo, expired } = authorizeRes;
// TODO 从项企 clickhouse 数据库中查 token 并更新
if (expired && moment().valueOf() <= moment(expired).valueOf()) {
const userInfo = JSON.parse(await ctx.redis.hmget(token, 'userInfo'));
const { pomsUserInfo: pomsUser } = userInfo
// const pomsUser = await ctx.app.fs.dc.models.User.findOne({
// where: {
// pepUserId: userInfo.id
// }
// }) || {}
rslt = {
'authorized': userInfo.authorized,
'resources': (userInfo || {}).resources || [],
};
ctx.fs.api.userId = pomsUser.id;
ctx.fs.api.userInfo = pomsUser;
ctx.fs.api.userId = userInfo.id;
ctx.fs.api.userInfo = userInfo;
ctx.fs.api.pepUserId = userInfo.id;
ctx.fs.api.pepUserInfo = userInfo;
ctx.fs.api.token = token;
}
} catch (err) {

Loading…
Cancel
Save