diff --git a/api/app/lib/controllers/auth/index.js b/api/app/lib/controllers/auth/index.js index 9a12015..d36b90b 100644 --- a/api/app/lib/controllers/auth/index.js +++ b/api/app/lib/controllers/auth/index.js @@ -4,81 +4,127 @@ const MD5 = require('crypto-js/md5'); const moment = require('moment'); const uuid = require('uuid'); -async function login (ctx, next) { - // const transaction = await ctx.fs.dc.orm.transaction(); - try { - const models = ctx.fs.dc.models; - const params = ctx.request.body; - - let emisLoginRes = null - if (params.username && params.password) { - emisLoginRes = await ctx.app.fs.emisRequest.post('login', { - data: { ...params, code: 'HR' } - }) - } else if (params.token) { - emisLoginRes = await ctx.app.fs.emisRequest.get('user-info', { - query: { - token: params.token, code: 'HR' +async function getDataRange(ctx) { + //null为所有权限,不加条件过滤 + let userIds = null; + let departmentNames = null; + let userNames = null; + let dataRange = null; + const { adminHr, id, department, allDepartment } = ctx.fs.api.userInfo; + //人资管理-所有权限 + if (adminHr.filter(admin => admin.id == id).length) { + dataRange = 1; + } else { + const models = ctx.fs.dc.models; + //获取用户对应角色的最高数据范围 + let roleRes = await models.Role.findAll({ + include: [{ + model: models.UserRole, + where: { userId: id } + }] + }) + if (roleRes.some(r => r.dataRange && r.dataRange === 1)) { + dataRange = 1; + } else { + const departments = allDepartment.departments; + dataRange = 2; + userIds = []; + userNames = []; + if (department && departments) { + let userDeps = department.map(d => d.id); + departmentNames = department.map(d => d.name); + let deps = departments.filter(d => userDeps.indexOf(d.id) > -1) + if (deps && deps.length > 0) { + deps.map(d => d.users.map(u => { + if (userIds.indexOf(u.id) < 0) { + userIds.push(u.id); + userNames.push(u.name); + } + })); + } } - }) - } + } + } + return { dataRange, userIds, departmentNames, userNames }; +} + + +async function login(ctx, next) { + // const transaction = await ctx.fs.dc.orm.transaction(); + try { + const models = ctx.fs.dc.models; + const params = ctx.request.body; + + let emisLoginRes = null + if (params.username && params.password) { + emisLoginRes = await ctx.app.fs.emisRequest.post('login', { + data: { ...params, code: 'HR' } + }) + } else if (params.token) { + emisLoginRes = await ctx.app.fs.emisRequest.get('user-info', { + query: { + token: params.token, code: 'HR' + } + }) + } - if (!emisLoginRes) { - throw "无此用户,请使用正确的登录信息" - } else { + if (!emisLoginRes) { + throw "无此用户,请使用正确的登录信息" + } else { - emisLoginRes.authorized = true - emisLoginRes.expired = moment().add(1, 'day') - emisLoginRes.hrUserInfo = undefined + emisLoginRes.authorized = true + emisLoginRes.expired = moment().add(1, 'day') + emisLoginRes.hrUserInfo = undefined - await ctx.redis.hmset(emisLoginRes.token, { - expired: moment().add(1, 'day'), - userInfo: JSON.stringify(emisLoginRes) - }); + await ctx.redis.hmset(emisLoginRes.token, { + expired: moment().add(1, 'day'), + userInfo: JSON.stringify(emisLoginRes) + }); - ctx.status = 200; - ctx.body = emisLoginRes; - } - // await transaction.commit(); - } catch (error) { - // await transaction.rollback(); - ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`); - ctx.status = 400; - let message = typeof error == 'string' ? error - : error.response && error.response.body && error.response.body.message ? - error.response.body.message - : "登录失败" - if (message == '账号或密码错误') { - message = '无此用户,请使用正确的登录信息' - } + ctx.status = 200; + ctx.body = emisLoginRes; + } + // await transaction.commit(); + } catch (error) { + // await transaction.rollback(); + ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`); + ctx.status = 400; + let message = typeof error == 'string' ? error + : error.response && error.response.body && error.response.body.message ? + error.response.body.message + : "登录失败" + if (message == '账号或密码错误') { + message = '无此用户,请使用正确的登录信息' + } - ctx.body = { - message: message - } - } + ctx.body = { + message: message + } + } } -async function logout (ctx) { - try { - const models = ctx.fs.dc.models; - const params = ctx.request.body; +async function logout(ctx) { + try { + const models = ctx.fs.dc.models; + const params = ctx.request.body; - await ctx.app.fs.emisRequest.put('logout', { - data: params - }) - await ctx.redisTools.hdelall(token); + await ctx.app.fs.emisRequest.put('logout', { + data: params + }) + await ctx.redisTools.hdelall(token); - ctx.status = 204; - } catch (error) { - ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`); - ctx.status = 400; - ctx.body = { + ctx.status = 204; + } catch (error) { + ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`); + ctx.status = 400; + ctx.body = { - } - } + } + } } module.exports = { - login, - logout, + login, + logout, + getDataRange }; \ No newline at end of file diff --git a/api/app/lib/middlewares/authenticator.js b/api/app/lib/middlewares/authenticator.js index 90000bf..e9168c1 100644 --- a/api/app/lib/middlewares/authenticator.js +++ b/api/app/lib/middlewares/authenticator.js @@ -72,32 +72,16 @@ let authorizeToken = async function (ctx, token) { if (token && tokenFormatRegexp.test(token)) { try { const expired = await ctx.redis.hget(token, 'expired'); - - // const authorizeRes = await ctx.app.fs.emisRequest.get('authorize', { - // query: { token } - // }) - // const { userInfo, expired } = authorizeRes; - - // TODO 从项企 clickhouse 数据库中查 token 并更新 if (expired && moment().valueOf() <= moment(expired).valueOf()) { const userInfo = JSON.parse(await ctx.redis.hmget(token, 'userInfo')); - const { pomsUserInfo: pomsUser } = userInfo - - // const pomsUser = await ctx.app.fs.dc.models.User.findOne({ - // where: { - // pepUserId: userInfo.id - // } - // }) || {} - rslt = { 'authorized': userInfo.authorized, 'resources': (userInfo || {}).resources || [], }; - ctx.fs.api.userId = pomsUser.id; - ctx.fs.api.userInfo = pomsUser; + ctx.fs.api.userId = userInfo.id; + ctx.fs.api.userInfo = userInfo; ctx.fs.api.pepUserId = userInfo.id; - ctx.fs.api.pepUserInfo = userInfo; ctx.fs.api.token = token; } } catch (err) {