修改

server/config/permissions.go

@@ -202,7 +202,6 @@ func ValidityAuth(roleId int64, method, path string, systemId int32) (err error)
 	//if err != nil {
 	//	return fmt.Errorf("权限解析时发生错误:%v，请联系管理员", err.Error())
 	//}
-
 	permissionList, err := GetRoleSystemPermissions(roleId, int64(systemId))
 	if err != nil {
 		return fmt.Errorf("获取角色权限错误:%v，请联系管理员", err.Error())

server/internal/admin/api/admin_role.go

@@ -65,6 +65,9 @@ func AdminRolePageOption(c *gin.Context) {
 	}
 	for systemId, items := range menuMap {
 		for _, item := range items {
+			if item.Meta.IsSuper {
+				continue
+			}
 			menu := &forms.TreeOption{
 				Key:      item.Id,
 				Label:    item.Meta.Title,
@@ -72,6 +75,9 @@ func AdminRolePageOption(c *gin.Context) {
 			}
 			if len(item.Children) > 0 {
 				for _, children := range item.Children {
+					if children.Meta.IsSuper {
+						continue
+					}
 					menu.Children = append(menu.Children, &forms.TreeOption{
 						Key:   children.Id,
 						Label: children.Meta.Title,

server/internal/admin/forms/admin_role.go

@@ -77,4 +77,5 @@ type MenuMeta struct {
 	Hidden     bool   `json:"hidden,omitempty"`
 	ActiveMenu string `json:"activeMenu,omitempty"`
 	IsRoot     bool   `json:"isRoot,omitempty"`
+	IsSuper    bool   `json:"isSuper,omitempty"`
 }

server/internal/admin/middleware/permission.go

@@ -46,7 +46,7 @@ func Permission() gin.HandlerFunc {
 			c.JSON(200, serializer.Err(consts.CodeNoPermission, "登陆失效", nil))
 			c.Abort()
 		}*/
-		c.Set("admin_role_id", int64(models.RoleID))
+
 		if models.UserName != "mojun" {
 			if err := config.ValidityAuth(int64(models.RoleID), c.Request.Method, c.Request.URL.Path, systemId); err != nil {
 				c.JSON(200, serializer.Err(consts.CodeNoPermission, err.Error(), err))

server/internal/admin/middleware/token.go

@@ -8,6 +8,8 @@ import (
 	"github.com/gin-gonic/gin"
 	jsoniter "github.com/json-iterator/go"
 	"github.com/sirupsen/logrus"
+	"strconv"
+	"time"
 )
 
 // 路由白名单
@@ -58,6 +60,26 @@ func Token() gin.HandlerFunc {
 			return
 		}
 
+		// 查询登录token是否有效
+		key := config.GetUserTokenKey(user.ID)
+		tokenCTStr := config.TokenRedis.HGet(key, t).Val()
+		tokenCreateTime, err := strconv.Atoi(tokenCTStr)
+		if err != nil {
+			logrus.Warningf("middleware config.LogRedis.HGet:%+v", err.Error())
+			c.JSON(200, serializer.CheckLogin())
+			c.Abort()
+			return
+		}
+		tokenCT := time.Unix(int64(tokenCreateTime), 0)
+
+		if tokenCT.Before(time.Now().Add(-config.TokenExpireTime)) {
+			c.JSON(200, serializer.CheckLogin())
+			c.Abort()
+			return
+		}
+		config.TokenRedis.HSet(key, t, time.Now().Unix())
+		config.TokenRedis.Expire(key, config.TokenExpireTime)
+
 		config.TokenRedis.Expire(tokenKey, config.TokenExpireTime)
 
 		//if os.Getenv("GIN_MODE") == "release" && claims.UserName == "mojun" {
@@ -67,6 +89,7 @@ func Token() gin.HandlerFunc {
 		//}
 
 		c.Set("user", user)
+		c.Set("admin_role_id", user.RoleId)
 		c.Next()
 		return
 	}

server/internal/admin/service/admin_menu.go

@@ -50,6 +50,7 @@ func handleMenus(menus []*model.AdminMenu) []*forms.Menu {
 				Hidden:     menu.Hidden == 1,
 				ActiveMenu: menu.ActiveMenu,
 				IsRoot:     menu.IsRoot == 1,
+				IsSuper:    menu.IsSuper == 1,
 			},
 			Name:     menu.Name,
 			Path:     menu.Path,
@@ -130,6 +131,9 @@ func (s *aMenu) GetRoleMenuList(systemId int32, roleId int64, token string) ([]*
 	tmpPages := make(map[int32]*forms.Menu)
 
 	for _, item := range lists {
+		if item.Meta.IsSuper {
+			continue
+		}
 		if character.InSlice(rolePages, item.Id) {
 			tmpPages[item.Id] = &forms.Menu{
 				Id:        item.Id,
@@ -143,6 +147,9 @@ func (s *aMenu) GetRoleMenuList(systemId int32, roleId int64, token string) ([]*
 		}
 		if len(item.Children) > 0 {
 			for _, children := range item.Children {
+				if children.Meta.IsSuper {
+					continue
+				}
 				if !character.InSlice(rolePages, children.Id) {
 					continue
 				}

server/internal/admin/service/admin_user.go

@@ -414,32 +414,36 @@ func (s *sUser) GetUserByUnionID(unionID string) (*model.AdminUser, error) {
 }
 
 func (s *sUser) GetUserRolePermission(c *gin.Context) (bool, error) {
-	res, ok := c.Get("user")
-	if !ok {
-		c.JSON(200, serializer.CheckLogin())
-		c.Abort()
-	}
-	user := res.(*token.UserClaims)
-	if user.RoleId == 1 { // 超管拥有权限
-		return true, nil
-	}
-	// 查询玩家是否拥有权限管理页面的入口
-	pageQ := query.Use(config.AdminDB).AdminMenu
-	pageIds := make([]int32, 0)
-	err := pageQ.WithContext(c).Where(pageQ.Path.Eq("/permission")).Pluck(pageQ.ID, &pageIds)
-	if err != nil {
-		logrus.WithField("from", "AdminMenu Pluck").Error(err)
-		return false, err
-	}
-	rmq := query.Use(config.AdminDB).AdminRoleMenu
-	count, err := rmq.WithContext(c).Where(rmq.RoleID.Eq(int32(user.RoleId)), rmq.PageID.In(pageIds...)).Count()
-	if err != nil {
-		logrus.WithField("from", "AdminRoleMenu Count").Error(err)
-		return false, err
-	}
-	if count > 0 {
-		return true, nil
-	} else {
-		return false, nil
-	}
+	// 只有超管拥有角色管理权限
+	roleId, _ := c.Get("admin_role_id")
+	return config.IsSuperRole(roleId.(int64)), nil
+
+	//res, ok := c.Get("user")
+	//if !ok {
+	//	c.JSON(200, serializer.CheckLogin())
+	//	c.Abort()
+	//}
+	//user := res.(*token.UserClaims)
+	//if user.RoleId == 1 { // 超管拥有权限
+	//	return true, nil
+	//}
+	//// 查询玩家是否拥有权限管理页面的入口
+	//pageQ := query.Use(config.AdminDB).AdminMenu
+	//pageIds := make([]int32, 0)
+	//err := pageQ.WithContext(c).Where(pageQ.Path.Eq("/permission")).Pluck(pageQ.ID, &pageIds)
+	//if err != nil {
+	//	logrus.WithField("from", "AdminMenu Pluck").Error(err)
+	//	return false, err
+	//}
+	//rmq := query.Use(config.AdminDB).AdminRoleMenu
+	//count, err := rmq.WithContext(c).Where(rmq.RoleID.Eq(int32(user.RoleId)), rmq.PageID.In(pageIds...)).Count()
+	//if err != nil {
+	//	logrus.WithField("from", "AdminRoleMenu Count").Error(err)
+	//	return false, err
+	//}
+	//if count > 0 {
+	//	return true, nil
+	//} else {
+	//	return false, nil
+	//}
 }

server/internal/admin/service/feishu.go

@@ -27,6 +27,7 @@ var FeiShu = new(feishuService)
 type feishuService struct{}
 
 func (s *feishuService) FeiShuUserLogin(c *gin.Context) serializer.Response {
+
 	q := query.Use(config.AdminDB).AdminUser
 
 	encodeToken := token.GetAuthorization(c)
@@ -66,16 +67,31 @@ func (s *feishuService) FeiShuUserLogin(c *gin.Context) serializer.Response {
 		if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
 			return serializer.Err(2, "", err)
 		}
+		if u.Status != 1 {
+			return serializer.ParamErr("账号已被禁用", nil)
+		}
+		user := &token.UserClaims{
+			ID:          u.ID,
+			UserName:    u.UserName,
+			RoleId:      int64(u.RoleID),
+			Avatar:      u.Avatar,
+			Nickname:    u.Nickname,
+			AccessToken: t,
+		}
+		userStr, _ = jsoniter.MarshalToString(user)
 
 		config.TokenRedis.HSet(key, t, time.Now().Unix())
 		config.TokenRedis.Expire(key, config.TokenExpireTime)
+
+		config.TokenRedis.Set(tokenKey, userStr, config.TokenExpireTime)
+
 		return serializer.Suc(forms.UserLoginRes{
 			ID:       u.ID,
 			UserName: u.UserName,
 			Nickname: u.Nickname,
 			Status:   u.Status,
 			Avatar:   u.Avatar,
-			Token:    t,
+			Token:    encodeToken,
 		})
 	}
 
@@ -112,6 +128,9 @@ func (s *feishuService) FeiShuUserLogin(c *gin.Context) serializer.Response {
 
 		return serializer.Err(9999, "注册成功，请联系管理员分配权限!", nil)
 	}
+	if u.Status != 1 {
+		return serializer.ParamErr("账号已被禁用", nil)
+	}
 	if u.RoleID == 0 {
 		return serializer.Err(9999, "请联系管理员分配权限!", nil)
 	}

web/src/views/entrance/index.vue

@@ -12,7 +12,7 @@
           <n-tooltip placement="bottom-end">
             <template #trigger>
               <n-icon size="25" style="font-weight: bold">
-                <Shield28Regular />
+                <SafetyCertificateOutlined />
               </n-icon>
             </template>
             <span>角色权限管理</span>
@@ -71,7 +71,7 @@
 
 <script lang="ts">
   import { UserOutlined } from '@vicons/antd';
-  import { PeopleSettings20Regular, Shield28Regular } from '@vicons/fluent';
+  import { PeopleSettings20Regular } from '@vicons/fluent';
   import { useUserStore } from '@/store/modules/user';
   import { useRouter } from 'vue-router';
   import { useDialog, useMessage } from 'naive-ui';
@@ -82,6 +82,7 @@
   import Role from '../permission/role/role.vue';
   import User from '../permission/user/user.vue';
   import { CheckRolePermission } from '@/api/system/role';
+  import { SafetyCertificateOutlined } from '@vicons/antd';
   interface server {
     id: number;
     name: string;
@@ -92,7 +93,7 @@
     components: {
       UserOutlined,
       PeopleSettings20Regular,
-      Shield28Regular,
+      SafetyCertificateOutlined,
       Role,
       User,
     },

web/src/views/permission/role/role.vue

@@ -158,6 +158,9 @@
 
   // 根据选中的checkbox生成active的tab panes
   const activeTabPanes = computed(() => {
+    if (!formParams.value.systems) {
+      formParams.value.systems = [];
+    }
     return systems.value.filter((tab) => formParams.value.systems.includes(tab.id));
   });
 
@@ -251,7 +254,6 @@
   function confirmForm(e: any) {
     formParams.value.permissions = permissions.value;
     formParams.value.pages = pages.value;
-    console.log('formParams.value:', formParams.value);
     e.preventDefault();
     formBtnLoading.value = true;
     formRef.value.validate((errors) => {
@@ -277,6 +279,8 @@
   function handleEdit(record: Recordable) {
     showModal.value = true;
     formParams.value = cloneDeep(record);
+    pages.value = record.pages;
+    permissions.value = record.permissions;
     activeTab.value = record.systems[0];
   }